Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Umleitung auf dubiose Sexseiten (https://www.trojaner-board.de/166802-umleitung-dubiose-sexseiten.html)

Betti05 09.05.2015 19:16
Umleitung auf dubiose Sexseiten
 
Hallo, ich hatte es jetzt bereits drei mal dass ich beim Anklicken von harmlosen Suchergebnissen (in dem Fall z.B das deutsche Sim-Forum) auf eine Sexseite geleitet werde.
Scans mit McAfee und Eset erbrachten nichts, alles sauber.
Was kann ich noch tun, ist ein Trojaner am Werk?
Vielen Dank schonmal für eure Hilfe!

schrauber 09.05.2015 19:32
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Betti05 10.05.2015 06:45
Hallo Schrauber, vielen Dank für deine Hilfe!
hier das FRST
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
Ran by sephiroth (administrator) on BEBISPC on 10-05-2015 07:41:15
Running from C:\Users\sephiroth\Downloads
Loaded Profiles: UpdatusUser & sephiroth (Available profiles: UpdatusUser & bebi-admin & sephiroth)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 12\PhotoshopElementsEditor.exe
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010800 2013-01-17] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [718248 2015-02-11] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-25] (Atheros Communications)
HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILQE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\Run: [Spotify Web Helper] => "C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe"
HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\Run: [Amazon Music] => C:\Users\sephiroth\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886784 2015-04-21] ()
HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1400224 2013-09-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\Run: [pdiface] => C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe [283608 2013-10-30] (Bitdefender)
HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [785416 2015-02-18] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\MountPoints2: {bb9730ed-58ce-11e3-be6b-806e6f6e6963} - "E:\Autorun.exe"
HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\MountPoints2: {c142f38a-e42b-11e4-be85-0c54a52bf2d6} - "F:\LaunchU3.exe" -a
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-02-20] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-02-20] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-03-13]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-02-07]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3549694130-846552002-615965096-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com
HKU\S-1-5-21-3549694130-846552002-615965096-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
HKU\S-1-5-21-3549694130-846552002-615965096-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/
HKU\S-1-5-21-3549694130-846552002-615965096-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3549694130-846552002-615965096-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3549694130-846552002-615965096-1003 -> DefaultScope {B85E17F6-0A94-44D1-8979-600100ACBBCB} URL = https://de.search.yahoo.com/search?fr=mcafee&type=A011DE0&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3549694130-846552002-615965096-1003 -> {B85E17F6-0A94-44D1-8979-600100ACBBCB} URL = https://de.search.yahoo.com/search?fr=mcafee&type=A011DE0&p={SearchTerms}
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2013-01-25] (Qualcomm Atheros Commnucations)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-3549694130-846552002-615965096-1003 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-03-03] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-03-03] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\sephiroth\AppData\Roaming\Mozilla\Firefox\Profiles\44lmlutz.default
FF SearchEngineOrder.1: Sichere Suche
FF SelectedSearchEngine: Sichere Suche
FF Keyword.URL: https://de.search.yahoo.com/search?fr=mcafee&type=B111DE0D20150415&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-03-03] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-01-23] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-03-03] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-04-30]
FF Extension: WOT - C:\Users\sephiroth\AppData\Roaming\Mozilla\Firefox\Profiles\44lmlutz.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-01-18]
FF Extension: boost project boost-Bar - C:\Users\sephiroth\AppData\Roaming\Mozilla\Firefox\Profiles\44lmlutz.default\Extensions\jid1-43E5o59FVrjLig@jetpack.xpi [2015-04-12]
FF Extension: NoScript - C:\Users\sephiroth\AppData\Roaming\Mozilla\Firefox\Profiles\44lmlutz.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-02-06]
FF Extension: Adblock Plus - C:\Users\sephiroth\AppData\Roaming\Mozilla\Firefox\Profiles\44lmlutz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-17]
FF Extension: BetterPrivacy - C:\Users\sephiroth\AppData\Roaming\Mozilla\Firefox\Profiles\44lmlutz.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-01-17]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-04-15]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-04-15]
FF HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-04-27]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-04-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 0044251431071771mcinstcleanup; C:\WINDOWS\TEMP\004425~1.EXE [883024 2015-04-06] (McAfee, Inc.)
R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-25] (Qualcomm Atheros Commnucations) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated)
S2 CLKMSVC10_96E434EB; C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\NavFilter\kmsvc.exe [241776 2013-02-04] (CyberLink)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [470056 2013-04-30] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-02-11] (McAfee, Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-06-17] (Acer Incorporate)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [154856 2015-04-17] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [752232 2015-03-03] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [334608 2013-04-09] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe [422632 2015-01-22] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-02-11] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-02-11] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [605472 2015-02-27] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-02-11] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-02-11] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-02-11] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-02-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [372144 2015-03-01] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [250672 2015-02-17] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-02-11] (McAfee, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-12] (Electronic Arts)
R2 pdserv; C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe [1445424 2013-11-11] (Bitdefender)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [175112 2015-02-18] (Sandboxie Holdings, LLC)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-25] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-02-17] (McAfee, Inc.)
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [76064 2015-02-28] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [401736 2015-02-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [337888 2015-02-17] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-02-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-02-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [482600 2015-01-16] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-01-16] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340448 2015-02-17] (McAfee, Inc.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [237064 2015-02-18] (Sandboxie Holdings, LLC)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2013-01-17] (Synaptics Incorporated)
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-10 07:41 - 2015-05-10 07:41 - 00022565 _____ () C:\Users\sephiroth\Downloads\FRST.txt
2015-05-10 07:41 - 2015-05-10 07:41 - 00000000 ____D () C:\FRST
2015-05-10 07:40 - 2015-05-10 07:40 - 02102784 _____ (Farbar) C:\Users\sephiroth\Downloads\FRST64.exe
2015-05-09 23:55 - 2015-05-09 23:55 - 00023995 _____ () C:\Users\sephiroth\Desktop\haarp mv.txt
2015-05-06 10:11 - 2015-05-06 10:11 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-06 09:13 - 2015-05-06 09:13 - 00011358 _____ () C:\Users\sephiroth\Documents\Mein Film.wlmp
2015-05-06 07:08 - 2015-05-06 07:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-05-06 07:08 - 2015-05-06 07:08 - 00000000 ____D () C:\WINDOWS\de
2015-05-06 07:08 - 2015-05-06 07:08 - 00000000 ____D () C:\Users\sephiroth\Tracing
2015-05-06 07:07 - 2015-05-06 07:09 - 00000000 ____D () C:\Users\sephiroth\AppData\Local\Windows Live
2015-05-06 07:07 - 2015-05-06 07:07 - 00002490 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-05-06 07:07 - 2015-05-06 07:07 - 00002273 _____ () C:\Users\sephiroth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-05-06 07:07 - 2015-05-06 07:07 - 00002225 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-05-06 07:07 - 2015-05-06 07:07 - 00002225 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-05-06 07:07 - 2015-05-06 07:07 - 00001462 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-05-06 07:07 - 2015-05-06 07:07 - 00001378 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-05-06 07:07 - 2015-05-06 07:07 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-05-06 07:07 - 2015-05-06 07:07 - 00000000 ___RD () C:\Users\sephiroth\OneDrive
2015-05-06 07:07 - 2015-05-06 07:07 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2015-05-06 07:07 - 2015-05-06 07:07 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2015-05-06 07:07 - 2015-05-06 07:07 - 00000000 ____D () C:\Program Files\Windows Live
2015-05-06 07:07 - 2015-05-06 07:07 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2015-05-06 07:07 - 2015-05-06 07:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-05-06 07:07 - 2015-05-06 07:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2015-05-06 07:07 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2015-05-06 07:07 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2015-05-06 07:07 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2015-05-06 07:07 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2015-05-06 07:07 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2015-05-06 07:07 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2015-05-06 07:07 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2015-05-06 07:07 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2015-05-06 07:07 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2015-05-06 07:07 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2015-05-06 07:05 - 2015-05-06 07:05 - 01245384 _____ (Microsoft Corporation) C:\Users\sephiroth\Downloads\wlsetup-web.exe
2015-05-04 20:25 - 2015-05-04 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\leawo
2015-05-04 20:21 - 2015-05-04 20:21 - 40457040 _____ (leawo Software Co., Ltd. ) C:\Users\sephiroth\Downloads\blurayplayer_setup.exe
2015-05-03 14:00 - 2015-05-03 14:00 - 06449226 _____ () C:\Users\sephiroth\Downloads\Cazy_c150d_af.sims3pack
2015-05-03 13:57 - 2015-05-03 13:57 - 06921541 _____ () C:\Users\sephiroth\Downloads\ARTEMIS-Sintiklia-Caramella-4t3.package
2015-04-26 10:00 - 2015-04-26 10:00 - 00181923 _____ () C:\Users\sephiroth\Downloads\NRaas_DebugEnabler_V54.zip
2015-04-26 09:46 - 2015-04-26 09:46 - 00003410 _____ () C:\Users\sephiroth\Downloads\ConsortModSimFixer1.zip
2015-04-24 11:20 - 2015-04-24 11:20 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-04-24 11:20 - 2015-04-24 11:20 - 00002051 _____ () C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-04-23 22:34 - 2015-04-23 22:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-22 20:38 - 2015-04-22 20:39 - 00201608 _____ () C:\Users\sephiroth\Downloads\S-Club [ts3-eyes] n3.sims3pack
2015-04-22 20:35 - 2015-04-22 20:35 - 05101592 _____ () C:\Users\sephiroth\Downloads\fu4sa_tattoo_koi.package
2015-04-22 20:27 - 2015-04-22 20:27 - 01478003 _____ () C:\Users\sephiroth\Downloads\1156129.zip
2015-04-22 20:25 - 2015-04-22 20:25 - 06343253 _____ () C:\Users\sephiroth\Downloads\Nightcrawler_AF_Hair_Timber.sims3pack
2015-04-22 20:21 - 2015-04-22 20:21 - 07012788 _____ () C:\Users\sephiroth\Downloads\ARTEMIS-Sintiklia-Britney-4t3.package
2015-04-22 20:20 - 2015-04-22 20:20 - 03136228 _____ () C:\Users\sephiroth\Downloads\skysims Hair 261.sims3pack
2015-04-22 20:18 - 2015-04-22 20:18 - 07373075 _____ () C:\Users\sephiroth\Downloads\Nightcrawler_AF_Hair_Milady.sims3pack
2015-04-22 11:05 - 2015-04-22 11:05 - 06129435 _____ () C:\Users\sephiroth\Downloads\Nightcrawler_AM_Hair06.sims3pack
2015-04-21 13:27 - 2015-04-25 10:50 - 00000000 ____D () C:\Users\sephiroth\Downloads\SimsContent
2015-04-21 09:53 - 2015-04-21 09:55 - 00471305 _____ () C:\Users\sephiroth\Downloads\1180234.zip
2015-04-20 19:01 - 2015-04-20 19:01 - 00001487 _____ () C:\Users\Public\Desktop\Die Sims 4 Erstelle einen Sim-Demo.lnk
2015-04-20 19:01 - 2015-04-20 19:01 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-16 13:53 - 2015-04-22 14:19 - 00000000 ____D () C:\Users\sephiroth\AppData\Roaming\Coronic
2015-04-16 09:54 - 2015-02-28 01:10 - 00076064 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\McPvDrv.sys
2015-04-16 09:54 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2015-04-15 12:55 - 2015-04-15 12:55 - 00000000 ___RD () C:\Sandbox
2015-04-15 10:30 - 2015-05-05 08:50 - 00001788 _____ () C:\WINDOWS\Sandboxie.ini
2015-04-15 10:30 - 2015-04-15 10:30 - 00000918 _____ () C:\Users\sephiroth\Desktop\Sandboxed Web Browser.lnk
2015-04-15 10:30 - 2015-04-15 10:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2015-04-15 10:30 - 2015-04-15 10:30 - 00000000 ____D () C:\Program Files\Sandboxie
2015-04-15 10:26 - 2015-04-15 10:26 - 06980616 _____ (Sandboxie Holdings, LLC) C:\Users\sephiroth\Downloads\SandboxieInstall.exe
2015-04-15 08:56 - 2015-03-17 09:00 - 06971712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-15 08:56 - 2015-03-17 08:52 - 01822696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-15 08:56 - 2015-03-17 06:45 - 01409496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-15 08:56 - 2015-03-10 07:28 - 02237952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-15 08:56 - 2015-03-10 07:28 - 01409024 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-15 08:56 - 2015-03-10 07:28 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-15 08:56 - 2015-03-10 07:27 - 19292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-15 08:56 - 2015-03-10 07:27 - 15409152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-15 08:56 - 2015-03-10 07:27 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-15 08:56 - 2015-03-10 07:27 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-15 08:56 - 2015-03-10 07:27 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-15 08:56 - 2015-03-10 07:27 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-15 08:56 - 2015-03-10 05:49 - 14373376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-15 08:56 - 2015-03-10 05:49 - 02864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-15 08:56 - 2015-03-10 05:49 - 01763328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-15 08:56 - 2015-03-10 05:49 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-15 08:56 - 2015-03-10 05:49 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-15 08:56 - 2015-03-10 05:49 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-15 08:56 - 2015-03-10 05:49 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-15 08:56 - 2015-03-10 05:49 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-15 08:56 - 2015-03-10 05:48 - 13767680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-15 08:56 - 2015-03-04 09:29 - 00361280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 08:56 - 2015-03-04 08:39 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 08:56 - 2015-03-04 06:52 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-15 08:56 - 2015-02-24 09:58 - 00861696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-15 07:57 - 2015-04-24 09:19 - 00000000 ____D () C:\Users\sephiroth\Downloads\Programme
2015-04-15 07:17 - 2015-04-15 07:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-04-15 07:08 - 2015-04-15 07:17 - 00001848 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk
2015-04-15 07:07 - 2015-05-10 07:11 - 00000000 __RSD () C:\Users\sephiroth\Documents\McAfee-Tresore
2015-04-15 07:07 - 2015-04-23 13:47 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-04-15 07:07 - 2015-04-15 07:08 - 00000000 ____D () C:\Program Files\McAfee
2015-04-15 07:07 - 2015-04-15 07:07 - 00000000 ____D () C:\Users\sephiroth\AppData\Local\McAfee File Lock
2015-04-15 07:07 - 2015-04-15 07:07 - 00000000 ____D () C:\Program Files\McAfee.com
2015-04-15 07:07 - 2015-04-15 07:07 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2015-04-15 07:05 - 2015-03-03 15:17 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-04-15 07:00 - 2015-02-17 14:36 - 00250672 _____ (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
2015-04-15 07:00 - 2015-02-17 14:34 - 00864072 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mfehidk.sys
2015-04-15 06:59 - 2015-04-16 09:54 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-04-15 06:58 - 2015-04-15 06:58 - 00297985 _____ () C:\ProgramData\1429073805.bdinstall.bin
2015-04-15 06:58 - 2015-04-15 06:58 - 00050051 _____ () C:\ProgramData\1429073876.bdinstall.bin
2015-04-15 06:57 - 2015-04-15 06:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 60-Second Virus Scanner
2015-04-15 06:52 - 2015-04-15 06:52 - 00462586 _____ () C:\ProgramData\1429073490.bdinstall.bin
2015-04-15 06:51 - 2015-04-15 06:51 - 00104388 _____ () C:\ProgramData\1429073462.bdinstall.bin
2015-04-13 21:11 - 2015-04-13 21:11 - 00000056 _____ () C:\WINDOWS\system32\bdsandbox.txt
2015-04-12 22:32 - 2015-04-12 22:32 - 00000000 ____D () C:\ProgramData\EA Core
2015-04-12 22:31 - 2015-04-20 19:01 - 00000000 ____D () C:\Users\sephiroth\Documents\Electronic Arts
2015-04-12 22:31 - 2015-04-12 22:31 - 00002228 _____ () C:\Users\Public\Desktop\Die Sims™ 3 Reiseabenteuer.lnk
2015-04-12 22:08 - 2015-04-29 16:41 - 00000000 ____D () C:\ProgramData\Origin
2015-04-12 22:08 - 2015-04-20 18:51 - 00000000 ____D () C:\Users\sephiroth\AppData\Roaming\Origin
2015-04-12 22:08 - 2015-04-20 18:51 - 00000000 ____D () C:\Users\sephiroth\AppData\Local\Origin
2015-04-12 22:08 - 2015-04-20 18:51 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-04-12 22:08 - 2015-04-12 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-04-12 22:08 - 2015-04-12 22:11 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-04-12 22:08 - 2015-04-12 22:08 - 00000983 _____ () C:\Users\Public\Desktop\Origin.lnk
2015-04-12 22:08 - 2015-04-12 22:08 - 00000552 _____ () C:\WINDOWS\KB893803v2.log
2015-04-12 22:02 - 2015-04-12 22:02 - 00002192 _____ () C:\Users\Public\Desktop\Die Sims™ 3 Showtime.lnk
2015-04-12 21:30 - 2015-04-20 19:01 - 00000000 ____D () C:\ProgramData\Electronic Arts
2015-04-12 21:30 - 2015-04-12 21:30 - 00000060 _____ () C:\WINDOWS\wininit.ini
2015-04-12 21:29 - 2015-05-06 07:07 - 00000398 _____ () C:\WINDOWS\DirectX.log
2015-04-12 21:29 - 2015-04-12 21:29 - 00002086 _____ () C:\Users\Public\Desktop\Die*Sims™*3.lnk
2015-04-12 21:29 - 2015-04-12 21:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft WSE
2015-04-12 21:29 - 2008-09-04 20:17 - 00447752 ____R (On2.com) C:\WINDOWS\SysWOW64\vp6vfw.dll
2015-04-12 21:29 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2015-04-12 21:29 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2015-04-12 21:08 - 2015-04-12 22:13 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-10 07:36 - 2015-01-30 12:30 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-10 07:22 - 2013-11-29 10:22 - 01530145 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-10 07:19 - 2015-01-28 11:06 - 00001456 _____ () C:\Users\sephiroth\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2015-05-10 07:16 - 2015-01-16 13:53 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3549694130-846552002-615965096-1003
2015-05-10 07:11 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-09 23:01 - 2015-01-22 13:01 - 00000935 _____ () C:\WINDOWS\Tasks\EPSON XP-610 Series Update {A54D32B5-2772-4970-831E-FECBD81EF020}.job
2015-05-09 23:01 - 2015-01-22 13:01 - 00000749 _____ () C:\WINDOWS\Tasks\EPSON XP-610 Series Invitation {A54D32B5-2772-4970-831E-FECBD81EF020}.job
2015-05-09 23:01 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-05-09 08:23 - 2015-01-16 14:22 - 00000000 ____D () C:\Users\sephiroth\AppData\Local\Adobe
2015-05-09 07:55 - 2013-11-29 19:15 - 00753134 _____ () C:\WINDOWS\system32\perfh007.dat
2015-05-09 07:55 - 2013-11-29 19:15 - 00155826 _____ () C:\WINDOWS\system32\perfc007.dat
2015-05-09 07:55 - 2012-07-26 09:28 - 01745416 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-08 19:23 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2015-05-06 10:11 - 2015-01-24 21:43 - 00000000 ____D () C:\Users\sephiroth\AppData\Roaming\vlc
2015-05-06 07:08 - 2015-01-16 13:33 - 00000000 ____D () C:\Users\sephiroth
2015-05-06 07:07 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-05-05 20:34 - 2015-01-16 13:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-05 20:34 - 2013-04-18 11:11 - 00148626 _____ () C:\WINDOWS\PFRO.log
2015-05-05 20:34 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-04 20:25 - 2015-04-09 18:50 - 00000000 ____D () C:\Users\sephiroth\.dvdcss
2015-05-04 20:25 - 2015-01-16 13:04 - 00001219 _____ () C:\Users\Public\Desktop\Leawo Blu-ray Player.lnk
2015-05-04 14:15 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-05-03 17:38 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-04-30 09:43 - 2015-02-26 18:24 - 00000000 ____D () C:\Users\sephiroth\AppData\Local\CrashDumps
2015-04-28 14:38 - 2015-02-24 23:59 - 00001110 _____ () C:\Users\sephiroth\Desktop\Amazon Music.lnk
2015-04-28 07:21 - 2015-01-16 13:33 - 00000000 ____D () C:\Users\sephiroth\AppData\Local\Packages
2015-04-24 11:20 - 2015-01-20 18:18 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-04-24 11:20 - 2015-01-16 13:40 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-24 11:20 - 2015-01-16 13:13 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-04-24 11:20 - 2015-01-16 13:07 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-24 08:41 - 2015-04-05 08:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2015-04-17 19:57 - 2012-07-26 09:21 - 00691194 _____ () C:\WINDOWS\setupact.log
2015-04-17 09:25 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-16 12:49 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-16 09:54 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\ELAMBKUP
2015-04-15 11:09 - 2015-03-13 11:55 - 00000000 ____D () C:\ProgramData\McAfee
2015-04-15 09:07 - 2015-01-16 13:25 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-15 09:06 - 2015-01-16 13:25 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-15 07:08 - 2012-07-26 07:26 - 00000124 _____ () C:\WINDOWS\win.ini
2015-04-15 06:58 - 2015-01-16 12:54 - 00000000 ____D () C:\ProgramData\Bitdefender
2015-04-15 06:58 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-15 06:57 - 2015-01-16 12:54 - 00000000 ____D () C:\Program Files\Bitdefender
2015-04-15 06:57 - 2015-01-16 12:49 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2015-04-15 06:55 - 2015-03-13 11:56 - 00362528 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-14 18:36 - 2015-01-30 12:30 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-14 00:07 - 2012-07-26 10:14 - 00791520 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-14 00:07 - 2012-07-26 10:14 - 00177632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-12 22:13 - 2013-04-18 12:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

==================== Files in the root of some directories =======

2015-01-28 11:06 - 2015-05-10 07:19 - 0001456 _____ () C:\Users\sephiroth\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2015-04-03 16:35 - 2015-04-03 16:35 - 0003584 _____ () C:\Users\sephiroth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-16 13:00 - 2015-01-16 13:00 - 0557804 _____ () C:\ProgramData\1421405679.bdinstall.bin
2015-04-15 06:51 - 2015-04-15 06:51 - 0104388 _____ () C:\ProgramData\1429073462.bdinstall.bin
2015-04-15 06:52 - 2015-04-15 06:52 - 0462586 _____ () C:\ProgramData\1429073490.bdinstall.bin
2015-04-15 06:58 - 2015-04-15 06:58 - 0297985 _____ () C:\ProgramData\1429073805.bdinstall.bin
2015-04-15 06:58 - 2015-04-15 06:58 - 0050051 _____ () C:\ProgramData\1429073876.bdinstall.bin
2013-11-29 10:58 - 2013-11-29 10:58 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\bebi-admin\AppData\Local\Temp\Quarantine.exe
C:\Users\bebi-admin\AppData\Local\Temp\readSTILog.dll
C:\Users\bebi-admin\AppData\Local\Temp\sqlite3.dll
C:\Users\sephiroth\AppData\Local\Temp\COMAP.EXE
C:\Users\sephiroth\AppData\Local\Temp\EAD12A0.exe
C:\Users\sephiroth\AppData\Local\Temp\EADD781.exe
C:\Users\sephiroth\AppData\Local\Temp\installerdll-1666344750.dll
C:\Users\sephiroth\AppData\Local\Temp\installerdll-1666350000.dll
C:\Users\sephiroth\AppData\Local\Temp\octEE2E.tmp.exe
C:\Users\sephiroth\AppData\Local\Temp\Quarantine.exe
C:\Users\sephiroth\AppData\Local\Temp\rootsupd.exe
C:\Users\sephiroth\AppData\Local\Temp\Setup.exe
C:\Users\sephiroth\AppData\Local\Temp\sqlite3.dll
C:\Users\sephiroth\AppData\Local\Temp\UninstallEADM.dll
C:\Users\sephiroth\AppData\Local\Temp\vcredist_x64.exe
C:\Users\sephiroth\AppData\Local\Temp\vcredist_x86.exe
C:\Users\sephiroth\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-06 15:31

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-05-2015
Ran by sephiroth at 2015-05-10 07:41:52
Running from C:\Users\sephiroth\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3549694130-846552002-615965096-500 - Administrator - Disabled)
bebi-admin (S-1-5-21-3549694130-846552002-615965096-1002 - Administrator - Enabled) => C:\Users\bebi-admin
Gast (S-1-5-21-3549694130-846552002-615965096-501 - Limited - Disabled)
sephiroth (S-1-5-21-3549694130-846552002-615965096-1003 - Administrator - Enabled) => C:\Users\sephiroth
UpdatusUser (S-1-5-21-3549694130-846552002-615965096-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3013 - Acer Incorporated)
Acer Games (HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf) (Version: 1.1.7.42206 - Pokki)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3005 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3004 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2022 - Acer Incorporated)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\Amazon Amazon Music) (Version: 3.9.3.797 - Amazon Services LLC)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bitdefender 60-Second Virus Scanner (HKLM\...\{CCEA2053-D975-4E38-AC09-4D5E6DAC6B6F}) (Version: 1.0.3.76 - Bitdefender)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
Die Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
Die Sims™ 4 Erstelle einen Sim-Demo (HKLM-x32\...\{6908ED99-F02B-4E99-A202-3FAC99C510ED}) (Version: 1.0.237.100 - Electronic Arts Inc.)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Elements 12 Organizer (x32 Version: 12.0 - Ihr Firmenname) Hidden
Epson Easy Photo Print 2 (HKLM-x32\...\{71E90740-5E5F-4D43-AB8F-CAC1D93DBB5B}) (Version: 2.5.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-610 Series Printer Uninstall (HKLM\...\EPSON XP-610 Series) (Version:  - SEIKO EPSON Corporation)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GOLDPATT V1.30 (HKLM-x32\...\{E0E4D444-6898-42D0-9A9C-F2B3790B2820}) (Version: 1.30.0000 - Jörg Schwanz Projekt golden-pattern)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Host App Service (HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\Pokki) (Version: 0.269.5.367 - Pokki)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3089 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Leawo Blu-ray Player version  1.8.8.0 (HKLM-x32\...\{CF7F52BF-DEE0-44CD-A7E1-AADD5CCECCDD}_is1) (Version: 1.8.8.0 - leawo Software)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 14.0.339 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.274 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
NVIDIA Grafiktreiber 311.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.30 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.39 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.28140 - Realtek Semiconductor Corp.)
Sandboxie 4.16 (64-bit) (HKLM\...\Sandboxie) (Version: 4.16 - Sandboxie Holdings, LLC)
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Software Updater (HKLM-x32\...\{E1BAD1BA-C0E8-4018-9281-E7D2C6B07474}) (Version: 4.3.6 - SEIKO EPSON CORPORATION)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.5 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WOW Slider (HKLM-x32\...\WOW Slider_is1) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3549694130-846552002-615965096-1003_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\sephiroth\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3549694130-846552002-615965096-1003_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\sephiroth\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3549694130-846552002-615965096-1003_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\sephiroth\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3549694130-846552002-615965096-1003_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\sephiroth\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3549694130-846552002-615965096-1003_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\sephiroth\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

24-04-2015 11:19:16 McAfee  Vulnerability Scanner
04-05-2015 12:46:37 Geplanter Prüfpunkt
06-05-2015 07:07:00 Windows Live Essentials

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0242D6EA-EA92-4C22-97E4-709AE43C60D4} - System32\Tasks\Dolby Selector => C:\Dolby PCEE4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {3E4F9312-9C7F-43E7-B11F-B8BE878AC8B6} - System32\Tasks\EPSON XP-610 Series Update {A54D32B5-2772-4970-831E-FECBD81EF020} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {4A8CBBA5-46BE-4CD8-AA98-C124D669F4BB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
Task: {69004257-16AA-4B40-ABCC-DE5296D93BF2} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {75C9A623-69EA-4A39-B105-67D37DB96281} - System32\Tasks\AdobeAAMUpdater-1.0-bebispc-sephiroth => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {8F2B5D50-FC49-4F37-99F2-E4CA803398A2} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {ABC84A0F-359B-4900-BAC0-A6E6C3C08CEE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {BD887E96-55F4-4F2D-AA3E-CBAF92492AB5} - System32\Tasks\EPSON XP-610 Series Invitation {A54D32B5-2772-4970-831E-FECBD81EF020} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {BE9137BD-F160-4683-A479-20516A91A838} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-01-23] (Acer Incorporated)
Task: {D16B063E-6B69-4369-BC40-2FD5AA69CA6A} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-06-17] (Acer Incorporate)
Task: {E0016269-49ED-4B59-9C2E-237CEE23361A} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {FC5E2EAA-149A-445B-AFEE-F582A75F1A73} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Invitation {A54D32B5-2772-4970-831E-FECBD81EF020}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Update {A54D32B5-2772-4970-831E-FECBD81EF020}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE:/EXE:{A54D32B5-2772-4970-831E-FECBD81EF020} /F:UpdateWORKGROUP\BEBISPC$
Searches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Loaded Modules (whitelisted) ==============

2013-01-25 01:09 - 2013-01-25 01:09 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-25 01:05 - 2013-01-25 01:05 - 00084992 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-01-25 01:12 - 2013-01-25 01:12 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-11-29 10:50 - 2013-01-23 09:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-09-03 06:19 - 2013-09-03 06:19 - 01582568 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 12\libfftw3-3.dll
2013-09-03 06:19 - 2013-09-03 06:19 - 01534216 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 12\libfftw3f-3.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\bebi-admin\Downloads\Firefox Setup Stub 35.0.exe:BDU
AlternateDataStreams: C:\Users\bebi-admin\Downloads\mbam-setup-2.0.4.1028.exe:BDU
AlternateDataStreams: C:\Users\bebi-admin\Downloads\vlc-2.1.5-win32.exe:BDU
AlternateDataStreams: C:\Users\sephiroth\Downloads\epson377464eu.exe:BDU
AlternateDataStreams: C:\Users\sephiroth\Downloads\epson379560eu.exe:BDU
AlternateDataStreams: C:\Users\sephiroth\Downloads\epson379671eu.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3549694130-846552002-615965096-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\sephiroth\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Bdagent"
HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\StartupApproved\Run: => "Bitdefender-Geldbörse-Agent"
HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\StartupApproved\Run: => "Pokki"
HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\StartupApproved\Run: => "CAHeadless"
HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\StartupApproved\Run: => "pdiface"
HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\StartupApproved\Run: => "SandboxieControl"

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7CCA9B0D-53A9-4466-A45C-AEAC97EBFBCA}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{C448AD7A-4408-457A-8032-7206CE94AE3C}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{7DA8A1D5-94A4-4BF0-9A11-07CFB414DB9A}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{A1BB9B59-879B-4EEE-98CE-F9F8216228A2}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{0C734922-2F5C-415D-9E1F-3E3423CA2EBF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{04F29660-4613-456B-B3F0-5A4732C186F7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{9636C431-1CBE-4427-B9F1-6D80040BD530}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{83B56B15-DE7E-4E80-A7EE-789D9DCDEBF8}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{9422DAB6-0692-4D5D-9FCE-28C155A68F74}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{C494BE99-384C-41AD-8E80-81C016762D7C}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{23D241DF-C9BA-49A6-84F6-47A6472D8C16}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{B617AB0A-1E03-4AB7-8131-4470C803EA05}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{84473C5C-02EC-4FD0-8F94-B44334348049}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{346123E9-3BE3-4599-B6E6-BA51E29DD636}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{6C778DC2-86E2-4080-98F1-E5B54C1A6DAA}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{446EFD01-5A4E-4C02-B58E-307FD6C64DE3}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe
FirewallRules: [{98A2DACE-B05D-476D-8C4A-51A3A26FFC0E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\PlayMovie.exe
FirewallRules: [{51A4ACB9-E4ED-40A6-8A6F-D37793388BA8}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{8D119F86-3EFC-4CAB-B82F-ACEE343C5A6D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{AAB31E5E-34B4-4F25-B233-A09E5EFAB7B4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{358D0982-D9C4-485A-8329-CFB71D2BE8A0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{3396864B-F3EE-4873-AF6D-74E0205F83DD}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{4BF83CE8-F2C2-4007-B640-0AF7CBFD8DB0}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{15BEEE06-917E-4CF0-86A6-BEDA2B849AE2}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{FDFBBDBA-767A-47DC-B5D1-B8D90375775B}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{F3EE67CC-B707-4BA0-ADA7-6D7FADEC8B47}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{C0249DE3-C92F-41F9-97CF-FF8CCAD0DC8D}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{8E64A390-A375-4BEF-A754-7AC4AF0A66CF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{37FD520F-7294-41B4-9DD7-513974E4FB83}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B7037AD4-788D-49E6-BD71-DD9C31AFB83A}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{2E1DF438-85C7-491F-B611-61148A55519B}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{0D0DB660-62A7-463C-8704-0CDA07A1A861}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4 Create A Sim Demo\Game\Bin\TS4CAS.exe
FirewallRules: [{BF8D60BD-8256-4F5F-A4F7-FE8AD6C2F6FD}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4 Create A Sim Demo\Game\Bin\TS4CAS.exe
FirewallRules: [{9D80A892-7F5E-415E-B07A-FF30872B4F2E}] => (Allow) C:\Users\sephiroth\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{52897E34-CE42-4200-91F6-33FBFA127927}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6676BCDB-2CD1-42BC-98D2-8E9234B59CA4}] => (Allow) LPort=2869
FirewallRules: [{4B603595-171E-4F2F-BEED-C90A17F030D2}] => (Allow) LPort=1900
FirewallRules: [{0A36AF9A-583E-41CD-B929-5CC31FB9993E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

==================== Faulty Device Manager Devices =============

Name: Bluetooth USB Module
Description: Bluetooth USB Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/09/2015 07:27:51 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/08/2015 10:08:04 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/06/2015 10:11:49 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (05/06/2015 10:11:47 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (05/06/2015 10:11:44 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (05/06/2015 10:11:42 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (05/06/2015 06:45:05 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/04/2015 11:42:22 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/01/2015 07:34:21 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (04/30/2015 09:43:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 37.0.2.5583, Zeitstempel: 0x552ef76c
Name des fehlerhaften Moduls: mozalloc.dll, Version: 37.0.2.5583, Zeitstempel: 0x552ee9ae
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0x3ec
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5


System errors:
=============
Error: (05/05/2015 08:34:08 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎05.‎05.‎2015 um 20:04:56 unerwartet heruntergefahren.

Error: (05/01/2015 03:51:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Secunia PSI Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/24/2015 11:02:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CCDMonitorService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/24/2015 09:19:52 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/16/2015 09:54:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Proxy Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (04/16/2015 09:54:10 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Proxy Service erreicht.

Error: (04/16/2015 09:54:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Personal Firewall Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (04/16/2015 09:54:10 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Personal Firewall Service erreicht.

Error: (04/16/2015 09:53:29 AM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: 1053mcpltsvcNicht verfügbar{20966775-18A4-4299-B8E3-772C336B52A7}

Error: (04/16/2015 09:53:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Platform Services" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053


Microsoft Office Sessions:
=========================
Error: (05/09/2015 07:27:51 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/08/2015 10:08:04 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/06/2015 10:11:49 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\sephiroth\Downloads\Programme\esetsmartinstaller_deu.exe

Error: (05/06/2015 10:11:47 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\sephiroth\Downloads\Programme\esetsmartinstaller_deu.exe

Error: (05/06/2015 10:11:44 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\sephiroth\Downloads\Programme\esetsmartinstaller_deu.exe

Error: (05/06/2015 10:11:42 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\sephiroth\Downloads\Programme\esetsmartinstaller_deu.exe

Error: (05/06/2015 06:45:05 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/04/2015 11:42:22 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/01/2015 07:34:21 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (04/30/2015 09:43:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.2.5583552ef76cmozalloc.dll37.0.2.5583552ee9ae8000000300001aa13ec01d0831875a15fd5C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll9f63b28f-ef0c-11e4-be85-0c54a52bf2d6


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4702MQ CPU @ 2.20GHz
Percentage of memory in use: 15%
Total physical RAM: 16264.27 MB
Available physical RAM: 13666.96 MB
Total Pagefile: 18568.27 MB
Available Pagefile: 15685.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:220.22 GB) (Free:124.31 GB) NTFS
Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:771.71 GB) NTFS
Drive e: (Sims3EP06) (CDROM) (Total:5.22 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 69C3CD7C)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 69C3CD56)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 10.05.2015 19:33
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Betti05 12.05.2015 05:41
Hallo Schrauber, nachdem ich Combofix über den Link gefownloaded hatte bekam ich folgende meldung von Mc Afee:
Isolierte Bedrohung: Artemis! Trojaner.d F 17994791B6F AG+GkoV 0. exe.part
Der Combofix download ist fehlgeschlagen.
Soll ich die Datei aus der Quarantäne wiederherstellen oder was soll ich tun?
Vielen Dank!

schrauber 12.05.2015 17:36
Genau, oder neu laden. Und bitte das dumme McAfee abschalten :)

Betti05 19.05.2015 15:26
Hallo Schrauber. sorry wegen der längeren Wartezeit.
hier das combofix:
Code:
ComboFix 15-05-13.01 - sephiroth 19.05.2015  16:18:06.1.8 - x64
Microsoft Windows 8  6.2.9200.0.1252.49.1031.18.16264.14061 [GMT 2:00]
ausgeführt von:: c:\users\sephiroth\Downloads\ComboFix.exe
AV: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
SP: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1421405679.bdinstall.bin
c:\programdata\1429073462.bdinstall.bin
c:\programdata\1429073490.bdinstall.bin
c:\programdata\1429073805.bdinstall.bin
c:\programdata\1429073876.bdinstall.bin
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2015-04-19 bis 2015-05-19  ))))))))))))))))))))))))))))))
.
.
2015-05-17 13:51 . 2015-05-17 13:51        --------        d-----w-        c:\users\sephiroth\AppData\Roaming\Windows Live Writer
2015-05-17 13:51 . 2015-05-17 13:51        --------        d-----w-        c:\users\sephiroth\AppData\Local\Windows Live Writer
2015-05-15 17:18 . 2015-05-15 17:18        --------        d-----w-        c:\users\sephiroth\PicStream
2015-05-13 21:26 . 2015-03-27 08:08        76064        ----a-w-        c:\windows\system32\drivers\McPvDrv.sys
2015-05-13 21:26 . 2013-09-23 11:49        197704        ----a-w-        c:\windows\system32\drivers\HipShieldK.sys
2015-05-13 03:58 . 2015-04-30 13:07        124112        ----a-w-        c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 03:58 . 2015-04-30 13:07        102608        ----a-w-        c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 03:42 . 2015-02-18 07:39        148480        ----a-w-        c:\windows\system32\poqexec.exe
2015-05-13 03:42 . 2015-02-18 07:38        144896        ----a-w-        c:\windows\system32\tssdisai.dll
2015-05-13 03:42 . 2015-05-02 06:28        100184        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2015-05-13 03:42 . 2015-05-02 03:59        318976        ----a-w-        c:\windows\SysWow64\schannel.dll
2015-05-13 03:42 . 2015-05-02 03:36        413696        ----a-w-        c:\windows\system32\schannel.dll
2015-05-13 03:42 . 2015-04-13 22:09        570248        ----a-w-        c:\windows\system32\drivers\cng.sys
2015-05-12 06:59 . 2015-05-12 06:59        --------        d-----w-        c:\program files (x86)\SimPE
2015-05-10 15:59 . 2015-05-10 16:41        --------        d-----w-        c:\program files (x86)\EA GAMES
2015-05-10 11:34 . 2015-05-10 11:34        --------        d-----w-        c:\users\sephiroth\AppData\Roaming\dvdcss
2015-05-10 05:41 . 2015-05-10 05:42        --------        d-----w-        C:\FRST
2015-05-06 05:08 . 2015-05-06 05:08        --------        d-----w-        c:\users\sephiroth\Tracing
2015-05-06 05:08 . 2015-05-06 05:08        --------        d-----w-        c:\windows\de
2015-05-06 05:05 . 2015-05-06 05:05        --------        d-----w-        c:\program files (x86)\Common Files\Windows Live
2015-05-05 18:34 . 2015-05-05 18:34        --------        d-----w-        c:\windows\ServiceProfiles\LocalService\winhttp
2015-04-21 10:51 . 2015-05-03 10:35        --------        d-----w-        c:\users\sephiroth\AppData\Local\Diagnostics
2015-04-20 17:01 . 2015-04-20 17:01        --------        d--h--w-        c:\program files (x86)\Common Files\EAInstaller
2015-04-20 17:01 . 2015-04-20 17:01        --------        d-----w-        c:\programdata\Package Cache
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-13 13:16 . 2015-01-16 11:25        140425016        ----a-w-        c:\windows\system32\MRT.exe
2015-05-05 17:49 . 2012-07-26 08:14        792032        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-05-05 17:49 . 2012-07-26 08:14        177632        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-16 06:39 . 2015-01-16 10:46        17536        ----a-w-        c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2015-03-19 11:51 . 2015-01-17 11:40        269992        ----a-w-        c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10248.bin
2015-03-17 07:00 . 2015-04-15 06:56        6971712        ----a-w-        c:\windows\system32\ntoskrnl.exe
2015-03-17 06:52 . 2015-04-15 06:56        1822696        ----a-w-        c:\windows\system32\ntdll.dll
2015-03-17 04:45 . 2015-04-15 06:56        1409496        ----a-w-        c:\windows\SysWow64\ntdll.dll
2015-03-14 01:02 . 2015-04-15 05:05        12002392        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{895F04BB-DC5F-43BC-8DA9-0D1D017851BF}\mpengine.dll
2015-03-06 07:39 . 2015-03-11 15:12        588800        ----a-w-        c:\windows\system32\SHCore.dll
2015-03-06 05:48 . 2015-03-11 15:12        452608        ----a-w-        c:\windows\SysWow64\SHCore.dll
2015-03-04 07:29 . 2015-04-15 06:56        361280        ----a-w-        c:\windows\system32\drivers\clfs.sys
2015-03-04 07:26 . 2015-03-25 11:35        596480        ----a-w-        c:\windows\system32\AutoUpdate.exe
2015-03-04 07:26 . 2015-03-25 11:35        467952        ----a-w-        c:\windows\system32\NotificationUI.exe
2015-03-04 06:41 . 2015-03-25 11:35        695808        ----a-w-        c:\windows\system32\WSShared.dll
2015-03-04 06:41 . 2015-03-25 11:35        163840        ----a-w-        c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-04 06:39 . 2015-04-15 06:56        74752        ----a-w-        c:\windows\system32\clfsw32.dll
2015-03-04 04:53 . 2015-03-25 11:35        568832        ----a-w-        c:\windows\SysWow64\WSShared.dll
2015-03-04 04:53 . 2015-03-25 11:35        124928        ----a-w-        c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-04 04:52 . 2015-04-15 06:56        57856        ----a-w-        c:\windows\SysWow64\clfsw32.dll
2015-03-03 13:17 . 2015-04-15 05:05        295552        ------w-        c:\windows\system32\MpSigStub.exe
2015-02-24 15:48 . 2015-01-20 14:21        74000        ----a-w-        c:\windows\system32\bdsandboxuiskin32.dll
2015-02-24 07:58 . 2015-04-15 06:56        861696        ----a-w-        c:\windows\system32\drivers\http.sys
2015-02-23 10:52 . 2015-03-11 15:12        51712        ----a-w-        c:\windows\system32\ie4uinit.exe
2015-02-23 10:51 . 2015-03-11 15:12        915968        ----a-w-        c:\windows\system32\uxtheme.dll
2015-02-23 10:51 . 2015-03-11 15:12        53760        ----a-w-        c:\windows\system32\UXInit.dll
2015-02-23 10:51 . 2015-03-11 15:12        197120        ----a-w-        c:\windows\system32\msrating.dll
2015-02-23 10:50 . 2015-03-11 15:12        53760        ----a-w-        c:\windows\system32\jsproxy.dll
2015-02-23 10:50 . 2015-03-11 15:12        67072        ----a-w-        c:\windows\system32\iesetup.dll
2015-02-23 10:50 . 2015-03-11 15:12        39936        ----a-w-        c:\windows\system32\iernonce.dll
2015-02-23 10:50 . 2015-03-11 15:12        136704        ----a-w-        c:\windows\system32\iesysprep.dll
2015-02-23 10:50 . 2015-03-11 15:12        451584        ----a-w-        c:\windows\system32\dxtmsft.dll
2015-02-23 09:17 . 2015-03-11 15:12        2706432        ----a-w-        c:\windows\system32\mshtml.tlb
2015-02-23 09:15 . 2015-03-11 15:12        84480        ----a-w-        c:\windows\system32\INETRES.dll
2015-02-21 05:31 . 2015-03-11 15:12        44032        ----a-w-        c:\windows\SysWow64\UXInit.dll
2015-02-21 05:30 . 2015-03-11 15:12        61440        ----a-w-        c:\windows\SysWow64\iesetup.dll
2015-02-21 05:30 . 2015-03-11 15:12        109056        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2015-02-21 05:09 . 2015-03-11 15:12        2706432        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2015-02-21 05:07 . 2015-03-11 15:12        84480        ----a-w-        c:\windows\SysWow64\INETRES.dll
2015-02-21 03:00 . 2015-03-11 15:12        534528        ----a-w-        c:\windows\SysWow64\uxtheme.dll
2015-02-20 13:59 . 2015-03-11 15:12        46080        ----a-w-        c:\windows\system32\atmlib.dll
2015-02-20 11:56 . 2015-03-11 15:12        366592        ----a-w-        c:\windows\system32\atmfd.dll
2015-02-20 08:10 . 2015-03-11 15:12        35328        ----a-w-        c:\windows\SysWow64\atmlib.dll
2015-02-20 07:24 . 2015-03-11 15:12        304128        ----a-w-        c:\windows\SysWow64\atmfd.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-05-06 05:07        223432        ----a-w-        c:\users\sephiroth\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-05-06 05:07        223432        ----a-w-        c:\users\sephiroth\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-05-06 05:07        223432        ----a-w-        c:\users\sephiroth\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATILQE.EXE" [2013-01-24 297024]
"Amazon Music"="c:\users\sephiroth\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2015-04-20 5886784]
"CAHeadless"="c:\program files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2013-09-03 1400224]
"pdiface"="c:\program files\Bitdefender\60-Second Virus Scanner\pdiface.exe" [2013-10-30 283608]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2015-02-18 785416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcpltui_exe"="c:\program files\Common Files\McAfee\Platform\mcuicnt.exe" [2015-04-02 719272]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2014-11-28 591576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R0 mfeelamk;McAfee Inc. mfeelamk;c:\windows\system32\drivers\mfeelamk.sys;c:\windows\SYSNATIVE\drivers\mfeelamk.sys [x]
R2 CLKMSVC10_96E434EB;CyberLink Product - 2013/11/29 10:08;c:\program files (x86)\Acer\clear.fi SDK21\Movie\NavFilter\kmsvc.exe;c:\program files (x86)\Acer\clear.fi SDK21\Movie\NavFilter\kmsvc.exe [x]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 BthLEEnum;Treiber für energiearme Bluetooth-Geräte;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
R3 DeviceFastLaneService;Device Fast-lane Service;c:\program files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe;c:\program files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\COMMON~1\mcafee\actwiz\mcawfwk.exe;c:\progra~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R4 McOobeSv2;McAfee OOBE Service2;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 mfedisk;McAfee AAC Disk Filter Driver;c:\windows\system32\DRIVERS\mfedisk.sys;c:\windows\SYSNATIVE\DRIVERS\mfedisk.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\drivers\PxHlpa64.sys [x]
S2 AdobeActiveFileMonitor12.0;Adobe Active File Monitor V12;c:\program files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 CCDMonitorService;CCDMonitorService;c:\program files (x86)\Acer\Acer Cloud\CCDMonitorService.exe;c:\program files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 LMSvc;Launch Manager Service;c:\program files\Acer\Acer Launch Manager\LMSvc.exe;c:\program files\Acer\Acer Launch Manager\LMSvc.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 mccspsvc;McAfee CSP Service;c:\program files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe;c:\program files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys;c:\windows\SYSNATIVE\drivers\McPvDrv.sys [x]
S2 mfemms;McAfee Service Controller;c:\program files\Common Files\McAfee\SystemCore\\mfemms.exe;c:\program files\Common Files\McAfee\SystemCore\\mfemms.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 pdserv;Bitdefender 60-Second Virus Scanner Service;c:\program files\Bitdefender\60-Second Virus Scanner\pdscan.exe \svc;c:\program files\Bitdefender\60-Second Virus Scanner\pdscan.exe \svc [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 ePowerSvc;ePower Service;c:\program files\Acer\Acer Power Management\ePowerSvc.exe;c:\program files\Acer\Acer Power Management\ePowerSvc.exe [x]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
S3 k57nd60a;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 LMDriver;Launch Manager Wireless Driver;c:\windows\System32\drivers\LMDriver.sys;c:\windows\SYSNATIVE\drivers\LMDriver.sys [x]
S3 mfeaack;McAfee Inc. mfeaack;c:\windows\system32\drivers\mfeaack.sys;c:\windows\SYSNATIVE\drivers\mfeaack.sys [x]
S3 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
S3 RadioShim;Shim for HID-KMDF Interface layer;c:\windows\System32\drivers\RadioShim.sys;c:\windows\SYSNATIVE\drivers\RadioShim.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2015-03-16 23:34        285344        ----a-w-        c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Inhalt des "geplante Tasks" Ordners
.
2015-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-17 07:46]
.
2015-05-19 c:\windows\Tasks\EPSON XP-610 Series Invitation {A54D32B5-2772-4970-831E-FECBD81EF020}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-22 00:20]
.
2015-05-19 c:\windows\Tasks\EPSON XP-610 Series Update {A54D32B5-2772-4970-831E-FECBD81EF020}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-22 00:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-05-06 05:07        262344        ----a-w-        c:\users\sephiroth\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-05-06 05:07        262344        ----a-w-        c:\users\sephiroth\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-05-06 05:07        262344        ----a-w-        c:\users\sephiroth\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-29 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-29 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-29 441840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-03-18 13427784]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-03-08 1278024]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-06-03 472984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\sephiroth\AppData\Roaming\Mozilla\Firefox\Profiles\44lmlutz.default\
FF - prefs.js: browser.search.selectedEngine - Sichere Suche
FF - prefs.js: keyword.URL - hxxps://de.search.yahoo.com/search?fr=mcafee&type=C111DE0D20150415&p=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Pokki - %LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe
Wow6432Node-HKCU-Run-Spotify Web Helper - c:\program files (x86)\Spotify\Data\SpotifyWebHelper.exe
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-InstallerLauncher - c:\program files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Zeit der Fertigstellung: 2015-05-19  16:22:22
ComboFix-quarantined-files.txt  2015-05-19 14:22
.
Vor Suchlauf: 9 Verzeichnis(se), 121.111.732.224 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 121.868.492.800 Bytes frei
.
- - End Of File - - 7BCECB4B9AB8DEB9DDCDF4ACC8C91934
5FB38429D5D77768867C76DCBDB35194

schrauber 20.05.2015 06:44
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Betti05 21.05.2015 08:53
Hallo Schrauber, es wurde nichts gefunden, nur durch ADW dieses blöde pokki, das wird anscheinend bei jedem Neuaufsetzen oder auch so wieder mitinstalliert.
hier das FRST:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05-2015
Ran by sephiroth at 2015-05-21 09:46:48
Running from C:\Users\sephiroth\Downloads\Programme
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3549694130-846552002-615965096-500 - Administrator - Disabled)
bebi-admin (S-1-5-21-3549694130-846552002-615965096-1002 - Administrator - Enabled) => C:\Users\bebi-admin
Gast (S-1-5-21-3549694130-846552002-615965096-501 - Limited - Disabled)
sephiroth (S-1-5-21-3549694130-846552002-615965096-1003 - Administrator - Enabled) => C:\Users\sephiroth
UpdatusUser (S-1-5-21-3549694130-846552002-615965096-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3013 - Acer Incorporated)
Acer Games (HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf) (Version: 1.1.7.42206 - Pokki)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3005 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3004 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2022 - Acer Incorporated)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\Amazon Amazon Music) (Version: 3.9.3.797 - Amazon Services LLC)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bitdefender 60-Second Virus Scanner (HKLM\...\{CCEA2053-D975-4E38-AC09-4D5E6DAC6B6F}) (Version: 1.0.3.76 - Bitdefender)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Die Sims™ 2 (HKLM-x32\...\{2C82E097-694E-44ea-A947-2750679469CF}) (Version:  - Electronic Arts)
Die Sims™ 2 Vier Jahreszeiten (HKLM-x32\...\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}) (Version:  - )
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
Die Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
Die Sims™ 4 Erstelle einen Sim-Demo (HKLM-x32\...\{6908ED99-F02B-4E99-A202-3FAC99C510ED}) (Version: 1.0.237.100 - Electronic Arts Inc.)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Elements 12 Organizer (x32 Version: 12.0 - Ihr Firmenname) Hidden
Epson Easy Photo Print 2 (HKLM-x32\...\{71E90740-5E5F-4D43-AB8F-CAC1D93DBB5B}) (Version: 2.5.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-610 Series Printer Uninstall (HKLM\...\EPSON XP-610 Series) (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GOLDPATT V1.30 (HKLM-x32\...\{E0E4D444-6898-42D0-9A9C-F2B3790B2820}) (Version: 1.30.0000 - Jörg Schwanz Projekt golden-pattern)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3089 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Leawo Blu-ray Player version  1.8.8.0 (HKLM-x32\...\{CF7F52BF-DEE0-44CD-A7E1-AADD5CCECCDD}_is1) (Version: 1.8.8.0 - leawo Software)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 14.0.1029 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.274 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
NVIDIA Grafiktreiber 311.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.30 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.39 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.28140 - Realtek Semiconductor Corp.)
Sandboxie 4.16 (64-bit) (HKLM\...\Sandboxie) (Version: 4.16 - Sandboxie Holdings, LLC)
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SimPE 0.68 (alpha) (HKLM-x32\...\SimPE_is1) (Version:  - )
Software Updater (HKLM-x32\...\{E1BAD1BA-C0E8-4018-9281-E7D2C6B07474}) (Version: 4.3.6 - SEIKO EPSON CORPORATION)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.5 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WOW Slider (HKLM-x32\...\WOW Slider_is1) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3549694130-846552002-615965096-1003_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\sephiroth\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3549694130-846552002-615965096-1003_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\sephiroth\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3549694130-846552002-615965096-1003_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\sephiroth\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3549694130-846552002-615965096-1003_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\sephiroth\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3549694130-846552002-615965096-1003_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\sephiroth\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

04-05-2015 12:46:37 Geplanter Prüfpunkt
06-05-2015 07:07:00 Windows Live Essentials
13-05-2015 05:56:27 Windows Update
19-05-2015 16:17:14 ComboFix created restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2015-05-19 16:21 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0242D6EA-EA92-4C22-97E4-709AE43C60D4} - System32\Tasks\Dolby Selector => C:\Dolby PCEE4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {3E4F9312-9C7F-43E7-B11F-B8BE878AC8B6} - System32\Tasks\EPSON XP-610 Series Update {A54D32B5-2772-4970-831E-FECBD81EF020} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {46F7D631-BD8D-4F2B-8F52-D3B14EEA7EFA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-13] (Microsoft Corporation)
Task: {69004257-16AA-4B40-ABCC-DE5296D93BF2} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-16] (Adobe Systems Incorporated)
Task: {75C9A623-69EA-4A39-B105-67D37DB96281} - System32\Tasks\AdobeAAMUpdater-1.0-bebispc-sephiroth => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {8F2B5D50-FC49-4F37-99F2-E4CA803398A2} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {ABC84A0F-359B-4900-BAC0-A6E6C3C08CEE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {BD887E96-55F4-4F2D-AA3E-CBAF92492AB5} - System32\Tasks\EPSON XP-610 Series Invitation {A54D32B5-2772-4970-831E-FECBD81EF020} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {BE9137BD-F160-4683-A479-20516A91A838} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-01-23] (Acer Incorporated)
Task: {D16B063E-6B69-4369-BC40-2FD5AA69CA6A} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-06-17] (Acer Incorporate)
Task: {E0016269-49ED-4B59-9C2E-237CEE23361A} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {FC5E2EAA-149A-445B-AFEE-F582A75F1A73} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Invitation {A54D32B5-2772-4970-831E-FECBD81EF020}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Update {A54D32B5-2772-4970-831E-FECBD81EF020}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE:/EXE:{A54D32B5-2772-4970-831E-FECBD81EF020} /F:UpdateWORKGROUP\BEBISPC$
Searches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Loaded Modules (Whitelisted) ==============

2013-11-29 10:50 - 2013-01-23 09:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\bebi-admin\Downloads\Firefox Setup Stub 35.0.exe:BDU
AlternateDataStreams: C:\Users\bebi-admin\Downloads\mbam-setup-2.0.4.1028.exe:BDU
AlternateDataStreams: C:\Users\bebi-admin\Downloads\vlc-2.1.5-win32.exe:BDU
AlternateDataStreams: C:\Users\sephiroth\Downloads\epson377464eu.exe:BDU
AlternateDataStreams: C:\Users\sephiroth\Downloads\epson379560eu.exe:BDU
AlternateDataStreams: C:\Users\sephiroth\Downloads\epson379671eu.exe:BDU

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3549694130-846552002-615965096-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\sephiroth\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Bdagent"
HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\StartupApproved\Run: => "Bitdefender-Geldbörse-Agent"
HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\StartupApproved\Run: => "Pokki"
HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\StartupApproved\Run: => "CAHeadless"
HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\StartupApproved\Run: => "pdiface"
HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\StartupApproved\Run: => "SandboxieControl"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7CCA9B0D-53A9-4466-A45C-AEAC97EBFBCA}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{C448AD7A-4408-457A-8032-7206CE94AE3C}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{7DA8A1D5-94A4-4BF0-9A11-07CFB414DB9A}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{A1BB9B59-879B-4EEE-98CE-F9F8216228A2}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{0C734922-2F5C-415D-9E1F-3E3423CA2EBF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{04F29660-4613-456B-B3F0-5A4732C186F7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{9636C431-1CBE-4427-B9F1-6D80040BD530}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{83B56B15-DE7E-4E80-A7EE-789D9DCDEBF8}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{9422DAB6-0692-4D5D-9FCE-28C155A68F74}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{C494BE99-384C-41AD-8E80-81C016762D7C}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{23D241DF-C9BA-49A6-84F6-47A6472D8C16}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{B617AB0A-1E03-4AB7-8131-4470C803EA05}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{84473C5C-02EC-4FD0-8F94-B44334348049}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{346123E9-3BE3-4599-B6E6-BA51E29DD636}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{6C778DC2-86E2-4080-98F1-E5B54C1A6DAA}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{446EFD01-5A4E-4C02-B58E-307FD6C64DE3}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe
FirewallRules: [{98A2DACE-B05D-476D-8C4A-51A3A26FFC0E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\PlayMovie.exe
FirewallRules: [{51A4ACB9-E4ED-40A6-8A6F-D37793388BA8}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{8D119F86-3EFC-4CAB-B82F-ACEE343C5A6D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{AAB31E5E-34B4-4F25-B233-A09E5EFAB7B4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{358D0982-D9C4-485A-8329-CFB71D2BE8A0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{3396864B-F3EE-4873-AF6D-74E0205F83DD}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{4BF83CE8-F2C2-4007-B640-0AF7CBFD8DB0}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{15BEEE06-917E-4CF0-86A6-BEDA2B849AE2}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{FDFBBDBA-767A-47DC-B5D1-B8D90375775B}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{F3EE67CC-B707-4BA0-ADA7-6D7FADEC8B47}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{C0249DE3-C92F-41F9-97CF-FF8CCAD0DC8D}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{8E64A390-A375-4BEF-A754-7AC4AF0A66CF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{37FD520F-7294-41B4-9DD7-513974E4FB83}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B7037AD4-788D-49E6-BD71-DD9C31AFB83A}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{2E1DF438-85C7-491F-B611-61148A55519B}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{0D0DB660-62A7-463C-8704-0CDA07A1A861}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4 Create A Sim Demo\Game\Bin\TS4CAS.exe
FirewallRules: [{BF8D60BD-8256-4F5F-A4F7-FE8AD6C2F6FD}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4 Create A Sim Demo\Game\Bin\TS4CAS.exe
FirewallRules: [{9D80A892-7F5E-415E-B07A-FF30872B4F2E}] => (Allow) C:\Users\sephiroth\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{52897E34-CE42-4200-91F6-33FBFA127927}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6676BCDB-2CD1-42BC-98D2-8E9234B59CA4}] => (Allow) LPort=2869
FirewallRules: [{4B603595-171E-4F2F-BEED-C90A17F030D2}] => (Allow) LPort=1900
FirewallRules: [{0A36AF9A-583E-41CD-B929-5CC31FB9993E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

==================== Faulty Device Manager Devices =============

Name: Bluetooth USB Module
Description: Bluetooth USB Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/20/2015 09:58:27 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_8933a5c2860b01bf.manifest.

Error: (05/20/2015 06:20:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_8933a5c2860b01bf.manifest.

Error: (05/20/2015 06:15:22 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_8933a5c2860b01bf.manifest.

Error: (05/20/2015 05:29:36 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_8933a5c2860b01bf.manifest.

Error: (05/20/2015 05:28:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_8933a5c2860b01bf.manifest.

Error: (05/20/2015 06:46:00 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_8933a5c2860b01bf.manifest.

Error: (05/20/2015 06:45:58 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_8933a5c2860b01bf.manifest.

Error: (05/20/2015 06:07:40 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/19/2015 04:13:05 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (05/19/2015 01:20:31 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:


System errors:
=============
Error: (05/21/2015 09:33:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/21/2015 09:33:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Bitdefender 60-Second Virus Scanner Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/21/2015 09:33:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/21/2015 09:33:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/21/2015 09:33:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Nero Update" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/21/2015 09:33:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/21/2015 09:33:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Active File Monitor V12" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/21/2015 09:33:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ePower Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/21/2015 09:33:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/21/2015 09:33:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Secunia PSI Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (05/20/2015 09:58:27 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_8933a5c2860b01bf.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (05/20/2015 06:20:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_8933a5c2860b01bf.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (05/20/2015 06:15:22 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_8933a5c2860b01bf.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (05/20/2015 05:29:36 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_8933a5c2860b01bf.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (05/20/2015 05:28:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_8933a5c2860b01bf.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (05/20/2015 06:46:00 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_8933a5c2860b01bf.manifestC:\Users\sephiroth\Downloads\Programme\esetsmartinstaller_deu.exe

Error: (05/20/2015 06:45:58 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_41866eeb718ed8b9.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.17321_none_8933a5c2860b01bf.manifestC:\Users\sephiroth\Downloads\Programme\esetsmartinstaller_deu.exe

Error: (05/20/2015 06:07:40 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/19/2015 04:13:05 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (05/19/2015 01:20:31 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:


CodeIntegrity Errors:
===================================
  Date: 2015-05-19 16:20:46.242
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4702MQ CPU @ 2.20GHz
Percentage of memory in use: 12%
Total physical RAM: 16264.27 MB
Available physical RAM: 14153.33 MB
Total Pagefile: 18568.27 MB
Available Pagefile: 16410.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:220.22 GB) (Free:114.69 GB) NTFS
Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:771.01 GB) NTFS
Drive e: (Sims3EP06) (CDROM) (Total:5.22 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 69C3CD7C)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 69C3CD56)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by sephiroth (administrator) on BEBISPC on 21-05-2015 09:46:14
Running from C:\Users\sephiroth\Downloads\Programme
Loaded Profiles: UpdatusUser & sephiroth (Available profiles: UpdatusUser & bebi-admin & sephiroth)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010800 2013-01-17] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [719272 2015-04-02] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILQE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\Run: [Amazon Music] => C:\Users\sephiroth\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886784 2015-04-21] ()
HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1400224 2013-09-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\Run: [pdiface] => C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe [283608 2013-10-30] (Bitdefender)
HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [785416 2015-02-18] (Sandboxie Holdings, LLC)
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [245872 2013-02-20] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-02-20] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-03-13]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-02-07]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3549694130-846552002-615965096-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3549694130-846552002-615965096-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3549694130-846552002-615965096-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
HKU\S-1-5-21-3549694130-846552002-615965096-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3549694130-846552002-615965096-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3549694130-846552002-615965096-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3549694130-846552002-615965096-1003 -> {B85E17F6-0A94-44D1-8979-600100ACBBCB} URL = https://de.search.yahoo.com/search?fr=mcafee&type=A011DE0&p={SearchTerms}
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2013-01-25] (Qualcomm Atheros Commnucations)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-3549694130-846552002-615965096-1003 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-04-07] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-04-07] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\sephiroth\AppData\Roaming\Mozilla\Firefox\Profiles\44lmlutz.default
FF SearchEngineOrder.1: Sichere Suche
FF SelectedSearchEngine: Sichere Suche
FF Keyword.URL: https://de.search.yahoo.com/search?fr=mcafee&type=C111DE0D20150415&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-16] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-16] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-01-23] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-05-15]
FF Extension: WOT - C:\Users\sephiroth\AppData\Roaming\Mozilla\Firefox\Profiles\44lmlutz.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-01-18]
FF Extension: boost project boost-Bar - C:\Users\sephiroth\AppData\Roaming\Mozilla\Firefox\Profiles\44lmlutz.default\Extensions\jid1-43E5o59FVrjLig@jetpack.xpi [2015-04-12]
FF Extension: NoScript - C:\Users\sephiroth\AppData\Roaming\Mozilla\Firefox\Profiles\44lmlutz.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-02-06]
FF Extension: Adblock Plus - C:\Users\sephiroth\AppData\Roaming\Mozilla\Firefox\Profiles\44lmlutz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-17]
FF Extension: BetterPrivacy - C:\Users\sephiroth\AppData\Roaming\Mozilla\Firefox\Profiles\44lmlutz.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-01-17]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-04-15]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-04-15]
FF HKU\S-1-5-21-3549694130-846552002-615965096-1003\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-05-13]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-05-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-25] (Qualcomm Atheros Commnucations) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated)
S2 CLKMSVC10_96E434EB; C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\NavFilter\kmsvc.exe [241776 2013-02-04] (CyberLink)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [470056 2013-04-30] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-06-17] (Acer Incorporate)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155368 2015-04-29] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [753768 2015-04-07] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [334608 2013-04-09] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe [207344 2015-04-08] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [612688 2015-04-09] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-02-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [372144 2015-03-01] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [250672 2015-02-17] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-12] (Electronic Arts)
R2 pdserv; C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe [1445424 2013-11-11] (Bitdefender)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [175112 2015-02-18] (Sandboxie Holdings, LLC)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-25] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-02-17] (McAfee, Inc.)
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [76064 2015-03-27] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [401736 2015-02-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [337888 2015-02-17] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-02-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-02-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [482600 2015-01-16] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-01-16] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340448 2015-02-17] (McAfee, Inc.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [237064 2015-02-18] (Sandboxie Holdings, LLC)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2013-01-17] (Synaptics Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-21 09:44 - 2015-05-21 09:44 - 00001193 _____ () C:\Users\sephiroth\Desktop\mb.txt
2015-05-21 09:38 - 2015-05-21 09:38 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-21 09:37 - 2015-05-21 09:37 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-21 09:37 - 2015-05-21 09:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-21 09:37 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-05-21 09:37 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-21 09:37 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-21 09:29 - 2015-05-21 09:33 - 00000000 ____D () C:\AdwCleaner
2015-05-20 22:07 - 2015-05-20 22:07 - 02720149 _____ (Thisisu) C:\Users\sephiroth\Downloads\JRT.exe
2015-05-20 22:06 - 2015-05-20 22:06 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\sephiroth\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-20 06:46 - 2015-05-20 06:46 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-19 16:22 - 2015-05-19 16:22 - 00025400 _____ () C:\ComboFix.txt
2015-05-19 16:17 - 2015-05-19 16:22 - 00000000 ____D () C:\Qoobox
2015-05-19 16:17 - 2015-05-19 16:21 - 00000000 ____D () C:\WINDOWS\erdnt
2015-05-19 16:17 - 2011-06-26 08:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2015-05-19 16:17 - 2010-11-07 19:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2015-05-19 16:17 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-05-19 16:17 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-05-19 16:17 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-05-19 16:17 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-05-19 16:17 - 2000-08-31 02:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2015-05-19 16:17 - 2000-08-31 02:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2015-05-19 16:17 - 2000-08-31 02:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2015-05-17 20:07 - 2015-05-17 20:08 - 02512702 _____ () C:\Users\sephiroth\Downloads\1254537.zip
2015-05-17 15:51 - 2015-05-17 15:51 - 00000000 ____D () C:\Users\sephiroth\AppData\Roaming\Windows Live Writer
2015-05-17 15:51 - 2015-05-17 15:51 - 00000000 ____D () C:\Users\sephiroth\AppData\Local\Windows Live Writer
2015-05-16 22:04 - 2015-05-17 00:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-15 19:18 - 2015-05-15 19:18 - 00000000 ____D () C:\Users\sephiroth\PicStream
2015-05-13 23:26 - 2015-03-27 10:08 - 00076064 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\McPvDrv.sys
2015-05-13 23:26 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2015-05-13 05:58 - 2015-04-30 15:07 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 05:58 - 2015-04-30 15:07 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 05:43 - 2015-04-21 16:33 - 14374400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-13 05:43 - 2015-04-21 16:33 - 13771776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-13 05:43 - 2015-04-21 16:33 - 02864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-13 05:43 - 2015-04-21 16:33 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-13 05:43 - 2015-04-21 16:33 - 01763328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-13 05:43 - 2015-04-21 16:33 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-13 05:43 - 2015-04-21 16:33 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-13 05:43 - 2015-04-21 16:33 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-13 05:43 - 2015-04-21 16:33 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-13 05:43 - 2015-04-21 16:33 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-13 05:43 - 2015-04-21 16:33 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-05-13 05:43 - 2015-04-21 16:33 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-13 05:43 - 2015-04-21 16:33 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-13 05:43 - 2015-04-21 16:33 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-13 05:43 - 2015-04-21 16:32 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-13 05:43 - 2015-04-21 15:53 - 02237440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-13 05:43 - 2015-04-21 15:53 - 01409536 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-13 05:43 - 2015-04-21 15:53 - 00601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-13 05:43 - 2015-04-21 15:52 - 19291136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-13 05:43 - 2015-04-21 15:52 - 15414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-13 05:43 - 2015-04-21 15:52 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-13 05:43 - 2015-04-21 15:52 - 02656768 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-13 05:43 - 2015-04-21 15:52 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-13 05:43 - 2015-04-21 15:52 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-13 05:43 - 2015-04-21 15:52 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-13 05:43 - 2015-04-21 15:52 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-13 05:43 - 2015-04-21 15:52 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-13 05:43 - 2015-04-21 15:52 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-13 05:43 - 2015-04-21 15:52 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-13 05:43 - 2015-04-18 04:37 - 00361984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-13 05:43 - 2015-04-18 04:34 - 00441856 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-13 05:43 - 2015-04-13 07:32 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-13 05:43 - 2015-04-13 07:30 - 01839616 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-13 05:43 - 2015-04-13 07:30 - 01280512 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-13 05:43 - 2015-04-13 06:05 - 01416192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-13 05:43 - 2015-04-13 05:25 - 04063744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-13 05:42 - 2015-05-02 08:28 - 00100184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2015-05-13 05:42 - 2015-05-02 05:59 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-13 05:42 - 2015-05-02 05:36 - 00413696 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-13 05:42 - 2015-04-14 00:09 - 00570248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-13 05:42 - 2015-02-18 09:39 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2015-05-13 05:42 - 2015-02-18 09:38 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssdisai.dll
2015-05-12 20:08 - 2015-05-12 20:08 - 00000470 _____ () C:\Users\sephiroth\Desktop\japanisch.txt
2015-05-12 16:58 - 2015-05-12 16:58 - 00001246 _____ () C:\Users\sephiroth\Desktop\gez.txt
2015-05-12 08:59 - 2015-05-12 08:59 - 00000909 _____ () C:\Users\sephiroth\Desktop\SimPE.lnk
2015-05-12 08:59 - 2015-05-12 08:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimPE
2015-05-12 08:59 - 2015-05-12 08:59 - 00000000 ____D () C:\Program Files (x86)\SimPE
2015-05-12 08:25 - 2015-05-12 08:25 - 07814657 _____ ( ) C:\Users\sephiroth\Downloads\SimPE-Setup-0.68.exe
2015-05-10 18:44 - 2015-05-10 18:44 - 00002312 _____ () C:\Users\Public\Desktop\Die Sims™ 2 Vier Jahreszeiten.lnk
2015-05-10 18:44 - 2015-05-10 18:44 - 00000000 ____D () C:\Users\Public\Documents\EA Games
2015-05-10 18:20 - 2015-05-12 09:08 - 00000000 ____D () C:\Users\sephiroth\Documents\EA Games
2015-05-10 18:20 - 2015-05-10 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2015-05-10 18:20 - 2015-05-10 18:20 - 00002258 _____ () C:\Users\Public\Desktop\Die Sims™ 2.lnk
2015-05-10 17:59 - 2015-05-10 18:41 - 00000000 ____D () C:\Program Files (x86)\EA GAMES
2015-05-10 13:34 - 2015-05-10 13:34 - 00000000 ____D () C:\Users\sephiroth\AppData\Roaming\dvdcss
2015-05-10 11:39 - 2015-05-10 11:40 - 00000000 ____D () C:\Users\sephiroth\Downloads\VorlageAntik
2015-05-10 11:37 - 2015-05-14 22:51 - 00000000 ____D () C:\Users\sephiroth\Downloads\referenzen_male
2015-05-10 07:41 - 2015-05-21 09:46 - 00000000 ____D () C:\FRST
2015-05-09 23:55 - 2015-05-09 23:55 - 00023995 _____ () C:\Users\sephiroth\Desktop\haarp mv.txt
2015-05-06 09:13 - 2015-05-06 09:13 - 00011358 _____ () C:\Users\sephiroth\Documents\Mein Film.wlmp
2015-05-06 07:08 - 2015-05-06 07:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-05-06 07:08 - 2015-05-06 07:08 - 00000000 ____D () C:\WINDOWS\de
2015-05-06 07:08 - 2015-05-06 07:08 - 00000000 ____D () C:\Users\sephiroth\Tracing
2015-05-06 07:07 - 2015-05-17 15:51 - 00000000 ____D () C:\Users\sephiroth\AppData\Local\Windows Live
2015-05-06 07:07 - 2015-05-06 07:07 - 00002490 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-05-06 07:07 - 2015-05-06 07:07 - 00002273 _____ () C:\Users\sephiroth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-05-06 07:07 - 2015-05-06 07:07 - 00002225 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-05-06 07:07 - 2015-05-06 07:07 - 00002225 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-05-06 07:07 - 2015-05-06 07:07 - 00001462 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-05-06 07:07 - 2015-05-06 07:07 - 00001378 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-05-06 07:07 - 2015-05-06 07:07 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-05-06 07:07 - 2015-05-06 07:07 - 00000000 ___RD () C:\Users\sephiroth\OneDrive
2015-05-06 07:07 - 2015-05-06 07:07 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2015-05-06 07:07 - 2015-05-06 07:07 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2015-05-06 07:07 - 2015-05-06 07:07 - 00000000 ____D () C:\Program Files\Windows Live
2015-05-06 07:07 - 2015-05-06 07:07 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2015-05-06 07:07 - 2015-05-06 07:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-05-06 07:07 - 2015-05-06 07:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2015-05-06 07:07 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2015-05-06 07:07 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2015-05-06 07:07 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2015-05-06 07:07 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2015-05-06 07:07 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2015-05-06 07:07 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2015-05-06 07:07 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2015-05-06 07:07 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2015-05-06 07:07 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2015-05-06 07:07 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2015-05-06 07:05 - 2015-05-06 07:05 - 01245384 _____ (Microsoft Corporation) C:\Users\sephiroth\Downloads\wlsetup-web.exe
2015-05-04 20:25 - 2015-05-04 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\leawo
2015-04-26 09:46 - 2015-04-26 09:46 - 00003410 _____ () C:\Users\sephiroth\Downloads\ConsortModSimFixer1.zip
2015-04-24 11:20 - 2015-04-24 11:20 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-04-24 11:20 - 2015-04-24 11:20 - 00002051 _____ () C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-04-22 20:35 - 2015-04-22 20:35 - 05101592 _____ () C:\Users\sephiroth\Downloads\fu4sa_tattoo_koi.package
2015-04-22 20:27 - 2015-04-22 20:27 - 01478003 _____ () C:\Users\sephiroth\Downloads\1156129.zip
2015-04-21 13:27 - 2015-05-10 11:39 - 00000000 ____D () C:\Users\sephiroth\Downloads\SimsContent
2015-04-21 09:53 - 2015-04-21 09:55 - 00471305 _____ () C:\Users\sephiroth\Downloads\1180234.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-21 09:46 - 2015-04-15 07:57 - 00000000 ____D () C:\Users\sephiroth\Downloads\Programme
2015-05-21 09:44 - 2013-11-29 10:22 - 02027763 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-21 09:39 - 2015-01-16 13:53 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3549694130-846552002-615965096-1003
2015-05-21 09:39 - 2013-11-29 19:15 - 00753134 _____ () C:\WINDOWS\system32\perfh007.dat
2015-05-21 09:39 - 2013-11-29 19:15 - 00155826 _____ () C:\WINDOWS\system32\perfc007.dat
2015-05-21 09:39 - 2012-07-26 09:28 - 01745416 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-21 09:36 - 2015-04-15 07:07 - 00000000 __RSD () C:\Users\sephiroth\Documents\McAfee-Tresore
2015-05-21 09:36 - 2015-01-30 12:30 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-21 09:34 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-21 09:01 - 2015-01-22 13:01 - 00000935 _____ () C:\WINDOWS\Tasks\EPSON XP-610 Series Update {A54D32B5-2772-4970-831E-FECBD81EF020}.job
2015-05-21 09:01 - 2015-01-22 13:01 - 00000749 _____ () C:\WINDOWS\Tasks\EPSON XP-610 Series Invitation {A54D32B5-2772-4970-831E-FECBD81EF020}.job
2015-05-21 09:01 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-05-21 09:00 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-21 08:46 - 2015-01-16 14:22 - 00000000 ____D () C:\Users\sephiroth\AppData\Local\Adobe
2015-05-19 16:52 - 2013-04-18 11:11 - 00151026 _____ () C:\WINDOWS\PFRO.log
2015-05-19 16:52 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-05-19 16:21 - 2012-07-26 07:26 - 00000215 _____ () C:\WINDOWS\system.ini
2015-05-17 15:05 - 2015-01-28 11:06 - 00001456 _____ () C:\Users\sephiroth\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2015-05-17 13:10 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-17 00:19 - 2015-01-16 13:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-17 00:19 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-16 09:46 - 2015-01-30 12:30 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-05-15 19:20 - 2015-01-27 21:11 - 00000000 ____D () C:\Users\sephiroth\AppData\Local\clear.fi
2015-05-15 19:18 - 2015-01-16 13:33 - 00000000 ____D () C:\Users\sephiroth
2015-05-14 19:55 - 2015-04-09 18:50 - 00000000 ____D () C:\Users\sephiroth\.dvdcss
2015-05-14 16:24 - 2015-04-03 10:35 - 00001314 _____ () C:\WINDOWS\SecuniaPackage.log
2015-05-14 16:22 - 2015-04-15 07:07 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-05-14 16:22 - 2015-03-13 11:56 - 00362528 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-14 16:21 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-14 16:21 - 2012-07-26 09:52 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 12:39 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2015-05-13 23:25 - 2015-04-15 06:59 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-05-13 15:18 - 2015-01-16 13:25 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-13 15:16 - 2015-01-16 13:25 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-10 18:45 - 2015-01-16 13:33 - 00000000 ____D () C:\Users\sephiroth\AppData\Local\VirtualStore
2015-05-10 13:36 - 2015-01-24 21:43 - 00000000 ____D () C:\Users\sephiroth\AppData\Roaming\vlc
2015-05-06 07:07 - 2015-04-12 21:29 - 00000398 _____ () C:\WINDOWS\DirectX.log
2015-05-06 07:07 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-05-05 19:49 - 2012-07-26 10:14 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-05 19:49 - 2012-07-26 10:14 - 00177632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-05 08:50 - 2015-04-15 10:30 - 00001788 _____ () C:\WINDOWS\Sandboxie.ini
2015-05-04 20:25 - 2015-01-16 13:04 - 00001219 _____ () C:\Users\Public\Desktop\Leawo Blu-ray Player.lnk
2015-05-03 17:38 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-04-30 09:43 - 2015-02-26 18:24 - 00000000 ____D () C:\Users\sephiroth\AppData\Local\CrashDumps
2015-04-29 16:41 - 2015-04-12 22:08 - 00000000 ____D () C:\ProgramData\Origin
2015-04-28 14:38 - 2015-02-24 23:59 - 00001110 _____ () C:\Users\sephiroth\Desktop\Amazon Music.lnk
2015-04-28 07:21 - 2015-01-16 13:33 - 00000000 ____D () C:\Users\sephiroth\AppData\Local\Packages
2015-04-24 11:20 - 2015-01-20 18:18 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-04-24 11:20 - 2015-01-16 13:40 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-24 11:20 - 2015-01-16 13:13 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-04-24 11:20 - 2015-01-16 13:07 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-22 14:19 - 2015-04-16 13:53 - 00000000 ____D () C:\Users\sephiroth\AppData\Roaming\Coronic

==================== Files in the root of some directories =======

2015-01-28 11:06 - 2015-05-17 15:05 - 0001456 _____ () C:\Users\sephiroth\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2015-04-03 16:35 - 2015-04-03 16:35 - 0003584 _____ () C:\Users\sephiroth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-29 10:58 - 2013-11-29 10:58 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\sephiroth\AppData\Local\Temp\Quarantine.exe
C:\Users\sephiroth\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-16 22:30

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Mir ist allerdings aufgefallen, dass ich nie meine ganzen verläufe und gespeicherten Daten ect gesäubert bekomme. Ich hab es direkt in den Internetoptionen versucht aber es funzt nicht, meine Daten sind wieder automatisch da, wenn ich Seiten öffne, wo ich mich vorher angemeldet hatte....

schrauber 22.05.2015 06:40
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3549694130-846552002-615965096-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




In welchen Browsern bestehen die Probleme?

Betti05 22.05.2015 09:37
Hallo Schrauber, hier das Fixlog:
Code:
Fix result of Farbar Recovery Scan Tool (x64) Version: 21-05-2015
Ran by sephiroth at 2015-05-22 10:33:02 Run:1
Running from C:\Users\sephiroth\Downloads\Programme
Loaded Profiles: UpdatusUser & sephiroth (Available profiles: UpdatusUser & bebi-admin & sephiroth)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3549694130-846552002-615965096-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Emptytemp:
*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key Deleted successfully.
"HKU\S-1-5-21-3549694130-846552002-615965096-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key Deleted successfully.
EmptyTemp: => Removed 382.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog 10:33:16 ====
Vielen Dank für deine schnelle Hilfe. Ich nutze Firefox und habe schon entdeckt, dass ich das direkt im Firefox einstellen kann. Vorher hatte ich das über Internetoptionen gemacht , das ist dann wohl nur für IE..

schrauber 23.05.2015 06:12
Ja das ist getrennt :)

sonst noch Probleme?

Betti05 29.05.2015 05:34
Hallo Schrauber, scheint alles ok zu sein bisher :-) vielen Dank für deine schnelle Hilfe und Problemlösung!

Hallo Schrauber,Noch eine kurze Frage, leider habe ich zu diesem Thema keine wirkliche Hilfe im Netz gefunden..
Ich nutze Firefox und bei bestimmten Webseiten (z.B ebay) werden Umlaute nicht richtig dargestellt, sondern nur mit einer schwarzen Raute mit Fragezeichen. Ich habe im Firefox bereits in den Einstellungen gesucht, kann aber keine Möglichkeit finden, die Zeichenkodierung einzustellen. Als Sprache ist deutsch eingestellt...
Hast du einen Tipp?
Vielen Dank.

schrauber 29.05.2015 17:59
Ist das Firefox Portable oder Firefox fest installiert?


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:29 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19