Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: tbhcn im Autostart - Systemstart sehr langsam

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.01.2015, 08:48   #1
Pfaelzer
 
tbhcn im Autostart - Systemstart sehr langsam - Standard

tbhcn im Autostart - Systemstart sehr langsam



Hallo liebes Team,
nachdem mein Rechner beim System-Start seit knapp ner Woche deutlich länger braucht, hab ich mich mal ins MSconfig begeben und bin, wie der Titel schon sagt, über tbhcn gestolpert. Nachdem ich ein wenig bei Google und auch auf eurem Board gestöbert hab, glaub ich nun, dass mein PC doch mehr Hilfe braucht, als ich dachte.
Ich weiß nicht, ob da ein Zusammenhang besteht, aber weitere "Auffälligkeiten" sind eine fehlerhafte Netzwerk-Verbindung im Heimnetz und ein recht schnelles Warmwerden des Geräts (Lüfter laufen beide ruhig und sind staubfrei...).
Ich würde mich über Unterstützung eurerseits sehr freuen. Vielen Dank schon mal und Grüße

Pfälzer

zum System:
Vista Home Premium (SP 2) 64-Bit Version
Pentium Dual-Core 2.5 GHz

FRST + Addition Logfile siehe unten
GMER Log siehe unten


FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2015
Ran by Pfälzer (administrator) on PFAELZER-PC on 05-01-2015 08:37:57
Running from C:\Users\Pfälzer_2\Desktop
Loaded Profiles: Pfälzer & Pfälzer_2 (Available profiles: Pfälzer & Pfälzer_2)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Egis Incorporated) C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Akamai Technologies, Inc.) C:\Users\Pfälzer_2\AppData\Local\Akamai\netsession_win.exe
(Egis inc.) C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
() C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
(Egis Incorporated) C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Akamai Technologies, Inc.) C:\Users\Pfälzer_2\AppData\Local\Akamai\netsession_win.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
(NewTech InfoSystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PSIService.exe
() C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
() C:\Users\Pfälzer\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
() C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe
() C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
() C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\msconfig.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
() C:\Program Files (x86)\Opera\26.0.1656.60\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [eDataSecurity Loader] => C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe [561200 2008-07-29] (Egis Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6456352 2008-08-19] (Realtek Semiconductor)
HKLM\...\Run: [ProductReg] => C:\Program Files\Acer\WR_PopUp\ProductReg.exe [6144 2008-10-14] (Acer)
HKLM\...\Run: [Ocs_SM] => C:\Users\Pfälzer\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2013-01-23] (OCS)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-08-19] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [BkupTray] => C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-25] ()
HKLM-x32\...\Run: [eRecoveryService] => [X]
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [SiteAdvisor] => C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe [36640 2007-08-24] ()
HKLM-x32\...\Run: [PCMMediaSharing] => C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [204908 2008-05-20] ()
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2771533323-571298105-790965156-1000\...\Run: [EADM] => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
HKU\S-1-5-21-2771533323-571298105-790965156-1000\...\RunOnce: [Adobe Speed Launcher] => 1418286825
HKU\S-1-5-21-2771533323-571298105-790965156-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_246_Plugin.exe -update plugin
HKU\S-1-5-21-2771533323-571298105-790965156-1000\...\MountPoints2: {c87d3439-3dff-11e1-8434-806e6f6e6963} - E:\setup.exe
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Run: [EPSON Stylus SX200 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEFE.EXE [221696 2007-12-13] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Run: [EPSON Stylus SX200 Series (Kopie 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEFE.EXE [221696 2007-12-13] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2012-01-13] (Google Inc.)
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Pfälzer_2\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\MountPoints2: {259b995f-c6f5-11e3-9ea5-0021973d8779} - H:\LaunchU3.exe -a
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\MountPoints2: {950edf81-e700-11e2-b0e8-0021973d8779} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\MountPoints2: {950edfa5-e700-11e2-b0e8-0021973d8779} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\MountPoints2: {c87d3439-3dff-11e1-8434-806e6f6e6963} - E:\SETUP.EXE
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\Pfälzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk
ShortcutTarget: tbhcn.lnk -> C:\Users\Pfälzer\AppData\Roaming\GinyasBrowserCompanion\tbhcn.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\PSDProtect.dll (Egis Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0112&m=aspire_x1700
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0112&m=aspire_x1700
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0112&m=aspire_x1700
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0112&m=aspire_x1700
HKU\S-1-5-21-2771533323-571298105-790965156-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchplusnetwork.com/?sp=st3
HKU\S-1-5-21-2771533323-571298105-790965156-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0112&m=aspire_x1700
HKU\S-1-5-21-2771533323-571298105-790965156-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com
HKU\S-1-5-21-2771533323-571298105-790965156-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKU\S-1-5-21-2771533323-571298105-790965156-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0112&m=aspire_x1700
HKU\S-1-5-21-2771533323-571298105-790965156-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0112&m=aspire_x1700
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-2771533323-571298105-790965156-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.searchplusnetwork.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E736561726368706C75736E6574776F726B2E636F6D2F3F73703D73743326713D7B7365617263685465726D737D&st={searchTerms}&clid=4494c650-9563-46e4-b154-a0e4353fc7c1&pid=netzwelt&k=0
SearchScopes: HKU\S-1-5-21-2771533323-571298105-790965156-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.searchplusnetwork.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E736561726368706C75736E6574776F726B2E636F6D2F3F73703D73743326713D7B7365617263685465726D737D&st={searchTerms}&clid=4494c650-9563-46e4-b154-a0e4353fc7c1&pid=netzwelt&k=0
SearchScopes: HKU\S-1-5-21-2771533323-571298105-790965156-1000 -> {2A1B955A-4646-4D87-A640-2BC57AE252B4} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=4494c650-9563-46e4-b154-a0e4353fc7c1&pid=netzwelt&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-2771533323-571298105-790965156-1000 -> {67422884-1358-4E32-B7AB-25865C493D0A} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=4494c650-9563-46e4-b154-a0e4353fc7c1&pid=netzwelt&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-2771533323-571298105-790965156-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F736F7572636569643D69653726713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26726C7A3D31493741434157&st={searchTerms}&clid=4494c650-9563-46e4-b154-a0e4353fc7c1&pid=netzwelt&k=0
SearchScopes: HKU\S-1-5-21-2771533323-571298105-790965156-1000 -> {B6176FF5-657B-4AF4-A557-216BABA693C1} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=4494c650-9563-46e4-b154-a0e4353fc7c1&pid=netzwelt&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-2771533323-571298105-790965156-1000 -> {B9A003B2-0991-40BE-9992-696A9AC45306} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=4494c650-9563-46e4-b154-a0e4353fc7c1&pid=netzwelt&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-2771533323-571298105-790965156-1000 -> {DAB60EDB-A5EE-463C-94D5-4285892FC833} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=4494c650-9563-46e4-b154-a0e4353fc7c1&pid=netzwelt&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-2771533323-571298105-790965156-1000 -> {F21CB645-2713-4FEF-A068-0B4C80AFA424} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=4494c650-9563-46e4-b154-a0e4353fc7c1&pid=netzwelt&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-2771533323-571298105-790965156-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Toolbar: HKLM-x32 - No Name - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2771533323-571298105-790965156-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2771533323-571298105-790965156-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAd64.dll ()
Handler-x32: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.dll ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-01-13]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-19]
FF HKU\S-1-5-19\...\Firefox\Extensions: [{1650a312-02bc-40ee-977e-83f158701739}] - C:\Program Files (x86)\SiteAdvisor\6172\FF
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\SiteAdvisor\6172\FF [2008-10-31]
FF HKU\S-1-5-20\...\Firefox\Extensions: [{1650a312-02bc-40ee-977e-83f158701739}] - C:\Program Files (x86)\SiteAdvisor\6172\FF

Chrome: 
=======
CHR Profile: C:\Users\Pfälzer\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-06] (AVAST Software)
R2 BUNAgentSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 eDataSecurity Service; C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [500784 2008-07-29] (Egis Incorporated)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-08-19] () [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 NTIBackupSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2012-10-08] () [File not signed]
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [174656 2006-11-02] () [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [241734 2008-06-13] () [File not signed]
R2 SearchAnonymizer; C:\Users\Pfälzer\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2013-01-23] () [File not signed]
R2 SiteAdvisor Service; C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe [341280 2008-10-31] ()
R2 WiselinkPro; C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [3007488 2010-02-17] () [File not signed]
S4 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
S4 Partner Service; "C:\ProgramData\Partner\partner.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-06] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-12-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-06] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-12-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-06] ()
S3 hugoio64; C:\Windows\system32\drivers\hugoio64.sys [13920 2014-12-03] ()
S3 ITEIO.SYS; c:\Windows\System32\drivers\ITEIO.sys [13144 2008-02-25] (Windows (R) Codename Longhorn DDK provider) [File not signed]
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [22064 2008-07-29] (Egis Incorporated)
R2 PSDNServ; C:\Windows\System32\DRIVERS\PSDNServ.sys [21040 2008-07-29] (Egis Incorporated)
R2 psdvdisk; C:\Windows\System32\DRIVERS\PSDVdisk.sys [60976 2008-07-29] (Egis Incorporated)
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 WacHidRouter; system32\DRIVERS\wachidrouter.sys [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-05 08:38 - 2015-01-05 08:38 - 00380416 _____ () C:\Users\Pfälzer_2\Desktop\Gmer-19357.exe
2015-01-05 08:37 - 2015-01-05 08:38 - 00027302 _____ () C:\Users\Pfälzer_2\Desktop\FRST.txt
2015-01-05 08:37 - 2015-01-05 08:37 - 02123776 _____ (Farbar) C:\Users\Pfälzer_2\Desktop\FRST64.exe
2015-01-05 06:15 - 2015-01-05 07:16 - 367001600 _____ () C:\Users\Pfälzer_2\Desktop\cpe3dwdf.part3.rar
2015-01-04 09:25 - 2015-01-04 10:39 - 367001600 _____ () C:\Users\Pfälzer_2\Desktop\cpe3dwdf.part2.rar
2015-01-04 09:18 - 2015-01-05 08:14 - 00004700 _____ () C:\Windows\PFRO.log
2015-01-03 13:18 - 2015-01-03 13:18 - 00000000 ____H () C:\Users\Pfälzer_2\Documents\Default.rdp
2015-01-03 12:09 - 2015-01-03 12:09 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-03 12:09 - 2015-01-03 12:09 - 00000000 _____ () C:\Windows\setupact.log
2015-01-03 12:01 - 2015-01-03 12:03 - 00000000 ____D () C:\Users\Pfälzer\Silvester 2014
2015-01-03 12:00 - 2015-01-03 12:01 - 00000000 ____D () C:\Users\Pfälzer\Weihnachten 2014
2014-12-30 08:45 - 2014-12-30 09:02 - 367001600 _____ () C:\Users\Pfälzer_2\Desktop\cpe3dwdf.part1.rar
2014-12-29 14:09 - 2012-09-26 00:39 - 00000000 ____D () C:\Users\Pfälzer_2\Desktop\Christopher Paolini - Eragon 2 - Der Auftrag des Ältesten
2014-12-29 13:23 - 2014-12-29 13:23 - 00000219 _____ () C:\Users\Pfälzer_2\Desktop\Counter-Strike Condition Zero Deleted Scenes.url
2014-12-29 13:23 - 2014-12-29 13:23 - 00000218 _____ () C:\Users\Pfälzer_2\Desktop\Counter-Strike.url
2014-12-29 13:23 - 2014-12-29 13:23 - 00000218 _____ () C:\Users\Pfälzer_2\Desktop\Counter-Strike Condition Zero.url
2014-12-29 13:22 - 2014-12-29 13:22 - 00000018 _____ () C:\Users\Pfälzer_2\Desktop\cs.txt
2014-12-29 12:16 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-12-29 12:16 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-12-29 12:16 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-12-29 12:16 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-12-29 12:16 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-12-29 12:16 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-12-29 12:13 - 2014-12-29 12:13 - 00464426 _____ () C:\Users\Pfälzer\AppData\Local\dd_vcredistMSI7AA9.txt
2014-12-29 12:13 - 2014-12-29 12:13 - 00012562 _____ () C:\Users\Pfälzer\AppData\Local\dd_vcredistUI7AA9.txt
2014-12-29 12:12 - 2014-12-29 12:13 - 00382682 _____ () C:\Users\Pfälzer\AppData\Local\dd_vcredistMSI7A9C.txt
2014-12-29 12:12 - 2014-12-29 12:13 - 00012226 _____ () C:\Users\Pfälzer\AppData\Local\dd_vcredistUI7A9C.txt
2014-12-26 09:56 - 2014-12-26 14:41 - 00000000 ____D () C:\Icons
2014-12-23 20:11 - 2014-12-23 20:11 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-21 17:01 - 2014-12-21 17:01 - 00000000 ____D () C:\Users\Pfälzer_2\Documents\Sniper - Ghost Warrior
2014-12-21 15:36 - 2014-12-29 13:23 - 00000000 ____D () C:\Users\Pfälzer_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-21 15:36 - 2014-12-21 15:36 - 00000221 _____ () C:\Users\Pfälzer_2\Desktop\Sniper Ghost Warrior.url
2014-12-21 15:11 - 2015-01-03 10:04 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-21 15:11 - 2014-12-21 15:28 - 00000806 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-12-21 15:11 - 2014-12-21 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-19 11:00 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-12-19 11:00 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2014-12-19 11:00 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2014-12-19 11:00 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-12-19 11:00 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-12-19 11:00 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2014-12-19 11:00 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-12-19 11:00 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-12-19 11:00 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-12-19 11:00 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2014-12-19 11:00 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2014-12-19 11:00 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-12-19 11:00 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-12-19 11:00 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-12-19 11:00 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-12-19 11:00 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-12-19 11:00 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-12-19 11:00 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-12-19 11:00 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-12-19 11:00 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-12-19 10:37 - 2014-12-19 10:37 - 00507156 _____ () C:\Users\Pfälzer\AppData\Local\dd_vcredistMSI23FF.txt
2014-12-19 10:37 - 2014-12-19 10:37 - 00018412 _____ () C:\Users\Pfälzer\AppData\Local\dd_vcredistUI23FF.txt
2014-12-17 17:08 - 2014-12-17 17:09 - 00000510 _____ () C:\Windows\WORDPAD.INI
2014-12-17 11:13 - 2014-12-17 11:13 - 00002260 _____ () C:\Users\Public\Desktop\TriDef 3D.lnk
2014-12-17 11:13 - 2014-12-17 11:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TriDef 3D
2014-12-17 11:13 - 2014-12-17 11:13 - 00000000 ____D () C:\ProgramData\TriDef 3D
2014-12-17 11:12 - 2014-12-17 11:13 - 00000000 ____D () C:\Program Files (x86)\TriDef 3D
2014-12-14 08:45 - 2014-12-14 08:45 - 00000000 ____D () C:\Users\Pfälzer_2\AppData\Roaming\eSobi
2014-12-14 08:25 - 2014-12-14 08:25 - 00000000 ____D () C:\Users\Pfälzer\AppData\Local\Microsoft Corporation
2014-12-14 08:22 - 2014-12-14 08:22 - 00002042 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
2014-12-14 08:22 - 2014-12-14 08:22 - 00002030 _____ () C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
2014-12-14 08:22 - 2014-12-14 08:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor
2014-12-13 09:01 - 2014-12-13 09:03 - 229101096 _____ () C:\Users\Pfälzer_2\Desktop\Rossmann_Fotosoftware_Setup.exe
2014-12-11 05:56 - 2014-12-11 05:57 - 32021112 _____ (NVIDIA Corporation) C:\Users\Pfälzer_2\Desktop\GeForce_Experience_v2.1.4.0.exe
2014-12-10 05:02 - 2014-11-07 02:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 05:02 - 2014-11-07 02:28 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 05:02 - 2014-11-04 01:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 05:02 - 2014-11-04 01:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 05:00 - 2014-12-03 03:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-10 05:00 - 2014-12-03 02:51 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-10 04:50 - 2014-11-24 23:12 - 17874432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 04:50 - 2014-11-24 22:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 04:50 - 2014-11-24 22:54 - 10921984 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 04:50 - 2014-11-24 22:53 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 04:50 - 2014-11-24 22:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 04:50 - 2014-11-24 22:47 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 04:50 - 2014-11-24 22:45 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 04:50 - 2014-11-24 22:45 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-10 04:50 - 2014-11-24 22:45 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 04:50 - 2014-11-24 22:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-10 04:50 - 2014-11-24 22:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 04:50 - 2014-11-24 22:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 04:50 - 2014-11-24 22:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-10 04:50 - 2014-11-24 22:42 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 04:50 - 2014-11-24 21:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-10 04:50 - 2014-11-24 21:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 04:50 - 2014-11-24 21:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 04:50 - 2014-11-24 21:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 04:50 - 2014-11-24 21:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 04:50 - 2014-11-24 21:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 04:50 - 2014-11-24 21:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 04:50 - 2014-11-24 21:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-12-10 04:50 - 2014-11-24 21:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 04:50 - 2014-11-24 21:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-10 04:50 - 2014-11-24 21:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 04:50 - 2014-11-24 21:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 04:50 - 2014-11-24 21:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-10 04:50 - 2014-11-24 21:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 04:50 - 2014-11-24 21:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-12-10 04:50 - 2014-11-24 21:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 04:50 - 2014-11-24 21:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 04:50 - 2014-11-24 21:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 04:50 - 2014-11-24 21:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 04:50 - 2014-11-24 21:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 04:50 - 2014-11-24 21:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-12-10 04:50 - 2014-11-24 21:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-12-09 07:26 - 2014-12-25 04:11 - 00000126 _____ () C:\Users\Pfälzer_2\Desktop\link.txt
2014-12-06 17:11 - 2014-12-06 17:11 - 00001691 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-06 17:10 - 2014-12-06 17:10 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-06 17:10 - 2014-12-06 17:10 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-05 08:38 - 2014-09-15 15:26 - 00000000 ____D () C:\FRST
2015-01-05 08:21 - 2006-11-02 16:22 - 00005264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-05 08:21 - 2006-11-02 16:22 - 00005264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-05 08:19 - 2012-10-17 10:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-05 08:18 - 2012-01-13 17:03 - 02055223 _____ () C:\Windows\WindowsUpdate.log
2015-01-05 08:15 - 2013-10-13 13:15 - 00000300 _____ () C:\Windows\Tasks\Dealply.job
2015-01-05 08:14 - 2012-10-31 16:08 - 89972443 _____ () C:\Windows\SysWOW64\http_ss.log
2015-01-05 08:14 - 2012-01-14 15:27 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-05 08:14 - 2012-01-13 17:25 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2015-01-05 08:14 - 2008-10-31 20:05 - 00746216 _____ () C:\Users\Public\eDSMSNLoader32.log
2015-01-05 08:14 - 2008-10-31 20:00 - 00000147 _____ () C:\Windows\SysWOW64\agent.log
2015-01-05 08:14 - 2006-11-02 16:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-05 08:13 - 2006-11-02 16:42 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-05 08:11 - 2012-01-14 15:27 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-05 08:08 - 2012-07-06 10:07 - 00000000 ____D () C:\Windows\pss
2015-01-05 07:24 - 2012-01-15 04:25 - 00018426 _____ () C:\Users\Pfälzer_2\AppData\Roaming\wklnhst.dat
2015-01-05 06:12 - 2013-03-19 15:12 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-03 12:04 - 2012-01-13 17:16 - 00000000 ____D () C:\Users\Pfälzer
2015-01-03 09:01 - 2012-01-14 18:16 - 00000000 ___RD () C:\Users\Pfälzer_2\Desktop\Haushaltsführung
2015-01-03 07:46 - 2012-01-14 05:21 - 00055592 _____ () C:\Windows\system32\spsys.log
2014-12-30 08:28 - 2008-01-21 12:10 - 01598440 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-30 08:28 - 2008-01-21 12:09 - 00684500 _____ () C:\Windows\system32\perfh007.dat
2014-12-30 08:28 - 2008-01-21 12:09 - 00150808 _____ () C:\Windows\system32\perfc007.dat
2014-12-29 14:13 - 2013-03-20 17:26 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-12-29 12:16 - 2014-11-11 08:14 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-29 11:16 - 2012-10-17 10:30 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-29 11:16 - 2012-05-07 15:45 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-29 11:16 - 2012-01-14 17:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-29 11:15 - 2014-10-18 08:52 - 00000000 ____D () C:\Users\Pfälzer\AppData\Local\Adobe
2014-12-29 07:43 - 2012-01-28 09:27 - 00000000 ____D () C:\Users\Pfälzer_2\AppData\Roaming\vlc
2014-12-26 14:41 - 2012-01-24 07:25 - 00000000 ____D () C:\Users\Pfälzer_2\AppData\Roaming\Corel
2014-12-26 14:41 - 2012-01-14 18:21 - 00000000 ___RD () C:\Users\Pfälzer_2\Desktop\Privat
2014-12-26 14:34 - 2012-01-24 07:25 - 00000848 ___SH () C:\Windows\SysWOW64\KGyGaAvL.sys
2014-12-26 14:34 - 2012-01-24 07:25 - 00000000 ____D () C:\Users\Pfälzer_2\Documents\My PSP Files
2014-12-26 10:43 - 2013-11-07 07:41 - 00000000 ___RD () C:\Users\Pfälzer_2\Desktop\M F&R
2014-12-26 10:36 - 2012-11-02 17:16 - 00000000 ___RD () C:\Users\Pfälzer_2\Desktop\mf-online
2014-12-26 10:35 - 2013-01-05 09:37 - 00000000 ___RD () C:\Users\Pfälzer_2\Desktop\Steffi Arbeit
2014-12-26 10:35 - 2012-01-14 18:14 - 00000000 ___RD () C:\Users\Pfälzer_2\Desktop\Arbeit
2014-12-26 10:18 - 2012-01-16 04:16 - 00000000 ___RD () C:\Users\Pfälzer_2\Dropbox
2014-12-26 10:18 - 2012-01-16 04:14 - 00000000 ____D () C:\Users\Pfälzer_2\AppData\Roaming\Dropbox
2014-12-25 04:11 - 2012-01-17 18:06 - 00073728 _____ () C:\Users\Pfälzer_2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-19 10:50 - 2012-05-08 04:04 - 00000000 ____D () C:\Users\Pfälzer_2\Documents\My Games
2014-12-19 10:33 - 2008-10-31 19:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-18 06:41 - 2012-01-13 19:53 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-12-16 05:53 - 2013-10-13 12:28 - 00000000 ____D () C:\Users\Pfälzer_2\AppData\Roaming\NVIDIA
2014-12-14 08:56 - 2014-07-27 11:00 - 00000000 ____D () C:\Users\Pfälzer_2\Desktop\Neue Bib
2014-12-14 08:47 - 2008-10-31 20:05 - 00000000 ____D () C:\Program Files (x86)\Acer GameZone
2014-12-14 08:46 - 2008-10-31 20:17 - 00000000 ____D () C:\Program Files (x86)\eSobi
2014-12-14 08:17 - 2012-01-14 05:14 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-12-14 08:17 - 2012-01-14 05:11 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-13 09:17 - 2012-01-14 04:32 - 00000000 ____D () C:\Program Files (x86)\Corel
2014-12-13 06:22 - 2012-02-03 19:15 - 00004353 _____ () C:\Windows\wininit.ini
2014-12-13 06:22 - 2012-01-16 04:16 - 00000976 _____ () C:\Users\Pfälzer_2\Desktop\Dropbox.lnk
2014-12-13 06:22 - 2012-01-16 04:15 - 00000000 ____D () C:\Users\Pfälzer_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-12 08:32 - 2014-06-17 06:17 - 00002021 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 05:54 - 2012-01-13 20:09 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-10 07:16 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\rescache
2014-12-10 05:10 - 2013-08-14 04:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 05:03 - 2006-11-02 13:35 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-09 07:27 - 2012-01-13 20:20 - 00000000 ____D () C:\Users\Pfälzer_2
2014-12-06 17:10 - 2014-05-18 03:01 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-06 17:10 - 2013-03-19 15:12 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-06 17:10 - 2013-03-19 15:12 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-12-06 17:10 - 2013-03-19 15:12 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-06 17:10 - 2013-03-19 15:12 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-06 17:10 - 2013-03-19 15:12 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-06 17:10 - 2013-03-19 15:12 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-12-06 17:10 - 2013-03-19 15:12 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys

Files to move or delete:
====================
C:\ProgramData\pswi_preloaded.exe


Some content of TEMP:
====================
C:\Users\Pfälzer\AppData\Local\Temp\Medal of Honor_uninst.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-05 08:20

==================== End Of Log ============================
         
--- --- ---


Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2015
Ran by Pfälzer at 2015-01-05 08:38:54
Running from C:\Users\Pfälzer_2\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acer Arcade Live Main Page (HKLM-x32\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.1.1819 - Acer Inc.)
Acer DV Magician (HKLM-x32\...\{F6EFFB76-4A07-11DA-9D78-000129760D75}) (Version: 1.5.1730 - Acer Inc.)
Acer DVDivine (HKLM-x32\...\{B145EC69-66F5-11D8-9D75-000129760D75}) (Version: 3.2.1730 - Acer Inc.)
Acer eDataSecurity Management (HKLM-x32\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 3.0.3065 - Egis Inc.)
Acer Empowering Technology (HKLM-x32\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3010 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.0.3014 - Acer Incorporated)
Acer eSettings Management (HKLM-x32\...\{13D85C14-2B85-419F-AC41-C7F21E68B25D}) (Version: 3.0.3007 - Acer Incorporated)
Acer GameZone Console DTV 2.0.1.1 (HKLM-x32\...\Acer GameZone Console_is1) (Version:  - Oberon Media, Inc.)
Acer HomeMedia (HKLM-x32\...\{AA4BF92B-2AAF-11DA-9D78-000129760D75}) (Version: 1.5.0530 - Acer Inc.)
Acer HomeMedia Connect (HKLM-x32\...\{132888AE-EF67-41C5-BCA2-7D5D2488AB63}) (Version: 1.4.5330 - Acer Inc.)
Acer HomeMedia Trial Creator (HKLM-x32\...\{B580C409-E16F-44FF-904D-3AE94E113BE0}) (Version: 1.5.0530 - Acer Inc.)
Acer Product Registration (HKLM-x32\...\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}) (Version: 3.0.0.8 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 4.01.0718 - Acer Incorporated)
Acer SlideShow DVD (HKLM-x32\...\{41581EF5-45A7-11DA-9D78-000129760D75}) (Version: 1.5.1730 - Acer Inc.)
Acer VideoMagician (HKLM-x32\...\{F79A208D-D929-11D9-9D77-000129760D75}) (Version: 1.4.2203 - Acer Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Agatha Christie Death on the Nile (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}) (Version:  - Oberon Media)
Akamai NetSession Interface (HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
ANNO 1404 - Königsedition (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
Any Video Converter 5.0.9 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Azada (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}) (Version:  - Oberon Media)
Big Kahuna Reef (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}) (Version:  - Oberon Media)
Bricks of Egypt (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}) (Version:  - Oberon Media)
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version:  - Oberon Media)
calibre 64bit (HKLM\...\{1266D026-FDCA-458F-8849-BF23EF0766D8}) (Version: 1.28.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 3.10 - Piriform)
Chicken Invaders 3 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}) (Version:  - Oberon Media)
Content Manager 2 (HKLM-x32\...\Content Manager 2) (Version: 3.18.0.342250 - NNG Llc.)
Corel Paint Shop Pro Photo XI (HKLM-x32\...\{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}) (Version: 11.20.0000 - Corel Corporation)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version:  - Valve)
Counter-Strike: Condition Zero Deleted Scenes (HKLM-x32\...\Steam App 100) (Version:  - Valve)
Diner Dash Flo on the Go (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}) (Version:  - Oberon Media)
Dropbox (HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
EPSON Easy Photo Print (HKLM-x32\...\{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}) (Version: 1.5.1.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPSON Stylus SX200 Series Printer Uninstall (HKLM\...\EPSON Stylus SX200 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Stylus SX200_SX400_TX200_TX400 Handbuch (HKLM-x32\...\EPSON Stylus SX200_SX400_TX200_TX400 Benutzerhandbuch) (Version:  - )
Fotosizer 2.05 (HKLM-x32\...\Fotosizer) (Version: 2.05.0.536 - Fotosizer.com)
Free M4a to MP3 Converter 8.2 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free Video Converter V 3.1 (HKLM-x32\...\Free Video Converter_is1) (Version: 3.1.0.0 - Koyote Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hamster Free Video Converter (HKLM-x32\...\{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1) (Version: 2.5.2.33 - Hamster Soft)
i-Menu 3.9 (HKLM-x32\...\i-Menu_is1) (Version:  - AOC)
IPTInstaller (HKLM-x32\...\{6965F2F4-1CD2-4F42-A8EF-9EF433F9AA72}) (Version: 4.0.4 - HTC)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Jewel Quest Solitaire (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}) (Version:  - Oberon Media)
Kick N Rush (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}) (Version:  - Oberon Media)
Kobo (HKLM-x32\...\Kobo) (Version: 3.5.0 - Kobo Inc.)
LightScribe  1.4.142.1 (x32 Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
MAGIX Filme auf CD & DVD 6 (D) (HKLM-x32\...\MAGIX Filme auf CD & DVD 6 D) (Version: 6.0.0.29 - MAGIX AG)
MAGIX Goya burnR (D) (HKLM-x32\...\MAGIX Goya burnR D) (Version: 1.3.0.7 - MAGIX AG)
MAGIX Online Druck Service (D) (HKLM-x32\...\MAGIX Online Druck Service D) (Version: 2.3.2.0 - MAGIX AG)
Mahjong Escape Ancient China (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}) (Version:  - Oberon Media)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version:  - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft FrontPage 2000 (HKLM-x32\...\{00120407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft GIF Animator (HKLM-x32\...\GIF Animator) (Version:  - )
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
MixPad (HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\MixPad) (Version:  - NCH Software)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery Case Files - Huntsville (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}) (Version:  - Oberon Media)
Mystery Solitaire - Secret Island (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}) (Version:  - Oberon Media)
Naviextras Toolbox Prerequesities (HKLM-x32\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - Nav N Go Ltd.)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.606 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.606 - NewTech Infosystems) Hidden
NTI JewelCase Maker Hot Fix (HKLM-x32\...\InstallShield_{DDA223A7-627F-4173-9CA4-A9C531BCBB62}) (Version: 5.5.0.5202 - NewTech Infosystems)
NTI JewelCase Maker Hot Fix (x32 Version: 5.5.0.5202 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6329 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.2.6329 - NewTech Infosystems) Hidden
NTI Photo Maker Hot Fix (HKLM-x32\...\InstallShield_{B9B02A9E-8074-4C3F-AAE5-311528F34FED}) (Version: 2.0.0.16 - NewTech Infosystems)
NTI Photo Maker Hot Fix (x32 Version: 2.0.0.16 - NewTech Infosystems) Hidden
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Opera Stable 26.0.1656.60 (HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Opera 26.0.1656.60) (Version: 26.0.1656.60 - Opera Software ASA)
PE585QAEncoder-64 (HKLM\...\{D8B2C435-8737-431E-8784-24CD13B0B821}) (Version: 6.00.1918 - YUAN)
Pflanzen gegen Zombies (HKLM-x32\...\Pflanzen gegen Zombies) (Version:  - PopCap Games)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5688 - Realtek Semiconductor Corp.)
Remote Camera Control (HKLM-x32\...\{9EF84A20-DCF9-4946-9318-69995258AF00}) (Version: 3.2.10170 - Sony Corporation)
Rossmann Fotowelt Software 4.12.1 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.12.1 - ORWO Net)
SAMSUNG PC Share Manager (HKLM-x32\...\InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}) (Version: 2.3.0 - SAMSUNG)
SAMSUNG PC Share Manager (x32 Version: 2.3.0 - SAMSUNG) Hidden
SearchAnonymizer (HKLM\...\SearchAnonymizer) (Version: 1.0.1 (de) - )
Sniper: Ghost Warrior (HKLM-x32\...\Steam App 34830) (Version:  - City Interactive)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Switch Sound File Converter (HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Switch) (Version:  - NCH Software)
TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version:  - (c) 2006-2011, Tom Thielicke IT Solutions)
TriDef 3D (AOC Monitor) 1.2.1 (HKLM-x32\...\experience-aoc-mon-bundle) (Version: 1.2.1 - Dynamic Digital Depth Australia Pty Ltd)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Turbo Pizza (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}) (Version:  - Oberon Media)
Ulead GIF Animator 5 Test (HKLM-x32\...\{8AF3E926-ED59-11D4-A44B-0000E86D2305}) (Version:  - )
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WavePad Sound Editor (HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\WavePad) (Version:  - NCH Software)
Windows 7 Upgrade Advisor (HKLM-x32\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Zuma Deluxe (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}) (Version:  - Oberon Media)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

13-12-2014 06:25:03 Windows Update
14-12-2014 07:27:47 Gerätetreiber-Paketinstallation: NVIDIA Mäuse und andere Zeigegeräte
14-12-2014 08:22:06 Windows 7 Upgrade Advisor wird installiert
14-12-2014 08:45:53 Entfernt eSobi v2
15-12-2014 09:33:24 Geplanter Prüfpunkt
16-12-2014 05:50:09 Installiert Prey
17-12-2014 06:25:06 Windows Update
18-12-2014 14:57:17 Geplanter Prüfpunkt
19-12-2014 10:33:23 Entfernt Prey
19-12-2014 10:38:21 Installed ProductName from default.wxl
19-12-2014 10:48:50 Installed ProductName from default.wxl
19-12-2014 10:57:48 DirectX wurde installiert
19-12-2014 11:01:05 Steam wird installiert
19-12-2014 11:09:17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 wurde entfernt.
19-12-2014 11:11:19 Microsoft Visual C++ 2005 Redistributable wird entfernt
19-12-2014 11:15:51 Steam wird entfernt
21-12-2014 15:05:39 DirectX wurde installiert
21-12-2014 15:09:36 Microsoft Visual C++ 2005 Redistributable wird installiert
21-12-2014 15:10:39 Steam wird installiert
23-12-2014 07:03:33 Windows Update
24-12-2014 15:33:15 Geplanter Prüfpunkt
26-12-2014 08:32:07 Windows Update
28-12-2014 22:54:41 Geplanter Prüfpunkt
29-12-2014 12:13:34 DirectX wurde installiert
30-12-2014 08:26:13 Geplanter Prüfpunkt
03-01-2015 07:52:53 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 13:34 - 2006-09-18 22:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0292117E-2CF8-45E7-BA12-701BB8CB6FE5} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {16FA7BEE-227F-4A8A-AE4F-C83FEBA47D10} - System32\Tasks\NCH Software\SwitchDowngrade => C:\Users\Pfälzer_2\AppData\Roaming\NCH Software\Program Files\Switch\switch.exe [2013-04-03] (NCH Software)
Task: {482C9865-53C6-45A3-B2EC-2F9EC33A00AD} - \Dealply No Task File <==== ATTENTION
Task: {8A7FA9ED-7D45-4E47-9033-F48293D7D996} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A3C2AB1E-1E15-4A8B-BE21-2BC494FDED4C} - System32\Tasks\NCH Software\ExpressBurnSevenDays => C:\Users\Pfälzer_2\AppData\Roaming\NCH Software\Program Files\ExpressBurn\ExpressBurn.exe
Task: {BE0EEC95-3C23-43D9-B1E9-E024930BD7D9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-06] (AVAST Software)
Task: {CCA1999C-1D26-46F8-A946-60A5EEAF7D41} - System32\Tasks\NCH Software\WavePadReminder => C:\Users\Pfälzer_2\AppData\Roaming\NCH Software\Program Files\WavePad\WavePad.exe [2013-04-17] (NCH Software)
Task: {D789873F-F862-494B-A61C-6477CB850021} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {D9D602A6-8FE0-4B12-81AF-618FA8610586} - System32\Tasks\NCH Software\SwitchReminder => C:\Users\Pfälzer_2\AppData\Roaming\NCH Software\Program Files\Switch\Switch.exe [2013-04-03] (NCH Software)
Task: {E171B78F-1EB5-4B63-8FF3-AF5371D1389B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-29] (Adobe Systems Incorporated)
Task: {F8720D1C-BFE2-4593-A9EA-16FD63543C33} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\PFLZER~1\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-01-14 04:09 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2007-12-13 03:08 - 2007-12-13 03:08 - 01401856 _____ () C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\LIBEAY32.dll
2008-07-29 17:53 - 2008-07-29 17:53 - 00382000 _____ () C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ShowErrMsg.dll
2008-04-25 21:36 - 2008-04-25 21:36 - 00028672 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
2008-10-31 19:31 - 2008-08-19 14:27 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2008-10-31 19:31 - 2008-10-31 19:31 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3010.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2008-10-31 19:31 - 2008-10-31 19:31 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3010.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2008-10-31 19:31 - 2008-10-31 19:31 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3010.0__3036420f80dd6947\Framework.Library.dll
2008-10-31 19:31 - 2008-10-31 19:31 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3010.0__672b450de5a7e94a\Framework.Host.dll
2008-10-31 19:31 - 2008-10-31 19:31 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3010.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2008-10-31 19:31 - 2008-10-31 19:31 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3010.0__4df5dcab8860d239\Framework.Utility.dll
2008-10-31 19:31 - 2008-08-19 14:27 - 00585216 _____ () C:\Windows\system32\INT15_64.dll
2012-01-13 17:27 - 2008-05-26 14:40 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.ServicePlugin.dll
2012-01-13 17:27 - 2008-05-26 14:37 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Logger.dll
2012-01-13 17:27 - 2008-05-26 14:39 - 00143360 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Model.Computer.dll
2012-01-13 17:27 - 2008-05-26 14:37 - 00036864 _____ () C:\Program Files\Acer\Empowering Technology\Service\eSettings.Model.ComputerInterface.dll
2008-10-31 19:57 - 2008-05-20 17:50 - 00204908 _____ () C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
2008-04-25 21:36 - 2008-04-25 21:36 - 00131072 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2012-10-08 16:04 - 2012-10-08 16:04 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2006-11-02 20:40 - 2006-11-02 20:40 - 00174656 _____ () C:\Windows\SysWOW64\PSIService.exe
2008-10-31 19:55 - 2008-06-13 05:17 - 00241734 _____ () C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
2013-01-23 20:22 - 2013-01-23 20:22 - 00040960 _____ () C:\Users\Pfälzer\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
2008-10-31 19:50 - 2008-10-31 19:50 - 00341280 _____ () C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe
2010-02-17 17:19 - 2010-02-17 17:19 - 03007488 _____ () C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
2009-02-13 13:29 - 2009-02-13 13:29 - 00409727 _____ () C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
2014-12-18 06:41 - 2014-12-16 16:34 - 00535160 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\opera_crashreporter.exe
2015-01-05 06:11 - 2015-01-05 06:11 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010401\algo.dll
2008-04-28 09:49 - 2008-04-28 09:49 - 00003072 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
2007-06-24 19:09 - 2007-06-24 19:09 - 01024000 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
2007-06-24 19:09 - 2007-06-24 19:09 - 00098304 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
2007-06-24 19:09 - 2007-06-24 19:09 - 00061440 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
2014-01-21 19:39 - 2014-12-06 17:10 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2008-10-31 19:50 - 2008-10-31 19:50 - 00011552 _____ () C:\Program Files (x86)\SiteAdvisor\6172\saHook.dll
2008-10-31 19:50 - 2008-10-31 19:50 - 00111904 _____ () C:\Program Files (x86)\SiteAdvisor\6172\APEngine.dll
2008-10-31 19:50 - 2008-10-31 19:50 - 00070432 _____ () C:\Program Files (x86)\SiteAdvisor\6172\McFrmWk.dll
2008-10-31 19:50 - 2008-10-31 19:50 - 00116000 _____ () C:\Program Files (x86)\SiteAdvisor\6172\CntScan.dll
2009-01-07 20:01 - 2009-01-07 20:01 - 00649019 _____ () C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avformat-52.dll
2009-01-07 19:58 - 2009-01-07 19:58 - 00074795 _____ () C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avutil-49.dll
2009-01-07 20:01 - 2009-01-07 20:01 - 03989516 _____ () C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll
2009-04-15 10:40 - 2009-04-15 10:40 - 00057856 _____ () C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\lang.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-12-18 06:41 - 2014-12-16 16:34 - 09312888 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\pdf.dll
2014-12-18 06:41 - 2014-12-16 16:34 - 00991352 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:4F636E25

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: dealplylive => 2
MSCONFIG\Services: dealplylivem => 3
MSCONFIG\Services: Google MediaServer => 2
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: Partner Service => 3
MSCONFIG\Services: SbieSvc => 2
MSCONFIG\Services: WTabletServiceCon => 2
MSCONFIG\startupreg: Acer Empowering Technology Monitor => C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
MSCONFIG\startupreg: EmpoweringTechnology => C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
MSCONFIG\startupreg: Google Media Scanner => "C:\Program Files (x86)\Google\Google Media Server\GoogleMediaScanner.exe"
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent

========================= Accounts: ==========================

Administrator (S-1-5-21-2771533323-571298105-790965156-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2771533323-571298105-790965156-1010 - Limited - Enabled)
Gast (S-1-5-21-2771533323-571298105-790965156-501 - Limited - Disabled)
Pfälzer (S-1-5-21-2771533323-571298105-790965156-1000 - Administrator - Enabled) => C:\Users\Pfälzer
Pfälzer_2 (S-1-5-21-2771533323-571298105-790965156-1001 - Limited - Enabled) => C:\Users\Pfälzer_2

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/05/2015 08:14:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2015 08:14:40 AM) (Source: WinDefendRtp) (EventID: 3003) (User: )
Description: Vom %Pfaelzer-PC27-Echtzeitschutz-Prüfpunkt wurde ein Fehler festgestellt. Er konnte daraufhin nicht gestartet werden.

	Benutzer: Pfaelzer-PC\Pfälzer_2

	Prüfpunkt-ID: 27

	Fehlercode: 0x80070005

	Fehlerbeschreibung: Zugriff verweigert

Error: (01/05/2015 08:14:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/05/2015 08:14:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/05/2015 08:10:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2015 08:10:14 AM) (Source: WinDefendRtp) (EventID: 3003) (User: )
Description: Vom %Pfaelzer-PC27-Echtzeitschutz-Prüfpunkt wurde ein Fehler festgestellt. Er konnte daraufhin nicht gestartet werden.

	Benutzer: Pfaelzer-PC\Pfälzer_2

	Prüfpunkt-ID: 27

	Fehlercode: 0x80070005

	Fehlerbeschreibung: Zugriff verweigert

Error: (01/05/2015 08:10:13 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/05/2015 08:10:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/05/2015 06:12:51 AM) (Source: WinDefendRtp) (EventID: 3003) (User: )
Description: Vom %Pfaelzer-PC27-Echtzeitschutz-Prüfpunkt wurde ein Fehler festgestellt. Er konnte daraufhin nicht gestartet werden.

	Benutzer: Pfaelzer-PC\Pfälzer_2

	Prüfpunkt-ID: 27

	Fehlercode: 0x80070005

	Fehlerbeschreibung: Zugriff verweigert

Error: (01/05/2015 06:12:13 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (01/05/2015 08:23:09 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{DA810F76-63B2-4B88-917F-25EED14CF702}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.

Error: (01/05/2015 07:59:24 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWStart%%5

Error: (01/05/2015 07:59:24 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWStart%%5

Error: (01/05/2015 07:16:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (01/05/2015 06:17:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (01/05/2015 06:17:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (01/05/2015 06:17:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (01/05/2015 06:17:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (01/05/2015 06:12:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (01/05/2015 06:12:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058


Microsoft Office Sessions:
=========================
Error: (01/05/2015 08:14:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2015 08:14:40 AM) (Source: WinDefendRtp) (EventID: 3003) (User: )
Description: %%8271.1.1600.0270x80070005Zugriff verweigert Pfaelzer-PCPfälzer_2S-1-5-21-2771533323-571298105-790965156-1001

Error: (01/05/2015 08:14:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL

Error: (01/05/2015 08:14:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL

Error: (01/05/2015 08:10:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2015 08:10:14 AM) (Source: WinDefendRtp) (EventID: 3003) (User: )
Description: %%8271.1.1600.0270x80070005Zugriff verweigert Pfaelzer-PCPfälzer_2S-1-5-21-2771533323-571298105-790965156-1001

Error: (01/05/2015 08:10:13 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL

Error: (01/05/2015 08:10:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL

Error: (01/05/2015 06:12:51 AM) (Source: WinDefendRtp) (EventID: 3003) (User: )
Description: %%8271.1.1600.0270x80070005Zugriff verweigert Pfaelzer-PCPfälzer_2S-1-5-21-2771533323-571298105-790965156-1001

Error: (01/05/2015 06:12:13 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL


CodeIntegrity Errors:
===================================
  Date: 2014-10-13 18:33:28.746
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-13 18:33:28.557
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-13 18:33:28.362
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-13 18:33:28.137
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-13 18:33:27.676
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-13 18:33:27.483
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-13 18:33:27.254
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-13 18:33:26.995
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-15 17:47:20.786
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-15 17:47:20.599
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 51%
Total physical RAM: 4094.32 MB
Available physical RAM: 1967.4 MB
Total Pagefile: 8395.91 MB
Available Pagefile: 6134.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:457.94 GB) (Free:139.89 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:458.57 GB) (Free:356.13 GB) NTFS
Drive e: (Sniper_GW) (CDROM) (Total:4.46 GB) (Free:0 GB) CDFS
Drive i: (Feschdblood) (Fixed) (Total:298.09 GB) (Free:115.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7BEC2B93)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=457.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=458.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 55F17C2F)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Hmmmm... GMER-Log zu lang... soll ich das in 3 Teilen posten oder als 7Zip packen und anhängen?
Grüße

Alt 05.01.2015, 09:12   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
tbhcn im Autostart - Systemstart sehr langsam - Standard

tbhcn im Autostart - Systemstart sehr langsam



Hi,

Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 05.01.2015, 09:53   #3
Pfaelzer
 
tbhcn im Autostart - Systemstart sehr langsam - Standard

tbhcn im Autostart - Systemstart sehr langsam



Hi Cosinus,
danke für die schnelle Antwort.

Hier die Logfile vom adwCleaner
Code:
ATTFilter
# AdwCleaner v4.106 - Bericht erstellt am 05/01/2015 um 10:22:11
# Aktualisiert 21/12/2014 von Xplode
# Database : 2014-12-21.4 [Local]
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzername : Pfälzer - PFAELZER-PC
# Gestartet von : C:\Users\Pfälzer_2\Desktop\AdwCleaner_4.106.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : Partner Service
Dienst Gelöscht : SearchAnonymizer

***** [ Dateien / Ordner ] *****

[!] Ordner Gelöscht : C:\ProgramData\NCH Software
[!] Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter
[!] Ordner Gelöscht : C:\Program Files (x86)\DealPly
[!] Ordner Gelöscht : C:\Program Files (x86)\Free Video Converter
[!] Ordner Gelöscht : C:\Program Files (x86)\GinyasBrowserCompanion
[!] Ordner Gelöscht : C:\Users\Pfälzer\AppData\Roaming\DesktopIconForAmazon
[!] Ordner Gelöscht : C:\Users\Pfälzer\AppData\Roaming\GinyasBrowserCompanion
[!] Ordner Gelöscht : C:\Users\Pfälzer\AppData\Roaming\OCS
[!] Ordner Gelöscht : C:\Users\Pfälzer_2\AppData\Roaming\NCH Software
Datei Gelöscht : \END
Datei Gelöscht : C:\Users\Pfälzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk

***** [ Tasks ] *****

Task Gelöscht : Dealply

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2A1B955A-4646-4D87-A640-2BC57AE252B4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67422884-1358-4E32-B7AB-25865C493D0A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B6176FF5-657B-4AF4-A557-216BABA693C1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9A003B2-0991-40BE-9992-696A9AC45306}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DAB60EDB-A5EE-463C-94D5-4285892FC833}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F21CB645-2713-4FEF-A068-0B4C80AFA424}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\bbrs_002.tb
Schlüssel Gelöscht : HKCU\Software\Blabbers       
Schlüssel Gelöscht : HKCU\Software\Blabbers
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\PIP
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\GinyasBrowserCompanion
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchAnonymizer
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Speedchecker Limited
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAnonymizer

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16599

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v39.0.2171.95


*************************

AdwCleaner[R0].txt - [6114 octets] - [05/01/2015 10:19:27]
AdwCleaner[S0].txt - [4646 octets] - [05/01/2015 10:22:11]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [4706 octets] ##########
         
und vom JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows (TM) Vista Home Premium x64
Ran by Pf„lzer on 05.01.2015 at 10:38:18,75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.01.2015 at 10:43:48,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Hier noch die FRST-Logs

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2015
Ran by Pfälzer (administrator) on PFAELZER-PC on 05-01-2015 10:51:32
Running from C:\Users\Pfälzer_2\Desktop
Loaded Profiles: Pfälzer & Pfälzer_2 (Available profiles: Pfälzer & Pfälzer_2)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
(Egis Incorporated) C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(NewTech InfoSystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PSIService.exe
() C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
() C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe
() C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
() C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Egis Incorporated) C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Akamai Technologies, Inc.) C:\Users\Pfälzer_2\AppData\Local\Akamai\netsession_win.exe
(Egis inc.) C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
() C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
(Akamai Technologies, Inc.) C:\Users\Pfälzer_2\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [eDataSecurity Loader] => C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe [561200 2008-07-29] (Egis Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6456352 2008-08-19] (Realtek Semiconductor)
HKLM\...\Run: [ProductReg] => C:\Program Files\Acer\WR_PopUp\ProductReg.exe [6144 2008-10-14] (Acer)
HKLM\...\Run: [Ocs_SM] => C:\Users\Pfälzer\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-08-19] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [BkupTray] => C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-25] ()
HKLM-x32\...\Run: [eRecoveryService] => [X]
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [SiteAdvisor] => C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe [36640 2007-08-24] ()
HKLM-x32\...\Run: [PCMMediaSharing] => C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [204908 2008-05-20] ()
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2771533323-571298105-790965156-1000\...\Run: [EADM] => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
HKU\S-1-5-21-2771533323-571298105-790965156-1000\...\MountPoints2: {c87d3439-3dff-11e1-8434-806e6f6e6963} - E:\setup.exe
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Run: [EPSON Stylus SX200 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEFE.EXE [221696 2007-12-13] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Run: [EPSON Stylus SX200 Series (Kopie 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEFE.EXE [221696 2007-12-13] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2012-01-13] (Google Inc.)
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Pfälzer_2\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\MountPoints2: {259b995f-c6f5-11e3-9ea5-0021973d8779} - H:\LaunchU3.exe -a
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\MountPoints2: {950edf81-e700-11e2-b0e8-0021973d8779} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\MountPoints2: {950edfa5-e700-11e2-b0e8-0021973d8779} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\MountPoints2: {c87d3439-3dff-11e1-8434-806e6f6e6963} - E:\SETUP.EXE
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\PSDProtect.dll (Egis Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0112&m=aspire_x1700
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0112&m=aspire_x1700
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0112&m=aspire_x1700
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0112&m=aspire_x1700
HKU\S-1-5-21-2771533323-571298105-790965156-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0112&m=aspire_x1700
HKU\S-1-5-21-2771533323-571298105-790965156-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com
HKU\S-1-5-21-2771533323-571298105-790965156-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKU\S-1-5-21-2771533323-571298105-790965156-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0112&m=aspire_x1700
HKU\S-1-5-21-2771533323-571298105-790965156-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0112&m=aspire_x1700
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2771533323-571298105-790965156-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - No Name - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} -  No File
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-2771533323-571298105-790965156-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAd64.dll ()
Handler-x32: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.dll ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-01-13]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-01-05]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-19]
FF HKLM-x32\...\Firefox\Extensions: [{B7082FAA-CB62-4872-9106-E42DD88EDE45}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKU\S-1-5-19\...\Firefox\Extensions: [{1650a312-02bc-40ee-977e-83f158701739}] - C:\Program Files (x86)\SiteAdvisor\6172\FF
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\SiteAdvisor\6172\FF [2008-10-31]
FF HKU\S-1-5-20\...\Firefox\Extensions: [{1650a312-02bc-40ee-977e-83f158701739}] - C:\Program Files (x86)\SiteAdvisor\6172\FF

Chrome: 
=======
CHR Profile: C:\Users\Pfälzer\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 0216541420450659mcinstcleanup; C:\Windows\TEMP\021654~1.EXE [315776 2009-12-08] (McAfee, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-06] (AVAST Software)
R2 BUNAgentSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 eDataSecurity Service; C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [500784 2008-07-29] (Egis Incorporated)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-08-19] () [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S4 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [110312 2009-12-08] (McAfee, Inc.)
R2 NTIBackupSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2012-10-08] () [File not signed]
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [174656 2006-11-02] () [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [241734 2008-06-13] () [File not signed]
R2 SiteAdvisor Service; C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe [341280 2008-10-31] ()
R2 WiselinkPro; C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [3007488 2010-02-17] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-06] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-12-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-06] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-12-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-06] ()
S3 hugoio64; C:\Windows\system32\drivers\hugoio64.sys [13920 2014-12-03] ()
S3 ITEIO.SYS; c:\Windows\System32\drivers\ITEIO.sys [13144 2008-02-25] (Windows (R) Codename Longhorn DDK provider) [File not signed]
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [22064 2008-07-29] (Egis Incorporated)
R2 PSDNServ; C:\Windows\System32\DRIVERS\PSDNServ.sys [21040 2008-07-29] (Egis Incorporated)
R2 psdvdisk; C:\Windows\System32\DRIVERS\PSDVdisk.sys [60976 2008-07-29] (Egis Incorporated)
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 WacHidRouter; system32\DRIVERS\wachidrouter.sys [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-05 10:51 - 2015-01-05 10:51 - 00023317 _____ () C:\Users\Pfälzer_2\Desktop\FRST.txt
2015-01-05 10:44 - 2015-01-05 10:44 - 00000763 _____ () C:\Users\Pfälzer\Documents\JRT.txt
2015-01-05 10:38 - 2015-01-05 10:38 - 00000000 ____D () C:\Windows\ERUNT
2015-01-05 10:34 - 2015-01-05 10:34 - 769271860 _____ () C:\Windows\MEMORY.DMP
2015-01-05 10:34 - 2015-01-05 10:34 - 00283072 _____ () C:\Windows\Minidump\Mini010515-01.dmp
2015-01-05 10:34 - 2015-01-05 10:34 - 00000000 ____D () C:\Windows\Minidump
2015-01-05 10:21 - 2015-01-05 10:21 - 01707939 _____ (Thisisu) C:\Users\Pfälzer_2\Desktop\JRT.exe
2015-01-05 10:19 - 2015-01-05 10:22 - 00000000 ____D () C:\AdwCleaner
2015-01-05 10:18 - 2015-01-05 10:18 - 02173952 _____ () C:\Users\Pfälzer_2\Desktop\AdwCleaner_4.106.exe
2015-01-05 09:53 - 2015-01-05 10:48 - 00000000 ____D () C:\Users\Pfälzer_2\Desktop\tbhcn
2015-01-05 08:38 - 2015-01-05 08:38 - 00380416 _____ () C:\Users\Pfälzer_2\Desktop\Gmer-19357.exe
2015-01-05 08:37 - 2015-01-05 08:37 - 02123776 _____ (Farbar) C:\Users\Pfälzer_2\Desktop\FRST64.exe
2015-01-05 06:15 - 2015-01-05 07:16 - 367001600 _____ () C:\Users\Pfälzer_2\Desktop\cpe3dwdf.part3.rar
2015-01-04 09:25 - 2015-01-04 10:39 - 367001600 _____ () C:\Users\Pfälzer_2\Desktop\cpe3dwdf.part2.rar
2015-01-04 09:18 - 2015-01-05 10:34 - 00005684 _____ () C:\Windows\PFRO.log
2015-01-03 13:18 - 2015-01-03 13:18 - 00000000 ____H () C:\Users\Pfälzer_2\Documents\Default.rdp
2015-01-03 12:09 - 2015-01-03 12:09 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-03 12:09 - 2015-01-03 12:09 - 00000000 _____ () C:\Windows\setupact.log
2015-01-03 12:01 - 2015-01-03 12:03 - 00000000 ____D () C:\Users\Pfälzer\Silvester 2014
2015-01-03 12:00 - 2015-01-03 12:01 - 00000000 ____D () C:\Users\Pfälzer\Weihnachten 2014
2014-12-30 08:45 - 2014-12-30 09:02 - 367001600 _____ () C:\Users\Pfälzer_2\Desktop\cpe3dwdf.part1.rar
2014-12-29 14:09 - 2012-09-26 00:39 - 00000000 ____D () C:\Users\Pfälzer_2\Desktop\Christopher Paolini - Eragon 2 - Der Auftrag des Ältesten
2014-12-29 13:23 - 2014-12-29 13:23 - 00000219 _____ () C:\Users\Pfälzer_2\Desktop\Counter-Strike Condition Zero Deleted Scenes.url
2014-12-29 13:23 - 2014-12-29 13:23 - 00000218 _____ () C:\Users\Pfälzer_2\Desktop\Counter-Strike.url
2014-12-29 13:23 - 2014-12-29 13:23 - 00000218 _____ () C:\Users\Pfälzer_2\Desktop\Counter-Strike Condition Zero.url
2014-12-29 13:22 - 2014-12-29 13:22 - 00000018 _____ () C:\Users\Pfälzer_2\Desktop\cs.txt
2014-12-29 12:16 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-12-29 12:16 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-12-29 12:16 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-12-29 12:16 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-12-29 12:16 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-12-29 12:16 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-12-29 12:16 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-12-29 12:13 - 2014-12-29 12:13 - 00464426 _____ () C:\Users\Pfälzer\AppData\Local\dd_vcredistMSI7AA9.txt
2014-12-29 12:13 - 2014-12-29 12:13 - 00012562 _____ () C:\Users\Pfälzer\AppData\Local\dd_vcredistUI7AA9.txt
2014-12-29 12:12 - 2014-12-29 12:13 - 00382682 _____ () C:\Users\Pfälzer\AppData\Local\dd_vcredistMSI7A9C.txt
2014-12-29 12:12 - 2014-12-29 12:13 - 00012226 _____ () C:\Users\Pfälzer\AppData\Local\dd_vcredistUI7A9C.txt
2014-12-26 09:56 - 2014-12-26 14:41 - 00000000 ____D () C:\Icons
2014-12-23 20:11 - 2014-12-23 20:11 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-21 17:01 - 2014-12-21 17:01 - 00000000 ____D () C:\Users\Pfälzer_2\Documents\Sniper - Ghost Warrior
2014-12-21 15:36 - 2014-12-29 13:23 - 00000000 ____D () C:\Users\Pfälzer_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-21 15:36 - 2014-12-21 15:36 - 00000221 _____ () C:\Users\Pfälzer_2\Desktop\Sniper Ghost Warrior.url
2014-12-21 15:11 - 2015-01-03 10:04 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-21 15:11 - 2014-12-21 15:28 - 00000806 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-12-21 15:11 - 2014-12-21 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-19 11:00 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-12-19 11:00 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2014-12-19 11:00 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2014-12-19 11:00 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-12-19 11:00 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-12-19 11:00 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2014-12-19 11:00 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-12-19 11:00 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-12-19 11:00 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-12-19 11:00 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2014-12-19 11:00 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2014-12-19 11:00 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-12-19 11:00 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-12-19 11:00 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-12-19 11:00 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-12-19 11:00 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-12-19 11:00 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-12-19 11:00 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-12-19 11:00 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-12-19 11:00 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-12-19 11:00 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-12-19 11:00 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-12-19 10:37 - 2014-12-19 10:37 - 00507156 _____ () C:\Users\Pfälzer\AppData\Local\dd_vcredistMSI23FF.txt
2014-12-19 10:37 - 2014-12-19 10:37 - 00018412 _____ () C:\Users\Pfälzer\AppData\Local\dd_vcredistUI23FF.txt
2014-12-17 17:08 - 2014-12-17 17:09 - 00000510 _____ () C:\Windows\WORDPAD.INI
2014-12-17 11:13 - 2014-12-17 11:13 - 00002260 _____ () C:\Users\Public\Desktop\TriDef 3D.lnk
2014-12-17 11:13 - 2014-12-17 11:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TriDef 3D
2014-12-17 11:13 - 2014-12-17 11:13 - 00000000 ____D () C:\ProgramData\TriDef 3D
2014-12-17 11:12 - 2014-12-17 11:13 - 00000000 ____D () C:\Program Files (x86)\TriDef 3D
2014-12-14 08:45 - 2014-12-14 08:45 - 00000000 ____D () C:\Users\Pfälzer_2\AppData\Roaming\eSobi
2014-12-14 08:25 - 2014-12-14 08:25 - 00000000 ____D () C:\Users\Pfälzer\AppData\Local\Microsoft Corporation
2014-12-14 08:22 - 2014-12-14 08:22 - 00002042 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
2014-12-14 08:22 - 2014-12-14 08:22 - 00002030 _____ () C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
2014-12-14 08:22 - 2014-12-14 08:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor
2014-12-13 09:01 - 2014-12-13 09:03 - 229101096 _____ () C:\Users\Pfälzer_2\Desktop\Rossmann_Fotosoftware_Setup.exe
2014-12-11 05:56 - 2014-12-11 05:57 - 32021112 _____ (NVIDIA Corporation) C:\Users\Pfälzer_2\Desktop\GeForce_Experience_v2.1.4.0.exe
2014-12-10 05:02 - 2014-11-07 02:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 05:02 - 2014-11-07 02:28 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 05:02 - 2014-11-04 01:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 05:02 - 2014-11-04 01:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 05:00 - 2014-12-03 03:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-10 05:00 - 2014-12-03 02:51 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-10 04:50 - 2014-11-24 23:12 - 17874432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 04:50 - 2014-11-24 22:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 04:50 - 2014-11-24 22:54 - 10921984 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 04:50 - 2014-11-24 22:53 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 04:50 - 2014-11-24 22:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 04:50 - 2014-11-24 22:47 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 04:50 - 2014-11-24 22:45 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 04:50 - 2014-11-24 22:45 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-10 04:50 - 2014-11-24 22:45 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 04:50 - 2014-11-24 22:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-10 04:50 - 2014-11-24 22:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-10 04:50 - 2014-11-24 22:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 04:50 - 2014-11-24 22:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 04:50 - 2014-11-24 22:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-10 04:50 - 2014-11-24 22:42 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 04:50 - 2014-11-24 21:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-10 04:50 - 2014-11-24 21:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 04:50 - 2014-11-24 21:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 04:50 - 2014-11-24 21:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 04:50 - 2014-11-24 21:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 04:50 - 2014-11-24 21:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 04:50 - 2014-11-24 21:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 04:50 - 2014-11-24 21:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-12-10 04:50 - 2014-11-24 21:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 04:50 - 2014-11-24 21:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-10 04:50 - 2014-11-24 21:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 04:50 - 2014-11-24 21:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 04:50 - 2014-11-24 21:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-10 04:50 - 2014-11-24 21:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 04:50 - 2014-11-24 21:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-12-10 04:50 - 2014-11-24 21:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 04:50 - 2014-11-24 21:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 04:50 - 2014-11-24 21:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 04:50 - 2014-11-24 21:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 04:50 - 2014-11-24 21:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 04:50 - 2014-11-24 21:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-12-10 04:50 - 2014-11-24 21:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-12-09 07:26 - 2014-12-25 04:11 - 00000126 _____ () C:\Users\Pfälzer_2\Desktop\link.txt
2014-12-06 17:11 - 2014-12-06 17:11 - 00001691 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-06 17:10 - 2014-12-06 17:10 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-06 17:10 - 2014-12-06 17:10 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-05 10:51 - 2014-09-15 15:26 - 00000000 ____D () C:\FRST
2015-01-05 10:47 - 2012-01-14 15:27 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-05 10:47 - 2008-10-31 20:05 - 00747400 _____ () C:\Users\Public\eDSMSNLoader32.log
2015-01-05 10:39 - 2012-01-13 17:03 - 02061413 _____ () C:\Windows\WindowsUpdate.log
2015-01-05 10:37 - 2012-01-19 05:59 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-01-05 10:37 - 2008-10-31 19:48 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-05 10:35 - 2012-10-31 16:08 - 89972701 _____ () C:\Windows\SysWOW64\http_ss.log
2015-01-05 10:35 - 2012-01-13 17:25 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2015-01-05 10:35 - 2008-10-31 20:00 - 00000147 _____ () C:\Windows\SysWOW64\agent.log
2015-01-05 10:34 - 2006-11-02 16:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-05 10:34 - 2006-11-02 16:22 - 00005264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-05 10:34 - 2006-11-02 16:22 - 00005264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-05 10:22 - 2006-11-02 16:42 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-05 10:19 - 2012-10-17 10:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-05 10:11 - 2012-01-14 15:27 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-05 08:08 - 2012-07-06 10:07 - 00000000 ____D () C:\Windows\pss
2015-01-05 07:24 - 2012-01-15 04:25 - 00018426 _____ () C:\Users\Pfälzer_2\AppData\Roaming\wklnhst.dat
2015-01-05 06:12 - 2013-03-19 15:12 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-03 12:04 - 2012-01-13 17:16 - 00000000 ____D () C:\Users\Pfälzer
2015-01-03 09:01 - 2012-01-14 18:16 - 00000000 ___RD () C:\Users\Pfälzer_2\Desktop\Haushaltsführung
2015-01-03 07:46 - 2012-01-14 05:21 - 00055592 _____ () C:\Windows\system32\spsys.log
2014-12-30 08:28 - 2008-01-21 12:10 - 01598440 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-30 08:28 - 2008-01-21 12:09 - 00684500 _____ () C:\Windows\system32\perfh007.dat
2014-12-30 08:28 - 2008-01-21 12:09 - 00150808 _____ () C:\Windows\system32\perfc007.dat
2014-12-29 14:13 - 2013-03-20 17:26 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-12-29 12:16 - 2014-11-11 08:14 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-29 11:16 - 2012-10-17 10:30 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-29 11:16 - 2012-05-07 15:45 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-29 11:16 - 2012-01-14 17:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-29 11:15 - 2014-10-18 08:52 - 00000000 ____D () C:\Users\Pfälzer\AppData\Local\Adobe
2014-12-29 07:43 - 2012-01-28 09:27 - 00000000 ____D () C:\Users\Pfälzer_2\AppData\Roaming\vlc
2014-12-26 14:41 - 2012-01-24 07:25 - 00000000 ____D () C:\Users\Pfälzer_2\AppData\Roaming\Corel
2014-12-26 14:41 - 2012-01-14 18:21 - 00000000 ___RD () C:\Users\Pfälzer_2\Desktop\Privat
2014-12-26 14:34 - 2012-01-24 07:25 - 00000848 ___SH () C:\Windows\SysWOW64\KGyGaAvL.sys
2014-12-26 14:34 - 2012-01-24 07:25 - 00000000 ____D () C:\Users\Pfälzer_2\Documents\My PSP Files
2014-12-26 10:43 - 2013-11-07 07:41 - 00000000 ___RD () C:\Users\Pfälzer_2\Desktop\M F&R
2014-12-26 10:36 - 2012-11-02 17:16 - 00000000 ___RD () C:\Users\Pfälzer_2\Desktop\mf-online
2014-12-26 10:35 - 2013-01-05 09:37 - 00000000 ___RD () C:\Users\Pfälzer_2\Desktop\Steffi Arbeit
2014-12-26 10:35 - 2012-01-14 18:14 - 00000000 ___RD () C:\Users\Pfälzer_2\Desktop\Arbeit
2014-12-26 10:18 - 2012-01-16 04:16 - 00000000 ___RD () C:\Users\Pfälzer_2\Dropbox
2014-12-26 10:18 - 2012-01-16 04:14 - 00000000 ____D () C:\Users\Pfälzer_2\AppData\Roaming\Dropbox
2014-12-25 04:11 - 2012-01-17 18:06 - 00073728 _____ () C:\Users\Pfälzer_2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-19 10:50 - 2012-05-08 04:04 - 00000000 ____D () C:\Users\Pfälzer_2\Documents\My Games
2014-12-19 10:33 - 2008-10-31 19:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-18 06:41 - 2012-01-13 19:53 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-12-16 05:53 - 2013-10-13 12:28 - 00000000 ____D () C:\Users\Pfälzer_2\AppData\Roaming\NVIDIA
2014-12-14 08:56 - 2014-07-27 11:00 - 00000000 ____D () C:\Users\Pfälzer_2\Desktop\Neue Bib
2014-12-14 08:47 - 2008-10-31 20:05 - 00000000 ____D () C:\Program Files (x86)\Acer GameZone
2014-12-14 08:46 - 2008-10-31 20:17 - 00000000 ____D () C:\Program Files (x86)\eSobi
2014-12-14 08:17 - 2012-01-14 05:14 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-12-14 08:17 - 2012-01-14 05:11 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-13 09:17 - 2012-01-14 04:32 - 00000000 ____D () C:\Program Files (x86)\Corel
2014-12-13 06:22 - 2012-01-16 04:16 - 00000976 _____ () C:\Users\Pfälzer_2\Desktop\Dropbox.lnk
2014-12-13 06:22 - 2012-01-16 04:15 - 00000000 ____D () C:\Users\Pfälzer_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-12 08:32 - 2014-06-17 06:17 - 00002021 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 05:54 - 2012-01-13 20:09 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-10 07:16 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\rescache
2014-12-10 05:10 - 2013-08-14 04:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 05:03 - 2006-11-02 13:35 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-09 07:27 - 2012-01-13 20:20 - 00000000 ____D () C:\Users\Pfälzer_2
2014-12-06 17:10 - 2014-05-18 03:01 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-06 17:10 - 2013-03-19 15:12 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-06 17:10 - 2013-03-19 15:12 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-12-06 17:10 - 2013-03-19 15:12 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-06 17:10 - 2013-03-19 15:12 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-06 17:10 - 2013-03-19 15:12 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-06 17:10 - 2013-03-19 15:12 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-12-06 17:10 - 2013-03-19 15:12 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys

Files to move or delete:
====================
C:\ProgramData\pswi_preloaded.exe


Some content of TEMP:
====================
C:\Users\Pfälzer\AppData\Local\Temp\Medal of Honor_uninst.exe
C:\Users\Pfälzer\AppData\Local\Temp\Quarantine.exe
C:\Users\Pfälzer\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-05 10:41

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2015
Ran by Pfälzer at 2015-01-05 10:52:15
Running from C:\Users\Pfälzer_2\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acer Arcade Live Main Page (HKLM-x32\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.1.1819 - Acer Inc.)
Acer DV Magician (HKLM-x32\...\{F6EFFB76-4A07-11DA-9D78-000129760D75}) (Version: 1.5.1730 - Acer Inc.)
Acer DVDivine (HKLM-x32\...\{B145EC69-66F5-11D8-9D75-000129760D75}) (Version: 3.2.1730 - Acer Inc.)
Acer eDataSecurity Management (HKLM-x32\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 3.0.3065 - Egis Inc.)
Acer Empowering Technology (HKLM-x32\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3010 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.0.3014 - Acer Incorporated)
Acer eSettings Management (HKLM-x32\...\{13D85C14-2B85-419F-AC41-C7F21E68B25D}) (Version: 3.0.3007 - Acer Incorporated)
Acer GameZone Console DTV 2.0.1.1 (HKLM-x32\...\Acer GameZone Console_is1) (Version:  - Oberon Media, Inc.)
Acer HomeMedia (HKLM-x32\...\{AA4BF92B-2AAF-11DA-9D78-000129760D75}) (Version: 1.5.0530 - Acer Inc.)
Acer HomeMedia Connect (HKLM-x32\...\{132888AE-EF67-41C5-BCA2-7D5D2488AB63}) (Version: 1.4.5330 - Acer Inc.)
Acer HomeMedia Trial Creator (HKLM-x32\...\{B580C409-E16F-44FF-904D-3AE94E113BE0}) (Version: 1.5.0530 - Acer Inc.)
Acer Product Registration (HKLM-x32\...\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}) (Version: 3.0.0.8 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 4.01.0718 - Acer Incorporated)
Acer SlideShow DVD (HKLM-x32\...\{41581EF5-45A7-11DA-9D78-000129760D75}) (Version: 1.5.1730 - Acer Inc.)
Acer VideoMagician (HKLM-x32\...\{F79A208D-D929-11D9-9D77-000129760D75}) (Version: 1.4.2203 - Acer Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Agatha Christie Death on the Nile (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}) (Version:  - Oberon Media)
Akamai NetSession Interface (HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
ANNO 1404 - Königsedition (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
Any Video Converter 5.0.9 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Azada (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}) (Version:  - Oberon Media)
Big Kahuna Reef (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}) (Version:  - Oberon Media)
Bricks of Egypt (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}) (Version:  - Oberon Media)
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version:  - Oberon Media)
calibre 64bit (HKLM\...\{1266D026-FDCA-458F-8849-BF23EF0766D8}) (Version: 1.28.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 3.10 - Piriform)
Chicken Invaders 3 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}) (Version:  - Oberon Media)
Content Manager 2 (HKLM-x32\...\Content Manager 2) (Version: 3.18.0.342250 - NNG Llc.)
Corel Paint Shop Pro Photo XI (HKLM-x32\...\{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}) (Version: 11.20.0000 - Corel Corporation)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version:  - Valve)
Counter-Strike: Condition Zero Deleted Scenes (HKLM-x32\...\Steam App 100) (Version:  - Valve)
Diner Dash Flo on the Go (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}) (Version:  - Oberon Media)
Dropbox (HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
EPSON Easy Photo Print (HKLM-x32\...\{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}) (Version: 1.5.1.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPSON Stylus SX200 Series Printer Uninstall (HKLM\...\EPSON Stylus SX200 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Stylus SX200_SX400_TX200_TX400 Handbuch (HKLM-x32\...\EPSON Stylus SX200_SX400_TX200_TX400 Benutzerhandbuch) (Version:  - )
Fotosizer 2.05 (HKLM-x32\...\Fotosizer) (Version: 2.05.0.536 - Fotosizer.com)
Free M4a to MP3 Converter 8.2 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free Video Converter V 3.1 (HKLM-x32\...\Free Video Converter_is1) (Version: 3.1.0.0 - Koyote Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hamster Free Video Converter (HKLM-x32\...\{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1) (Version: 2.5.2.33 - Hamster Soft)
i-Menu 3.9 (HKLM-x32\...\i-Menu_is1) (Version:  - AOC)
IPTInstaller (HKLM-x32\...\{6965F2F4-1CD2-4F42-A8EF-9EF433F9AA72}) (Version: 4.0.4 - HTC)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Jewel Quest Solitaire (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}) (Version:  - Oberon Media)
Kick N Rush (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}) (Version:  - Oberon Media)
Kobo (HKLM-x32\...\Kobo) (Version: 3.5.0 - Kobo Inc.)
LightScribe  1.4.142.1 (x32 Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
MAGIX Filme auf CD & DVD 6 (D) (HKLM-x32\...\MAGIX Filme auf CD & DVD 6 D) (Version: 6.0.0.29 - MAGIX AG)
MAGIX Goya burnR (D) (HKLM-x32\...\MAGIX Goya burnR D) (Version: 1.3.0.7 - MAGIX AG)
MAGIX Online Druck Service (D) (HKLM-x32\...\MAGIX Online Druck Service D) (Version: 2.3.2.0 - MAGIX AG)
Mahjong Escape Ancient China (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}) (Version:  - Oberon Media)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.0.163 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version:  - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft FrontPage 2000 (HKLM-x32\...\{00120407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft GIF Animator (HKLM-x32\...\GIF Animator) (Version:  - )
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
MixPad (HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\MixPad) (Version:  - NCH Software)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery Case Files - Huntsville (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}) (Version:  - Oberon Media)
Mystery Solitaire - Secret Island (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}) (Version:  - Oberon Media)
Naviextras Toolbox Prerequesities (HKLM-x32\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - Nav N Go Ltd.)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.606 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.606 - NewTech Infosystems) Hidden
NTI JewelCase Maker Hot Fix (HKLM-x32\...\InstallShield_{DDA223A7-627F-4173-9CA4-A9C531BCBB62}) (Version: 5.5.0.5202 - NewTech Infosystems)
NTI JewelCase Maker Hot Fix (x32 Version: 5.5.0.5202 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6329 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.2.6329 - NewTech Infosystems) Hidden
NTI Photo Maker Hot Fix (HKLM-x32\...\InstallShield_{B9B02A9E-8074-4C3F-AAE5-311528F34FED}) (Version: 2.0.0.16 - NewTech Infosystems)
NTI Photo Maker Hot Fix (x32 Version: 2.0.0.16 - NewTech Infosystems) Hidden
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Opera Stable 26.0.1656.60 (HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Opera 26.0.1656.60) (Version: 26.0.1656.60 - Opera Software ASA)
PE585QAEncoder-64 (HKLM\...\{D8B2C435-8737-431E-8784-24CD13B0B821}) (Version: 6.00.1918 - YUAN)
Pflanzen gegen Zombies (HKLM-x32\...\Pflanzen gegen Zombies) (Version:  - PopCap Games)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5688 - Realtek Semiconductor Corp.)
Remote Camera Control (HKLM-x32\...\{9EF84A20-DCF9-4946-9318-69995258AF00}) (Version: 3.2.10170 - Sony Corporation)
Rossmann Fotowelt Software 4.12.1 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.12.1 - ORWO Net)
SAMSUNG PC Share Manager (HKLM-x32\...\InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}) (Version: 2.3.0 - SAMSUNG)
SAMSUNG PC Share Manager (x32 Version: 2.3.0 - SAMSUNG) Hidden
Sniper: Ghost Warrior (HKLM-x32\...\Steam App 34830) (Version:  - City Interactive)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Switch Sound File Converter (HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\Switch) (Version:  - NCH Software)
TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version:  - (c) 2006-2011, Tom Thielicke IT Solutions)
TriDef 3D (AOC Monitor) 1.2.1 (HKLM-x32\...\experience-aoc-mon-bundle) (Version: 1.2.1 - Dynamic Digital Depth Australia Pty Ltd)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Turbo Pizza (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}) (Version:  - Oberon Media)
Ulead GIF Animator 5 Test (HKLM-x32\...\{8AF3E926-ED59-11D4-A44B-0000E86D2305}) (Version:  - )
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WavePad Sound Editor (HKU\S-1-5-21-2771533323-571298105-790965156-1001\...\WavePad) (Version:  - NCH Software)
Windows 7 Upgrade Advisor (HKLM-x32\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Zuma Deluxe (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}) (Version:  - Oberon Media)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2771533323-571298105-790965156-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pfälzer_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

13-12-2014 06:25:03 Windows Update
14-12-2014 07:27:47 Gerätetreiber-Paketinstallation: NVIDIA Mäuse und andere Zeigegeräte
14-12-2014 08:22:06 Windows 7 Upgrade Advisor wird installiert
14-12-2014 08:45:53 Entfernt eSobi v2
15-12-2014 09:33:24 Geplanter Prüfpunkt
16-12-2014 05:50:09 Installiert Prey
17-12-2014 06:25:06 Windows Update
18-12-2014 14:57:17 Geplanter Prüfpunkt
19-12-2014 10:33:23 Entfernt Prey
19-12-2014 10:38:21 Installed ProductName from default.wxl
19-12-2014 10:48:50 Installed ProductName from default.wxl
19-12-2014 10:57:48 DirectX wurde installiert
19-12-2014 11:01:05 Steam wird installiert
19-12-2014 11:09:17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 wurde entfernt.
19-12-2014 11:11:19 Microsoft Visual C++ 2005 Redistributable wird entfernt
19-12-2014 11:15:51 Steam wird entfernt
21-12-2014 15:05:39 DirectX wurde installiert
21-12-2014 15:09:36 Microsoft Visual C++ 2005 Redistributable wird installiert
21-12-2014 15:10:39 Steam wird installiert
23-12-2014 07:03:33 Windows Update
24-12-2014 15:33:15 Geplanter Prüfpunkt
26-12-2014 08:32:07 Windows Update
28-12-2014 22:54:41 Geplanter Prüfpunkt
29-12-2014 12:13:34 DirectX wurde installiert
30-12-2014 08:26:13 Geplanter Prüfpunkt
03-01-2015 07:52:53 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 13:34 - 2006-09-18 22:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0292117E-2CF8-45E7-BA12-701BB8CB6FE5} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {16FA7BEE-227F-4A8A-AE4F-C83FEBA47D10} - System32\Tasks\NCH Software\SwitchDowngrade => C:\Users\Pfälzer_2\AppData\Roaming\NCH Software\Program Files\Switch\switch.exe
Task: {482C9865-53C6-45A3-B2EC-2F9EC33A00AD} - \Dealply No Task File <==== ATTENTION
Task: {8A7FA9ED-7D45-4E47-9033-F48293D7D996} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A3C2AB1E-1E15-4A8B-BE21-2BC494FDED4C} - System32\Tasks\NCH Software\ExpressBurnSevenDays => C:\Users\Pfälzer_2\AppData\Roaming\NCH Software\Program Files\ExpressBurn\ExpressBurn.exe
Task: {BE0EEC95-3C23-43D9-B1E9-E024930BD7D9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-06] (AVAST Software)
Task: {CCA1999C-1D26-46F8-A946-60A5EEAF7D41} - System32\Tasks\NCH Software\WavePadReminder => C:\Users\Pfälzer_2\AppData\Roaming\NCH Software\Program Files\WavePad\WavePad.exe
Task: {D789873F-F862-494B-A61C-6477CB850021} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {D9D602A6-8FE0-4B12-81AF-618FA8610586} - System32\Tasks\NCH Software\SwitchReminder => C:\Users\Pfälzer_2\AppData\Roaming\NCH Software\Program Files\Switch\Switch.exe
Task: {E171B78F-1EB5-4B63-8FF3-AF5371D1389B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-29] (Adobe Systems Incorporated)
Task: {F8720D1C-BFE2-4593-A9EA-16FD63543C33} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2008-10-31 19:31 - 2008-08-19 14:27 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2008-10-31 19:31 - 2008-10-31 19:31 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3010.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2008-10-31 19:31 - 2008-10-31 19:31 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3010.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2008-10-31 19:31 - 2008-10-31 19:31 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3010.0__3036420f80dd6947\Framework.Library.dll
2008-10-31 19:31 - 2008-10-31 19:31 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3010.0__672b450de5a7e94a\Framework.Host.dll
2008-10-31 19:31 - 2008-10-31 19:31 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3010.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2008-10-31 19:31 - 2008-10-31 19:31 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3010.0__4df5dcab8860d239\Framework.Utility.dll
2008-10-31 19:31 - 2008-08-19 14:27 - 00585216 _____ () C:\Windows\system32\INT15_64.dll
2012-01-13 17:27 - 2008-05-26 14:40 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.ServicePlugin.dll
2012-01-13 17:27 - 2008-05-26 14:37 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Logger.dll
2012-01-13 17:27 - 2008-05-26 14:39 - 00143360 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Model.Computer.dll
2012-01-13 17:27 - 2008-05-26 14:37 - 00036864 _____ () C:\Program Files\Acer\Empowering Technology\Service\eSettings.Model.ComputerInterface.dll
2008-04-25 21:36 - 2008-04-25 21:36 - 00131072 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2012-10-08 16:04 - 2012-10-08 16:04 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2006-11-02 20:40 - 2006-11-02 20:40 - 00174656 _____ () C:\Windows\SysWOW64\PSIService.exe
2008-10-31 19:55 - 2008-06-13 05:17 - 00241734 _____ () C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
2008-10-31 19:50 - 2008-10-31 19:50 - 00341280 _____ () C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe
2010-02-17 17:19 - 2010-02-17 17:19 - 03007488 _____ () C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
2009-02-13 13:29 - 2009-02-13 13:29 - 00409727 _____ () C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-01-14 04:09 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2007-12-13 03:08 - 2007-12-13 03:08 - 01401856 _____ () C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\LIBEAY32.dll
2008-07-29 17:53 - 2008-07-29 17:53 - 00382000 _____ () C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ShowErrMsg.dll
2008-04-25 21:36 - 2008-04-25 21:36 - 00028672 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
2008-10-31 19:57 - 2008-05-20 17:50 - 00204908 _____ () C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
2015-01-05 06:11 - 2015-01-05 06:11 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010401\algo.dll
2015-01-05 10:35 - 2015-01-05 10:35 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010500\algo.dll
2007-06-24 19:09 - 2007-06-24 19:09 - 01024000 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
2007-06-24 19:09 - 2007-06-24 19:09 - 00098304 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
2007-06-24 19:09 - 2007-06-24 19:09 - 00061440 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
2008-10-31 19:50 - 2008-10-31 19:50 - 00111904 _____ () C:\Program Files (x86)\SiteAdvisor\6172\APEngine.dll
2008-10-31 19:50 - 2008-10-31 19:50 - 00070432 _____ () C:\Program Files (x86)\SiteAdvisor\6172\McFrmWk.dll
2008-10-31 19:50 - 2008-10-31 19:50 - 00116000 _____ () C:\Program Files (x86)\SiteAdvisor\6172\CntScan.dll
2008-10-31 19:50 - 2008-10-31 19:50 - 00271648 _____ () C:\Program Files (x86)\SiteAdvisor\6172\Upsell.dll
2009-01-07 20:01 - 2009-01-07 20:01 - 00649019 _____ () C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avformat-52.dll
2009-01-07 19:58 - 2009-01-07 19:58 - 00074795 _____ () C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avutil-49.dll
2009-01-07 20:01 - 2009-01-07 20:01 - 03989516 _____ () C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\avcodec-52.dll
2009-04-15 10:40 - 2009-04-15 10:40 - 00057856 _____ () C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\lang.dll
2008-04-28 09:49 - 2008-04-28 09:49 - 00003072 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
2014-01-21 19:39 - 2014-12-06 17:10 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2008-10-31 19:50 - 2008-10-31 19:50 - 00011552 _____ () C:\Program Files (x86)\SiteAdvisor\6172\saHook.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:4F636E25

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: dealplylive => 2
MSCONFIG\Services: dealplylivem => 3
MSCONFIG\Services: Google MediaServer => 2
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: Partner Service => 3
MSCONFIG\Services: SbieSvc => 2
MSCONFIG\Services: WTabletServiceCon => 2
MSCONFIG\startupreg: Acer Empowering Technology Monitor => C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
MSCONFIG\startupreg: EmpoweringTechnology => C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
MSCONFIG\startupreg: Google Media Scanner => "C:\Program Files (x86)\Google\Google Media Server\GoogleMediaScanner.exe"
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent

========================= Accounts: ==========================

Administrator (S-1-5-21-2771533323-571298105-790965156-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2771533323-571298105-790965156-1010 - Limited - Enabled)
Gast (S-1-5-21-2771533323-571298105-790965156-501 - Limited - Disabled)
Pfälzer (S-1-5-21-2771533323-571298105-790965156-1000 - Administrator - Enabled) => C:\Users\Pfälzer
Pfälzer_2 (S-1-5-21-2771533323-571298105-790965156-1001 - Limited - Enabled) => C:\Users\Pfälzer_2

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/05/2015 10:47:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/05/2015 10:47:45 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/05/2015 10:46:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/05/2015 10:46:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/05/2015 10:45:36 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/05/2015 10:45:35 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (01/05/2015 10:47:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL

Error: (01/05/2015 10:47:45 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL

Error: (01/05/2015 10:46:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL

Error: (01/05/2015 10:46:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL

Error: (01/05/2015 10:45:36 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL

Error: (01/05/2015 10:45:35 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL


CodeIntegrity Errors:
===================================
  Date: 2015-01-05 10:46:55.955
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-05 10:46:55.740
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-05 10:46:55.495
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-05 10:46:55.257
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-05 10:46:54.651
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-05 10:46:54.177
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-05 10:46:53.556
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-05 10:46:52.928
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-13 18:33:28.746
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-13 18:33:28.557
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 45%
Total physical RAM: 4094.32 MB
Available physical RAM: 2236.49 MB
Total Pagefile: 8395.91 MB
Available Pagefile: 6556.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:457.94 GB) (Free:138.85 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:458.57 GB) (Free:356.13 GB) NTFS
Drive e: (Sniper_GW) (CDROM) (Total:4.46 GB) (Free:0 GB) CDFS
Drive i: (Feschdblood) (Fixed) (Total:298.09 GB) (Free:115.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7BEC2B93)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=457.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=458.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 55F17C2F)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 05.01.2015, 10:12   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
tbhcn im Autostart - Systemstart sehr langsam - Standard

tbhcn im Autostart - Systemstart sehr langsam



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Task: {482C9865-53C6-45A3-B2EC-2F9EC33A00AD} - \Dealply No Task File <==== ATTENTION
EmptyTemp:
Hosts:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Wie man Programme richtig installiert

Backup mit DriveSnapshot

Das TB unterstützen

Alt 05.01.2015, 10:18   #5
Pfaelzer
 
tbhcn im Autostart - Systemstart sehr langsam - Standard

tbhcn im Autostart - Systemstart sehr langsam



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-01-2015
Ran by Pfälzer at 2015-01-05 11:18:00 Run:1
Running from C:\Users\Pfälzer_2\Desktop
Loaded Profiles: Pfälzer & Pfälzer_2 (Available profiles: Pfälzer & Pfälzer_2)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {482C9865-53C6-45A3-B2EC-2F9EC33A00AD} - \Dealply No Task File <==== ATTENTION
EmptyTemp:
Hosts:
         
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{482C9865-53C6-45A3-B2EC-2F9EC33A00AD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{482C9865-53C6-45A3-B2EC-2F9EC33A00AD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply" => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 251.8 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 11:18:34 ====
         


Alt 05.01.2015, 10:33   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
tbhcn im Autostart - Systemstart sehr langsam - Standard

tbhcn im Autostart - Systemstart sehr langsam



Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
--> tbhcn im Autostart - Systemstart sehr langsam

Alt 05.01.2015, 18:48   #7
Pfaelzer
 
tbhcn im Autostart - Systemstart sehr langsam - Standard

tbhcn im Autostart - Systemstart sehr langsam



Mbam läuft und ESET ist runtergeladen. Ich muss noch mal schnell auf Arbeit und meld mich dann heut Nachmittag noch mal mit den Logs. Danke schon mal und bis später!

Hier die Log-Files

Mbam
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 05.01.2015
Suchlauf-Zeit: 11:45:19
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.05.04
Rootkit Datenbank: v2014.12.30.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x64
Dateisystem: NTFS
Benutzer: Pfälzer

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 487360
Verstrichene Zeit: 21 Min, 14 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
ESET
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d022ac231bc1174d876c0c4e0648f36f
# engine=21824
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-05 06:46:12
# local_time=2015-01-05 07:46:12 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=779 16777213 85 72 2035785 184904062 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776573 100 100 215484 258007478 0 0
# scanned=359465
# found=9
# cleaned=0
# scan_time=9902
sh=675C34C8A8C68779B03E89746D58630859292CD7 ft=1 fh=53e56eab4fdbd274 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pfälzer_2\AppData\Roaming\NCH Software\Program Files\MixPad\mixpad.exe.vir"
sh=B55D7DFBE21B261A67842A761AD5F43EE9FFDA44 ft=1 fh=b2ac4ea04bee6e54 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pfälzer_2\AppData\Roaming\NCH Software\Program Files\MixPad\mixpadsetup_v3.29.exe.vir"
sh=BB8686699C972AD8542D385290C465C084264CD0 ft=1 fh=d9f9f7a925310911 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pfälzer_2\AppData\Roaming\NCH Software\Program Files\Switch\switch.exe.vir"
sh=41BD1925F37D38233BDB1074DA28FCD075416493 ft=1 fh=c8952d6f0aeed392 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pfälzer_2\AppData\Roaming\NCH Software\Program Files\Switch\switchsetup_v4.43.exe.vir"
sh=9063784AA52C5DA8888A8AFFCCBA9FE8E24802F5 ft=1 fh=b7acc83d2d36dde3 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pfälzer_2\AppData\Roaming\NCH Software\Program Files\WavePad\wavepad.exe.vir"
sh=4191BEFF5D8A2ADA4A8C1765F1905FFE312ACB94 ft=1 fh=3afba7ed4b49b7cd vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pfälzer_2\AppData\Roaming\NCH Software\Program Files\WavePad\wavepadsetup_v5.40.exe.vir"
sh=81E4D6C73D512607C41C1A558BFEDC122014254D ft=0 fh=0000000000000000 vn="INF/Autorun.gen Wurm" ac=I fn="C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Trial Creator\Export\SoftDMA_Trial\Autorun.inf"
sh=E48BF924ACC6431B44CB57BB9ED6C13DB79065C5 ft=1 fh=714d0ca1a09182e7 vn="Win32/Somoto.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Pfälzer\Downloads\m4a-to-mp3-converter_CB-DL-Manager [1].exe"
sh=D01F9F59BF6CA6E3FE60231CC8808C1A4FEA4530 ft=1 fh=e23161741f42185f vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Pfälzer_2\Downloads\Setup_31FreeVideoConverter.exe"
         

Alt 06.01.2015, 08:17   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
tbhcn im Autostart - Systemstart sehr langsam - Standard

tbhcn im Autostart - Systemstart sehr langsam



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\Pfälzer\Downloads\m4a-to-mp3-converter_CB-DL-Manager [1].exe
C:\Users\Pfälzer_2\Downloads\Setup_31FreeVideoConverter.exe
EmptyTemp:
Hosts:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Wie man Programme richtig installiert

Backup mit DriveSnapshot

Das TB unterstützen

Alt 06.01.2015, 14:11   #9
Pfaelzer
 
tbhcn im Autostart - Systemstart sehr langsam - Standard

tbhcn im Autostart - Systemstart sehr langsam



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-01-2015
Ran by Pfälzer_2 at 2015-01-06 15:09:05 Run:2
Running from C:\Users\Pfälzer_2\Desktop
Loaded Profile: Pfälzer_2 (Available profiles: Pfälzer & Pfälzer_2)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Pfälzer\Downloads\m4a-to-mp3-converter_CB-DL-Manager [1].exe
C:\Users\Pfälzer_2\Downloads\Setup_31FreeVideoConverter.exe
EmptyTemp:
Hosts:
         
*****************

"C:\Users\Pfälzer\Downloads\m4a-to-mp3-converter_CB-DL-Manager [1].exe" => File/Directory not found.
C:\Users\Pfälzer_2\Downloads\Setup_31FreeVideoConverter.exe => Moved successfully.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
EmptyTemp: => Removed 157.1 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 15:11:39 ====
         

Alt 06.01.2015, 14:37   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
tbhcn im Autostart - Systemstart sehr langsam - Standard

tbhcn im Autostart - Systemstart sehr langsam



Virenscanner deaktivieren, Fix wiederholen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Wie man Programme richtig installiert

Backup mit DriveSnapshot

Das TB unterstützen

Alt 06.01.2015, 14:44   #11
Pfaelzer
 
tbhcn im Autostart - Systemstart sehr langsam - Standard

tbhcn im Autostart - Systemstart sehr langsam



Neuer Fix
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-01-2015
Ran by Pfälzer at 2015-01-06 15:42:43 Run:3
Running from C:\Users\Pfälzer_2\Desktop
Loaded Profiles: Pfälzer & Pfälzer_2 (Available profiles: Pfälzer & Pfälzer_2)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Pfälzer\Downloads\m4a-to-mp3-converter_CB-DL-Manager [1].exe
C:\Users\Pfälzer_2\Downloads\Setup_31FreeVideoConverter.exe
EmptyTemp:
Hosts:
*****************

C:\Users\Pfälzer\Downloads\m4a-to-mp3-converter_CB-DL-Manager [1].exe => Moved successfully.
"C:\Users\Pfälzer_2\Downloads\Setup_31FreeVideoConverter.exe" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 536 KB temporary data.


The system needed a reboot. 

==== End of Fixlog 15:42:57 ====
         

Alt 06.01.2015, 14:50   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
tbhcn im Autostart - Systemstart sehr langsam - Standard

tbhcn im Autostart - Systemstart sehr langsam



Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) empfehle ich die Erweiterung Ghostery, diese verhindert weitgehend Usertracking bzw. das Anzeigen von Werbebannern.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Wie man Programme richtig installiert

Backup mit DriveSnapshot

Das TB unterstützen

Alt 06.01.2015, 15:00   #13
Pfaelzer
 
tbhcn im Autostart - Systemstart sehr langsam - Standard

tbhcn im Autostart - Systemstart sehr langsam



Danke für den Tipp mit den Cookies, werd ich mir auf jeden Fall noch runterladen!
Nee... im Moment scheint alles soweit in Ordnung zu sein! Vielen Dank für Deine Hilfe!!

Alt 06.01.2015, 15:06   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
tbhcn im Autostart - Systemstart sehr langsam - Standard

tbhcn im Autostart - Systemstart sehr langsam



Dann wären wir durch!


Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board

Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden. Es empfiehlt sich Malwarebytes Anti-Malware zu behalten und damit wöchentlich nach Malware zu scannen.

Helfen kann dir dabei delfix:


Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.






Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Wie man Programme richtig installiert

Backup mit DriveSnapshot

Das TB unterstützen

Antwort

Themen zu tbhcn im Autostart - Systemstart sehr langsam
adware, akamai, antivirus, auftrag, browser, converter, error, flash player, google, home, iexplore.exe, installation, langsam, logfile, mp3, popup, programm, realtek, registry, rundll, scan, siteadvisor, software, svchost.exe, windows, windows xp



Ähnliche Themen: tbhcn im Autostart - Systemstart sehr langsam


  1. Hilfe, Autostart sehr langsam.
    Plagegeister aller Art und deren Bekämpfung - 28.02.2015 (3)
  2. Anzeigefehler bei Systemstart/Computer sehr langsam/Uhrzeit ändert sich häufig und mehr (Windows Vista)
    Plagegeister aller Art und deren Bekämpfung - 04.11.2014 (9)
  3. Windows 7: tbhcn im Systemstart
    Log-Analyse und Auswertung - 05.04.2014 (15)
  4. Windows 7 Ultimate: Computer ist nach Systemstart sehr langsam
    Log-Analyse und Auswertung - 27.03.2014 (25)
  5. tbhcn im Systemstart
    Plagegeister aller Art und deren Bekämpfung - 11.01.2014 (7)
  6. tbhcn in Autostart - Win7 64bit sehr langsam
    Log-Analyse und Auswertung - 02.11.2013 (9)
  7. Systemstart sehr langsam - PUP.Optional.Conduit.A von Malwarebytes gefunden
    Log-Analyse und Auswertung - 18.08.2013 (9)
  8. tbhcn.exe im Autostart
    Plagegeister aller Art und deren Bekämpfung - 15.08.2013 (13)
  9. Sehr merkwürdiger Eintrag im Autostart
    Mülltonne - 17.03.2013 (1)
  10. tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up
    Plagegeister aller Art und deren Bekämpfung - 05.01.2013 (20)
  11. TBHCN im Autostart gefunden
    Plagegeister aller Art und deren Bekämpfung - 28.12.2012 (7)
  12. "tbhcn" im Autostart. System und Firefox ist sehr Langsam. Ist das ein Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 28.11.2012 (15)
  13. tbhcn in Autostart
    Log-Analyse und Auswertung - 13.11.2012 (1)
  14. Autostart tbhcn, was nun?
    Plagegeister aller Art und deren Bekämpfung - 17.09.2012 (10)
  15. PC sehr langsam und Programme öffnen sich sehr langsam...
    Log-Analyse und Auswertung - 01.05.2012 (5)
  16. Systemstart sehr langsam!
    Log-Analyse und Auswertung - 28.02.2010 (2)
  17. Autostart sehr hartnäckig.
    Alles rund um Windows - 12.09.2005 (9)

Zum Thema tbhcn im Autostart - Systemstart sehr langsam - Hallo liebes Team, nachdem mein Rechner beim System-Start seit knapp ner Woche deutlich länger braucht, hab ich mich mal ins MSconfig begeben und bin, wie der Titel schon sagt, über - tbhcn im Autostart - Systemstart sehr langsam...
Archiv
Du betrachtest: tbhcn im Autostart - Systemstart sehr langsam auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.