Diverse Probleme mit Rechner und seit neustem: WShelper.exe

Wilfried49 · 09.01.2015, 00:31

Aloha schrauber!

SimilarWeb habe ich deinstalliert und TDSSKiller.exe hat keine Bedrohungen gefunden!

Das Anti-Rootkit dagegen hat sich erst etwas quer gestellt und ließ den Scan nach einem Neustart zu (vorher meldete es mir, es gäbe Probleme mit einem Treiber), aber auch dann wurde keine Maleware auf dem Rechner gefunden!

Gerade hat mich Comodo erneut auf "WShelper.exe" aufmerksam gemacht. Die Exe versucht auf Registry-Einträge zuzugreifen.

schrauber · 09.01.2015, 09:22

Zitat:

Wondershare TunesGo(Version 5.0.0) (HKLM-x32\...\{ADBA24FE-D6F6-4B21-97F3-D58A327422E4}_is1) (Version: 5.0.0 - Wondershare)

WSHElper gehört zu Wondershare.

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Wilfried49 · 09.01.2015, 16:19

Malwarebytes Anti-Malware und JRT konnten jeweils keine Bedrohungen feststellen.

Hier die Logs:

Code:

ATTFilter

# AdwCleaner v4.107 - Bericht erstellt am 09/01/2015 um 10:38:24
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Tobias - TOBIAS-PC
# Gestartet von : C:\Users\Tobias\Downloads\AdwCleaner_4.107.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\ProgramData\AdTrustMedia
Ordner Gelöscht : C:\Program Files (x86)\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\AdTrustMedia
Ordner Gelöscht : C:\Program Files\AdTrustMedia
Ordner Gelöscht : C:\Users\Tobias\AppData\Roaming\NCH Software
Datei Gelöscht : C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\qgrdidvi.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage
Datei Gelöscht : C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
Datei Gelöscht : C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
Datei Gelöscht : C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
Datei Gelöscht : C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

***** [ Tasks ] *****

Task Gelöscht : BrowserProtect
Task Gelöscht : Hoolapp For Android
Task Gelöscht : Hoolapp Init
Task Gelöscht : YourFile DownloaderUpdate

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 de)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [3169 octets] - [14/07/2014 01:19:18]
AdwCleaner[R1].txt - [3830 octets] - [09/01/2015 10:35:43]
AdwCleaner[S0].txt - [2802 octets] - [15/07/2014 13:06:51]
AdwCleaner[S1].txt - [3642 octets] - [09/01/2015 10:38:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3702 octets] ##########

Bei der Ausführung des JRT hatte ich mehrfach Probleme und erst nach dem 3. Reboot konnte ich einen vollständigen Scan abschließen.

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x64
Ran by Tobias on 09.01.2015 at 11:23:41,36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.01.2015 at 12:18:12,94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Und FRST:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Tobias (administrator) on TOBIAS-PC on 09-01-2015 13:50:42
Running from C:\Users\Tobias\Desktop
Loaded Profile: Tobias (Available profiles: Tobias)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
() C:\Program Files (x86)\MAGIX\PC_Check_Tuning_Free_2011\MxTray.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Dropbox, Inc.) C:\Users\Tobias\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Google Inc.) C:\Users\Tobias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tobias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tobias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tobias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tobias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tobias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tobias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tobias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tobias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tobias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tobias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tobias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tobias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tobias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tobias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tobias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tobias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tobias\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Users\Tobias\AppData\Local\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Users\Tobias\AppData\Local\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [6868280 2012-05-21] (Logitech Inc.)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1297112 2014-12-09] (COMODO)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2000-01-01] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [444760 2014-03-07] (Razer Inc.)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43608 2000-01-01] ()
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-15] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\Run: [Google Update] => C:\Users\Tobias\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-21] (Google Inc.)
HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\MountPoints2: {01f545e5-c72a-11e3-b9a2-001d7da6420f} - H:\virtuallyjenna-en.exe
HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\MountPoints2: {01f545ea-c72a-11e3-b9a2-001d7da6420f} - K:\autorun.exe
HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\MountPoints2: {01f545f5-c72a-11e3-b9a2-001d7da6420f} - J:\autorun.exe
HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\MountPoints2: {01f54604-c72a-11e3-b9a2-001d7da6420f} - L:\autorun.exe
HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\MountPoints2: {09d7c289-0c19-11e4-8f46-001d7da6420f} - H:\LaunchU3.exe -a
HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\MountPoints2: {1be2274b-c054-11e2-9cb2-806e6f6e6963} - F:\autorun.exe
HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\MountPoints2: {803984f0-0cc1-11e4-832f-001d7da6420f} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\MountPoints2: {986a4d14-7c97-11e3-9eb2-001d7da6420f} - F:\autorun.exe
HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\MountPoints2: {fa311c55-52d6-11e3-957c-001d7da6420f} - H:\Startme.exe
Startup: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2764848105-337601815-2700051401-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com?fr=fp-comodo
HKU\S-1-5-21-2764848105-337601815-2700051401-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: HKLM-x32 - Default Value = {74198672-5F7D-4FE9-A611-4AC1D5A66A15}
URLSearchHook: HKU\S-1-5-21-2764848105-337601815-2700051401-1000 - Default Value = {74198672-5F7D-4FE9-A611-4AC1D5A66A15}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2764848105-337601815-2700051401-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\qgrdidvi.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2764848105-337601815-2700051401-1000: @acestream.net/acestreamplugin,version=3.0.4 -> C:\Users\Tobias\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-2764848105-337601815-2700051401-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Tobias\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2764848105-337601815-2700051401-1000: @talk.google.com/O1DPlugin -> C:\Users\Tobias\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2764848105-337601815-2700051401-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Tobias\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2764848105-337601815-2700051401-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Tobias\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Tobias\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Tobias\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\qgrdidvi.default\searchplugins\pornmd.xml
FF Extension: ProxTube - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\qgrdidvi.default\Extensions\ich@maltegoetz.de.xpi [2014-10-11]
FF Extension: PornMD - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\qgrdidvi.default\Extensions\PornMD@PornMD.xpi [2015-01-08]
FF Extension: Adblock Edge - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\qgrdidvi.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-07-15]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-04-04]

Chrome: 
=======
CHR HomePage: Default -> 
CHR Plugin: (Shockwave Flash) - C:\Users\Tobias\AppData\Local\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Tobias\AppData\Local\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Tobias\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\Tobias\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Tobias\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Tobias\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Tobias\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Profile: C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (IRC QuakeNet webchat) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhaphniflbbhhfailihfckiifpbgeokd [2014-03-18]
CHR Extension: (AdBlock) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-03]
CHR Extension: (ProxMate - Proxy on steroids!) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm [2013-04-13]
CHR Extension: (Stealthy) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje [2014-05-15]
CHR Extension: (Google Wallet) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\Chrome\Extension: [cnnbdaahphjgdgfhliignpepgnbnfomp] - c:\program files (x86)\copernic\desktopsearch4\ChromeConnector\ChromeConnector.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-08] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-08] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-08] (BlueStack Systems, Inc.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2014-12-09] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2014-12-09] (COMODO)
S3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [723192 2013-11-14] (Disc Soft Ltd)
S2 MAGIX StartUp Analyze Service; C:\Program Files (x86)\MAGIX\PC_Check_Tuning_Free_2011\MXSAS.exe [186368 2010-11-04] (MAGIX AG) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2014-11-04] (Tunngle.net GmbH)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-08] (BlueStack Systems)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2014-12-09] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [792648 2014-12-09] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45880 2014-12-09] (COMODO)
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2014-04-18] (Disc Soft Ltd)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2014-12-09] (COMODO)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation                           )
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-10] (Razer, Inc.)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-10] (Razer, Inc.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-01-13] ()
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 cpuz132; \??\C:\Users\Tobias\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 12:18 - 2015-01-09 12:18 - 00000626 _____ () C:\Users\Tobias\Desktop\JRT.txt
2015-01-09 11:05 - 2015-01-09 11:05 - 00003790 _____ () C:\Users\Tobias\Desktop\AdwCleaner[S1].txt
2015-01-09 10:48 - 2015-01-09 10:48 - 00000000 ____D () C:\Windows\ERUNT
2015-01-09 10:45 - 2015-01-09 10:45 - 01707939 _____ (Thisisu) C:\Users\Tobias\Desktop\JRT.exe
2015-01-09 10:30 - 2015-01-09 10:31 - 02191360 _____ () C:\Users\Tobias\Downloads\AdwCleaner_4.107.exe
2015-01-09 00:00 - 2015-01-09 00:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-08 23:41 - 2015-01-09 00:30 - 00000000 ____D () C:\Users\Tobias\Desktop\mbar
2015-01-08 23:38 - 2015-01-08 23:38 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Tobias\Downloads\mbar-1.08.2.1001(1).exe
2015-01-08 23:26 - 2015-01-08 23:27 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Tobias\Desktop\mbar-1.08.2.1001.exe
2015-01-08 23:09 - 2015-01-08 23:09 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Tobias\Desktop\tdsskiller.exe
2015-01-08 22:29 - 2015-01-08 22:39 - 00000000 ____D () C:\Users\Tobias\Desktop\RevoUninstallerPortable
2015-01-08 22:27 - 2015-01-08 22:28 - 02785665 _____ (PortableApps.com) C:\Users\Tobias\Desktop\RevoUninstallerPortable_1.95_Rev_2.paf.exe
2015-01-08 18:57 - 2015-01-08 18:58 - 00000000 ____D () C:\Users\Tobias\AppData\Local\doubleTwist Corporation
2015-01-08 18:56 - 2015-01-08 18:56 - 00002073 _____ () C:\Users\Public\Desktop\doubleTwist.lnk
2015-01-08 18:56 - 2015-01-08 18:56 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-08 18:56 - 2015-01-08 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\doubleTwist
2015-01-08 18:55 - 2015-01-08 18:56 - 00000000 ____D () C:\Program Files (x86)\doubleTwist
2015-01-08 18:54 - 2015-01-08 18:54 - 21754656 _____ () C:\Users\Tobias\Downloads\doubleTwistSetupFull.exe
2015-01-08 15:13 - 2015-01-08 15:13 - 00000000 ____D () C:\ProgramData\Wondershare
2015-01-08 15:10 - 2015-01-08 15:10 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\HMYGSetting
2015-01-08 15:10 - 2015-01-08 15:10 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Wondershare
2015-01-08 15:09 - 2015-01-08 15:09 - 00002041 _____ () C:\Users\Public\Desktop\Wondershare TunesGo.lnk
2015-01-08 15:09 - 2015-01-08 15:09 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Wondershare
2015-01-08 15:09 - 2015-01-08 15:09 - 00000000 ____D () C:\Users\Tobias\.android
2015-01-08 15:09 - 2015-01-08 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2015-01-08 15:09 - 2015-01-08 15:09 - 00000000 ____D () C:\Program Files (x86)\Wondershare
2015-01-08 14:42 - 2015-01-08 14:42 - 01233827 _____ () C:\Users\Tobias\Desktop\GMER.log
2015-01-08 14:13 - 2015-01-08 14:13 - 00290808 _____ () C:\Windows\Minidump\010815-23400-01.dmp
2015-01-08 00:39 - 2015-01-08 00:39 - 00019039 _____ () C:\Users\Tobias\Downloads\Versuch-21.odt
2015-01-07 18:38 - 2015-01-08 16:39 - 00044092 _____ () C:\Users\Tobias\Desktop\Addition.txt
2015-01-07 18:37 - 2015-01-07 18:37 - 00380416 _____ () C:\Users\Tobias\Desktop\o5lw8g6g.exe
2015-01-07 18:36 - 2015-01-09 13:50 - 00022130 _____ () C:\Users\Tobias\Desktop\FRST.txt
2015-01-07 18:36 - 2015-01-09 13:50 - 00000000 ____D () C:\FRST
2015-01-07 18:35 - 2015-01-07 18:35 - 02124288 _____ (Farbar) C:\Users\Tobias\Desktop\FRST64.exe
2015-01-07 18:34 - 2015-01-08 16:36 - 00000474 _____ () C:\Users\Tobias\Desktop\defogger_disable.log
2015-01-07 18:34 - 2015-01-07 18:34 - 00000000 _____ () C:\Users\Tobias\defogger_reenable
2015-01-07 18:16 - 2015-01-07 18:16 - 00050477 _____ () C:\Users\Tobias\Desktop\Defogger.exe
2015-01-07 17:57 - 2015-01-07 17:57 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-07 17:31 - 2015-01-07 17:32 - 39544000 _____ (Wondershare ) C:\Users\Tobias\Downloads\TunesGoforAndroid.exe
2015-01-07 17:15 - 2015-01-07 17:15 - 00000000 ____D () C:\ProgramData\Samsung
2015-01-07 17:10 - 2015-01-07 17:15 - 00000000 ____D () C:\Users\Tobias\Documents\samsung
2015-01-07 17:10 - 2015-01-07 17:10 - 00000000 ____D () C:\Users\Tobias\Documents\SelfMV
2015-01-07 17:10 - 2015-01-07 17:10 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2015-01-07 17:09 - 2015-01-07 17:10 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Samsung
2015-01-07 17:09 - 2015-01-07 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-01-07 17:09 - 2015-01-07 17:09 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-01-07 17:09 - 2014-05-07 17:42 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2015-01-07 16:59 - 2015-01-07 16:59 - 42424368 _____ (Samsung Electronics Co., Ltd.) C:\Users\Tobias\Downloads\Kies_3.2.14113_3.exe
2015-01-04 10:55 - 2015-01-04 10:55 - 01052536 _____ () C:\Windows\Minidump\010415-30217-01.dmp
2015-01-04 10:54 - 2015-01-08 14:12 - 506874316 _____ () C:\Windows\MEMORY.DMP
2014-12-22 23:33 - 2014-12-26 23:30 - 00000000 ____D () C:\ProgramData\Tunngle
2014-12-22 23:33 - 2014-12-22 23:33 - 00000000 ____D () C:\Users\Public\Documents\Tunngle
2014-12-22 23:33 - 2014-12-22 23:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
2014-12-22 23:31 - 2014-12-22 23:31 - 04501720 _____ (Tunngle.net GmbH ) C:\Users\Tobias\Downloads\Tunngle_Setup_v5.0 (1).exe
2014-12-22 23:30 - 2014-12-22 23:30 - 04501720 _____ (Tunngle.net GmbH ) C:\Users\Tobias\Downloads\Tunngle_Setup_v5.0.exe
2014-12-22 21:07 - 2014-12-22 23:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-12-21 09:48 - 2014-12-21 09:48 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-21 09:48 - 2014-12-21 09:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-21 00:56 - 2014-12-21 00:56 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-20 11:13 - 2014-12-20 11:13 - 00297226 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-12-20 11:13 - 2014-12-20 11:13 - 00297222 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-12-20 11:13 - 2014-12-20 11:13 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-12-20 11:11 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-20 11:11 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-20 11:11 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-20 11:11 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-20 11:11 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-20 11:11 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-20 11:11 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-20 11:11 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-20 11:11 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-20 11:11 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-19 14:58 - 2014-12-19 15:02 - 00000000 ____D () C:\Users\Tobias\Downloads\D&D 5e books
2014-12-19 14:56 - 2014-12-19 14:56 - 00015892 _____ () C:\Users\Tobias\Downloads\[kickass.so]d.d.5e.player.s.handbook.monster.manual.adventure.lost.mine.of.phandelver.torrent
2014-12-19 02:50 - 2014-12-26 18:17 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-12-19 02:50 - 2014-12-19 02:50 - 00001236 _____ () C:\Users\Public\Desktop\NCH Suite.lnk
2014-12-19 02:50 - 2014-12-19 02:50 - 00001122 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
2014-12-19 02:50 - 2014-12-19 02:50 - 00001110 _____ () C:\Users\Public\Desktop\Debut Video Capture Software.lnk
2014-12-19 02:50 - 2014-12-19 02:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2014-12-16 21:53 - 2014-12-17 10:53 - 00001197 _____ () C:\Users\Tobias\Desktop\rap.txt
2014-12-15 01:33 - 2014-12-15 01:33 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\MAGIX
2014-12-15 01:14 - 2015-01-09 12:31 - 00000440 _____ () C:\Windows\Tasks\PCCT - MAGIX AG.job
2014-12-15 01:14 - 2014-12-15 01:14 - 00002828 _____ () C:\Windows\System32\Tasks\PCCT - MAGIX AG
2014-12-15 01:14 - 2014-12-15 01:14 - 00000000 ____D () C:\Users\Tobias\Documents\OnDemandDump
2014-12-15 01:14 - 2014-12-15 01:14 - 00000000 ____D () C:\Users\Tobias\Documents\MAGIX_MxTray
2014-12-15 01:14 - 2014-12-15 01:14 - 00000000 ____D () C:\Users\Tobias\Documents\CrashLog
2014-12-15 01:13 - 2014-12-15 01:33 - 00000000 ____D () C:\ProgramData\MAGIX
2014-12-15 01:13 - 2014-12-15 01:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2014-12-15 01:13 - 2014-12-15 01:13 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2014-12-15 01:09 - 2014-12-15 01:09 - 41085024 _____ (MAGIX AG) C:\Users\Tobias\Downloads\setup_pc_check_tuning.exe
2014-12-14 23:12 - 2014-12-14 23:15 - 00023362 _____ () C:\Users\Tobias\Desktop\SB2 AUFGABE3.odt
2014-12-11 02:36 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-11 02:36 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-11 02:36 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-11 02:36 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-11 02:36 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-11 02:36 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-11 02:36 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-11 02:36 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-11 02:35 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 02:35 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-11 02:35 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 02:35 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 02:35 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 02:35 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 02:35 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 02:35 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 02:35 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 02:35 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 02:35 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 02:35 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 02:35 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 02:35 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 02:35 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 02:35 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 02:35 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 02:35 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 02:35 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 02:35 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-11 02:35 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 02:35 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 02:35 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 02:35 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 02:35 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-11 02:35 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-11 02:35 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 02:35 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-11 02:35 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 02:35 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-11 02:35 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-11 02:35 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-11 02:35 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-11 02:35 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 02:35 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 02:35 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 02:35 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 02:35 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-11 02:35 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 02:35 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 02:35 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-11 02:35 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 02:35 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 02:35 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 02:35 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 02:35 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 02:35 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 02:35 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-11 02:35 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 02:35 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 02:35 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 02:35 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 02:35 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 02:35 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-11 02:35 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 02:35 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-11 02:35 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-11 02:34 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-11 02:34 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-11 02:34 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-11 02:34 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-11 02:34 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-11 02:34 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-11 02:34 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-11 02:34 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-11 02:34 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-11 02:34 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-11 02:34 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-11 02:34 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-11 02:34 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-11 02:34 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-11 00:56 - 2014-12-11 00:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 13:45 - 2014-04-27 14:00 - 00040458 _____ () C:\Windows\setupact.log
2015-01-09 13:43 - 2012-08-21 03:51 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Skype
2015-01-09 13:41 - 2012-08-21 02:32 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2015-01-09 13:35 - 2012-08-21 00:32 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2764848105-337601815-2700051401-1000UA.job
2015-01-09 13:27 - 2013-11-12 15:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-09 13:07 - 2012-08-21 03:02 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2764848105-337601815-2700051401-1000UA.job
2015-01-09 12:42 - 2009-07-14 05:45 - 00027888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 12:42 - 2009-07-14 05:45 - 00027888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-09 12:38 - 2012-08-20 23:57 - 01465935 _____ () C:\Windows\WindowsUpdate.log
2015-01-09 12:35 - 2012-11-07 19:17 - 00000000 ___RD () C:\Users\Tobias\Dropbox
2015-01-09 12:33 - 2012-11-07 19:14 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Dropbox
2015-01-09 12:31 - 2012-08-21 00:39 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-09 12:31 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-09 12:30 - 2014-07-30 20:05 - 00951250 _____ () C:\Windows\system32\Drivers\fvstore.dat
2015-01-09 10:39 - 2012-08-21 02:04 - 00204108 _____ () C:\Windows\PFRO.log
2015-01-09 10:38 - 2014-07-14 01:19 - 00000000 ____D () C:\AdwCleaner
2015-01-09 10:00 - 2014-07-14 01:19 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-09 09:58 - 2012-08-21 03:02 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2764848105-337601815-2700051401-1000Core.job
2015-01-09 00:00 - 2014-07-14 01:19 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-08 22:35 - 2012-08-21 00:32 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2764848105-337601815-2700051401-1000Core.job
2015-01-08 18:56 - 2012-11-06 01:20 - 00092624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcm110u.dll
2015-01-08 18:56 - 2012-11-06 01:20 - 00073680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc110esn.dll
2015-01-08 15:10 - 2014-10-20 19:21 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-08 15:09 - 2012-08-21 00:22 - 00000000 ____D () C:\Users\Tobias
2015-01-08 14:13 - 2014-06-13 19:33 - 00000000 ____D () C:\Windows\Minidump
2015-01-07 23:52 - 2012-08-21 19:59 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\TS3Client
2015-01-07 22:29 - 2014-11-02 13:37 - 00020491 _____ () C:\Users\Tobias\Downloads\Bartholomäus.ods
2015-01-07 17:57 - 2014-07-14 01:19 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-07 17:57 - 2014-07-14 01:19 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-07 17:57 - 2014-07-14 01:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-07 17:57 - 2014-07-14 01:19 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-07 17:09 - 2012-08-24 18:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-04 10:55 - 2009-07-14 05:45 - 00309736 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-04 10:54 - 2012-10-12 13:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-01 23:53 - 2014-04-08 12:53 - 00000000 ____D () C:\The KMPlayer
2014-12-26 22:22 - 2014-04-07 18:25 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Paint.NET
2014-12-26 18:34 - 2012-08-21 00:32 - 00067200 _____ () C:\Users\Tobias\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-26 11:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-24 15:13 - 2012-08-21 03:52 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Thunderbird
2014-12-23 00:00 - 2012-09-26 22:32 - 00219136 ___SH () C:\Users\Tobias\Thumbs.db
2014-12-22 23:33 - 2014-03-26 23:04 - 00000000 ____D () C:\Program Files (x86)\Tunngle
2014-12-22 23:33 - 2014-03-25 17:45 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Tunngle
2014-12-22 23:20 - 2012-08-22 19:18 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\vlc
2014-12-21 01:26 - 2012-08-23 00:00 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Adobe
2014-12-21 01:17 - 2013-11-12 15:45 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-21 01:17 - 2013-02-09 22:21 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-21 01:17 - 2013-02-09 22:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-21 00:56 - 2014-06-14 07:38 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-21 00:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-21 00:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-20 11:20 - 2013-08-15 00:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-20 11:13 - 2012-08-21 15:18 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-19 20:35 - 2014-04-18 20:00 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\uTorrent
2014-12-19 14:56 - 2014-11-29 20:04 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\.ACEStream
2014-12-16 22:02 - 2014-11-29 20:06 - 00000000 ___HD () C:\_acestream_cache_
2014-12-13 20:44 - 2012-11-07 19:17 - 00001021 _____ () C:\Users\Tobias\Desktop\Dropbox.lnk
2014-12-13 20:44 - 2012-11-07 19:15 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-12 11:12 - 2014-05-15 12:25 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2014-12-12 10:42 - 2009-07-14 18:58 - 00801286 _____ () C:\Windows\system32\perfh007.dat
2014-12-12 10:42 - 2009-07-14 18:58 - 00206086 _____ () C:\Windows\system32\perfc007.dat
2014-12-11 20:14 - 2014-09-22 10:14 - 00000000 ____D () C:\Users\Tobias\.maptool

Some content of TEMP:
====================
C:\Users\Tobias\AppData\Local\Temp\7z.dll
C:\Users\Tobias\AppData\Local\Temp\7z.exe
C:\Users\Tobias\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4qtaam.dll
C:\Users\Tobias\AppData\Local\Temp\dtkill.exe
C:\Users\Tobias\AppData\Local\Temp\Executor.exe
C:\Users\Tobias\AppData\Local\Temp\Quarantine.exe
C:\Users\Tobias\AppData\Local\Temp\SetupAdmin.exe
C:\Users\Tobias\AppData\Local\Temp\sqlite3.dll
C:\Users\Tobias\AppData\Local\Temp\vcredist_x86-2010.exe
C:\Users\Tobias\AppData\Local\Temp\vcredist_x86-2012.exe
C:\Users\Tobias\AppData\Local\Temp\_is4603.exe
C:\Users\Tobias\AppData\Local\Temp\_isC729.exe
C:\Users\Tobias\AppData\Local\Temp\_isEDD.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 11:50

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Tobias at 2015-01-09 13:52:54
Running from C:\Users\Tobias\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: COMODO Antivirus (Enabled - Up to date) {F0BC89B2-8937-0933-021B-B17D981F2A71}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Disabled) {C8870897-C358-086B-2944-184866CC6D0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
Ace Stream Media 3.0.4 (HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\AceStream) (Version: 3.0.4 - Ace Stream Media)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
A-PDF INFO Changer 2.0 (HKLM-x32\...\A-PDF INFO Changer_is1) (Version:  - A-PDF.com)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Photo Optimizer 5 v.5.1.1 (HKLM-x32\...\Ashampoo Photo Optimizer 5_is1) (Version: 5.1.1 - Ashampoo GmbH & Co. KG)
BASE 5.5 (HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\BASE 5.5) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitTorrent (HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\BitTorrent) (Version: 7.9.2.32692 - BitTorrent Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4079 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{8DCCC556-265B-478A-8B32-C12DA988BA74}) (Version: 0.9.4.4079 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Codecs for Windows 7 Pack 4.0.5 (HKLM-x32\...\Codecs for Windows 7 Pack) (Version: 4.0.5 - Codecs for Windows 7 Pack)
COMODO Internet Security (HKLM\...\{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}) (Version: 5.10.31649.2253 - COMODO Security Solutions Inc.)
CPUID CPU-Z 1.66.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
d20Pro (HKLM-x32\...\d20Pro) (Version:  - )
DAEMON Tools Ultra (HKLM-x32\...\DAEMON Tools Ultra) (Version: 2.1.0.0187 - Disc Soft Ltd)
DAoC Portal (HKLM-x32\...\{EC9359B3-2548-4DB1-B322-6D71A17501F9}) (Version: 2.8.2 - Dawn of Light)
DAOC-Charplan (HKLM-x32\...\DAOCCharplan) (Version:  - )
Dark Age of Camelot (HKLM-x32\...\Dark Age of Camelot) (Version:  - Electronic Arts)
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 2.05 - NCH Software)
DisplayFusion 4.1 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 4.1.0.0 - Binary Fortress Software)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)
doubleTwist Sync (HKLM-x32\...\doubleTwist) (Version: 4.0.4.19771 - doubleTwist Corporation)
Dropbox (HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
EroBottle 4.6  (HKLM-x32\...\EroBottle) (Version: 4.6 - Kai Ebersbach - www.erosoft.de)
EroBottle-Extensions-Editor Vers. 1.4 (HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\EroBottle-Extensions-Editor Vers. 1.4) (Version:  - )
Evernote v. 5.6.4 (HKLM-x32\...\{DFDF0BE2-2D71-11E4-9454-00163E98E7D6}) (Version: 5.6.4.4632 - Evernote Corp.)
Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Genesis version Genesis Launcher 1.005 (HKLM-x32\...\{975e7799-c584-47f0-9c12-c1551f3e95f2}_is1) (Version: Genesis Launcher 1.005 - Pawel D. alias Laplume for Genesis.)
Google Chrome (HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hero Lab 4.1 (HKLM-x32\...\{760AA190-82DF-4A80-BE05-B9FEEC88946D}_is1) (Version: 4.1 - LWD Technology, Inc.)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.65.11 - JMicron Technology Corp.)
Logitech Gaming Software 8.30 (HKLM\...\Logitech Gaming Software) (Version: 8.30.86 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.58 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.58 - LogMeIn, Inc.) Hidden
MAGIX PC Check & Tuning Free 2011 (HKLM-x32\...\MAGIX_MSI_PC_Check_Tuning_Free_2011) (Version: 6.0.403.1050 - MAGIX AG)
MAGIX PC Check & Tuning Free 2011 (x32 Version: 6.0.403.1050 - MAGIX AG) Hidden
MAGIX Screenshare (HKLM-x32\...\{B63DFA23-5C10-44B4-881D-45EFBF4A4761}) (Version: 4.3.6.1987 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mora's Ausrüstungsplaner (HKLM-x32\...\{8A33CE67-80FB-4469-9ED1-E5D116391F68}_is1) (Version: 1.72 - Mora)
MorphVOX Junior (HKLM-x32\...\{E6C7380F-15DD-445E-BA02-B7A180BA0A5A}) (Version: 2.8.1 - Screaming Bee)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NEF Codec (HKLM-x32\...\{D6506521-0959-4FA3-875F-E2E28830B0D2}) (Version: 1.00.0000 - Nikon)
NSU (HKLM-x32\...\{323F7AD9-1F4D-49E1-973B-80E1B6F1623A}) (Version: 1.00.1000 - Medion AG)
NVIDIA 3D Vision Controller-Treiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 334.89 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 334.89 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 334.89 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Patch Origins version 1.0.11 (HKLM-x32\...\{75147b12-6219-448d-886b-0a9a02d1e648}_is1) (Version: 1.0.11 - Pawel D. alias Laplume pour Origins.)
PCGen6000 (HKLM-x32\...\PCGen6000) (Version:  - )
PDF Architect (HKLM-x32\...\{80A07844-CA64-4DE4-AB61-D37DDBE8074F}) (Version: 1.0.52.8917 - pdfforge)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RarZilla Free Unrar (HKLM-x32\...\RarZilla Free Unrar) (Version: 4.80 - Philipp Winterberg)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.17.22 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.) Hidden
Scrabble3D (HKLM-x32\...\{E11BBF69-C686-45B3-9267-CE44603B47AE}) (Version: 3.1.0.29 - Heiko Tietze)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Sid Meier's Civilization 4 - Beyond the Sword (HKLM-x32\...\{32E4F0D2-C135-475E-A841-1D59A0D22989}) (Version: 3.19 - Firaxis Games)
Sid Meier's Civilization 4 - Warlords (HKLM-x32\...\{3E4B349F-10B5-4586-9D99-489A90A8B228}) (Version: 2.13 - Firaxis Games)
Sid Meier's Civilization 4 (HKLM-x32\...\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}) (Version: 1.74 - Firaxis Games)
Sid Meier's Civilization 4 (x32 Version: 1.00.0000 - Firaxis Games) Hidden
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SlimDrivers (HKLM-x32\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27339 - TeamViewer)
TeXstudio 2.6.6 (HKLM-x32\...\TeXstudio_is1) (Version: 2.6.6 - Benito van der Zander)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The KMPlayer (HKLM-x32\...\The KMPlayer) (Version: 3.8.0.122 - PandoraTV)
ThrashIRC version 2.9 (HKLM-x32\...\{D3C0BE0C-9761-4AC1-8CEF-B53796FEDE44}) (Version: 2.9.0 - Anthony Thrash Durbin)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.3000.132 - TuneUp Software) Hidden
Tunngle Version Tunngle (HKLM-x32\...\Tunngle_is1) (Version: Tunngle - Tunngle.net GmbH)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wondershare TunesGo(Version 5.0.0) (HKLM-x32\...\{ADBA24FE-D6F6-4B21-97F3-D58A327422E4}_is1) (Version: 5.0.0 - Wondershare)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version:  - )
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Tobias\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Tobias\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Tobias\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Tobias\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tobias\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Tobias\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

20-12-2014 11:09:53 Windows Update
21-12-2014 01:02:22 MAGIX Treiberinstallation
Chipset Device Software for G41 Express Chipset
21-12-2014 01:05:16 MAGIX Treiberinstallation
INF Update Utility 9.2.0.1025
21-12-2014 10:47:46 Windows Update
22-12-2014 19:39:08 MAGIX Treiberinstallation
Chipset Device Software for G41 Express Chipset
22-12-2014 20:07:28 MAGIX Treiberinstallation
INF Update Utility 9.2.0.1025
22-12-2014 23:32:29 Tunngle 5.0 Setup
04-01-2015 11:59:21 Geplanter Prüfpunkt
07-01-2015 17:08:45 Installed Samsung Kies3
08-01-2015 15:17:16 Gerätetreiber-Paketinstallation: Google, Inc.
08-01-2015 18:55:42 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
08-01-2015 22:51:04 Revo Uninstaller's restore point - Overwolf
08-01-2015 23:04:59 Revo Uninstaller's restore point - SimilarWeb
08-01-2015 23:09:18 Revo Uninstaller's restore point - Copernic Desktop Search 4
08-01-2015 23:09:59 Installed Copernic Desktop Search 4

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0ACE5948-49B8-4051-B091-2D7731DAB0AF} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-12-09] (COMODO)
Task: {1F4CE6EE-F11B-4D45-BD80-648A7AE51668} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {2149ACB9-406A-4799-B03D-E464744C55B0} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {3278CC75-2A4F-42E5-9E45-0B23993A37FC} - System32\Tasks\PCCT - MAGIX AG => C:\Program Files (x86)\MAGIX\PC_Check_Tuning_Free_2011\MxTray.exe [2010-11-08] ()
Task: {435F4013-DAB5-42A2-8608-FE980F293497} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4A6BB261-2823-48D6-B5FF-3605A1B5D549} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2764848105-337601815-2700051401-1000Core => C:\Users\Tobias\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {691C49CE-11A0-45E9-9C8C-E65A79D92283} - System32\Tasks\{4A09BFD2-B95A-4FE7-B0FB-2AAB11EC6532} => pcalua.exe -a C:\Users\Tobias\Downloads\eb-edit-install-1.4.exe -d C:\Users\Tobias\Downloads
Task: {6EC5EE04-6804-4582-9F1B-F1D9319F54BF} - System32\Tasks\{2C2811EC-68D2-4790-A416-DCB51A70191C} => pcalua.exe -a "C:\Program Files\TeamSpeak 3 Client\plugins\ts3overlay\InstallHook.exe" -d "C:\Program Files\TeamSpeak 3 Client\plugins\ts3overlay\" -c ts3overlay_hook_win32.dll 10000
Task: {70CE8F9B-36A7-4EE3-AB38-59EED8E2D903} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2764848105-337601815-2700051401-1000UA => C:\Users\Tobias\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-21] (Google Inc.)
Task: {C6B6DD74-7D6C-4DD0-93D8-4DBEECDA58C8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2764848105-337601815-2700051401-1000Core => C:\Users\Tobias\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-21] (Google Inc.)
Task: {CA52BB50-4FB5-409E-B7E4-46F3F176FCC1} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2764848105-337601815-2700051401-1000UA => C:\Users\Tobias\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {D16C173F-EEF5-4641-ACAD-F5D7A5DCAF4F} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {D1C7621B-5C1D-4484-B24A-2BBB99883037} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {FB26CFD0-7289-4703-9BBC-9DC6E4546010} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-21] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2764848105-337601815-2700051401-1000Core.job => C:\Users\Tobias\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2764848105-337601815-2700051401-1000UA.job => C:\Users\Tobias\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2764848105-337601815-2700051401-1000Core.job => C:\Users\Tobias\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2764848105-337601815-2700051401-1000UA.job => C:\Users\Tobias\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCCT - MAGIX AG.job => C:\Program Files (x86)\MAGIX\PC_Check_Tuning_Free_2011\MxTray.exe

==================== Loaded Modules (whitelisted) =============

2012-08-21 00:38 - 2014-02-08 18:42 - 00117024 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-11-08 18:08 - 2010-11-08 18:08 - 02644248 _____ () C:\Program Files (x86)\MAGIX\PC_Check_Tuning_Free_2011\MxTray.exe
2013-11-15 01:48 - 2013-11-15 01:48 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2011-12-19 17:59 - 2013-04-15 18:39 - 00073424 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-11-04 12:21 - 2010-11-04 12:21 - 00635904 _____ () C:\Program Files (x86)\MAGIX\PC_Check_Tuning_Free_2011\MFL_u_VC9.dll
2007-09-05 16:42 - 2007-09-05 16:42 - 00638976 _____ () C:\Program Files (x86)\MAGIX\PC_Check_Tuning_Free_2011\PlayRIpl.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Tobias\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-09 12:32 - 2015-01-09 12:32 - 00043008 _____ () c:\users\tobias\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4qtaam.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Tobias\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Tobias\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Tobias\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-08-26 15:47 - 2014-08-26 15:47 - 00436576 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-08-26 15:47 - 2014-08-26 15:47 - 00318304 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2013-11-15 01:49 - 2013-11-15 01:49 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-12-13 09:33 - 2014-12-06 02:50 - 01077064 _____ () C:\Users\Tobias\AppData\Local\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-13 09:33 - 2014-12-06 02:50 - 00211272 _____ () C:\Users\Tobias\AppData\Local\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-13 09:33 - 2014-12-06 02:50 - 09009480 _____ () C:\Users\Tobias\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 09:33 - 2014-12-06 02:50 - 01677128 _____ () C:\Users\Tobias\AppData\Local\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-22 21:07 - 2014-12-22 21:07 - 03339376 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-12-22 21:07 - 2014-12-22 21:07 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-12-22 21:07 - 2014-12-22 21:07 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-12-13 09:33 - 2014-12-06 02:50 - 14913352 _____ () C:\Users\Tobias\AppData\Local\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
2014-12-11 00:56 - 2014-12-11 00:57 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc110esn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfcm110u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\ProgramData\TEMP:05EE1EEF
AlternateDataStreams: C:\Users\Tobias\Desktop\3+-+Kognitive+Aktivierung.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\Alpines - Cocoon - from YouTube.mp3:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\Chairlift - Amanaemonesia - from YouTube.mp3:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\Chairlift - Bruises - from YouTube.mp3:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\Defogger.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tobias\Desktop\Defogger.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\Grimes - Vanessa (Official Video) - from YouTube.mp3:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\Logarithmusaufgaben 1.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\Logarithmusaufgaben mit Lösungen.PDF:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\mbar-1.08.2.1001.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tobias\Desktop\mbar-1.08.2.1001.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\o5lw8g6g.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tobias\Desktop\o5lw8g6g.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\RevoUninstallerPortable_1.95_Rev_2.paf.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\tdsskiller.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tobias\Desktop\tdsskiller.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\AdwCleaner_4.107.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\Aufgaben_und_Loesungen_zu_Logarithmen.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\Charakter_N'Tser Hreshzar Lodokain (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\Charakter_N'Tser Hreshzar Lodokain.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\DieWinterkoenigin-Spielerleitfaden_80ff (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\doubleTwistSetupFull.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tobias\Downloads\doubleTwistSetupFull.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\DS-Battlefield.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\Falkengrunds_letzte_Hoffnung_f2d3.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\Fitch-Formelsammlung.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\GS-Blob.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\GS_Schlangenmensch.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\GT_Klosterkarte.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\Kies_3.2.14113_3.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\mbar-1.08.2.1001(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Tobias\Downloads\mbar-1.08.2.1001(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\setup_pc_check_tuning.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\Spielleiterinformationen_Finstermond_Module_als_Kampagne_00f6.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\TunesGoforAndroid.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\Tunngle_Setup_v5.0 (1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\Tunngle_Setup_v5.0.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\Versuch-21.odt:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\[kickass.so]d.d.5e.player.s.handbook.monster.manual.adventure.lost.mine.of.phandelver.torrent:$CmdZnID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: DAEMON Tools Ultra Agent => "C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe" -autorun
MSCONFIG\startupreg: Hoolapp Android => "C:\Users\Tobias\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-2764848105-337601815-2700051401-500 - Administrator - Disabled)
Gast (S-1-5-21-2764848105-337601815-2700051401-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2764848105-337601815-2700051401-1014 - Limited - Enabled)
Tobias (S-1-5-21-2764848105-337601815-2700051401-1000 - Administrator - Enabled) => C:\Users\Tobias

==================== Faulty Device Manager Devices =============

Name: Hamachi Network Interface
Description: Hamachi Network Interface
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/09/2015 00:34:20 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


System errors:
=============
Error: (01/09/2015 00:34:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (01/09/2015 00:34:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (01/09/2015 00:34:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (01/09/2015 00:34:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (01/09/2015 00:33:38 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde nicht richtig gestartet.

Error: (01/09/2015 00:32:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/09/2015 00:32:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht.

Error: (01/09/2015 00:30:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058


Microsoft Office Sessions:
=========================
Error: (01/09/2015 00:34:20 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 64%
Total physical RAM: 6142.49 MB
Available physical RAM: 2161.22 MB
Total Pagefile: 12283.16 MB
Available Pagefile: 7215.85 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:596.07 GB) (Free:148.07 GB) NTFS
Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:465.75 GB) (Free:37.81 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (NAS-SERVER) (CDROM) (Total:0.24 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 7E967411)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=596.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 115D115D)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Zu allem Überfluss habe ich gerade enorme Probleme mit der Tastatur. Ich erinnere mich, dass die von mir angesprochene .tmp auf Tastaturtreiber zugreifen wollte. Jedenfalls habe ich gerade immer wieder das Problem, dass meine Tastatur ausfällt und "nicht installiert" werden kann.

schrauber · 09.01.2015, 17:29

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

Task: {691C49CE-11A0-45E9-9C8C-E65A79D92283} - System32\Tasks\{4A09BFD2-B95A-4FE7-B0FB-2AAB11EC6532} => pcalua.exe -a C:\Users\Tobias\Downloads\eb-edit-install-1.4.exe -d C:\Users\Tobias\Downloads
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Wilfried49 · 09.01.2015, 18:45

Erster Log. Tastatur geht nicht, muss mit Bildschirmtastatur schreiben.

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Tobias at 2015-01-09 18:10:28 Run:1
Running from C:\Users\Tobias\Desktop
Loaded Profile: Tobias (Available profiles: Tobias)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {691C49CE-11A0-45E9-9C8C-E65A79D92283} - System32\Tasks\{4A09BFD2-B95A-4FE7-B0FB-2AAB11EC6532} => pcalua.exe -a C:\Users\Tobias\Downloads\eb-edit-install-1.4.exe -d C:\Users\Tobias\Downloads
Emptytemp:
         
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{691C49CE-11A0-45E9-9C8C-E65A79D92283}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{691C49CE-11A0-45E9-9C8C-E65A79D92283}" => Key deleted successfully.
C:\Windows\System32\Tasks\{4A09BFD2-B95A-4FE7-B0FB-2AAB11EC6532} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4A09BFD2-B95A-4FE7-B0FB-2AAB11EC6532}" => Key deleted successfully.
EmptyTemp: => Removed 1.7 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 18:12:07 ====

schrauber · 09.01.2015, 19:54

Nach dem Reboot müsste die wieder gehen. Was ist das für ein Keyboard? ODer ist das ein Laptop. Dann Treiber neu laden.

Wilfried49 · 09.01.2015, 20:02

ok. Eset dauert aber sicher noch eine Weile. Auf Tastatur steht Logitech und sie hat links zusätzlich 12 Tasten.

Nach 20% schon 22 Funde.

schrauber · 09.01.2015, 20:53

OK, da brauchts nen Extra Treiber. Tastatur mal abklemmen und wieder anklemmen. Oder bei Logitech auf der Seite den Treiber neu laden.

Wilfried49 · 10.01.2015, 10:06

Ersteres habe ich schon versucht. Ich warte jetzt erstmal ESET ab - ist immer noch bei 27%...

Tastatur geht aber zumindest plötzlich wieder, war paar Stunden nicht am Rechner und kann jetzt schreiben!

So, ESET ist über Nacht fertig geworden:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=a307e9a23a40a945885dd14be242feae
# engine=21890
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-10 07:55:14
# local_time=2015-01-10 08:55:14 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='COMODO Antivirus'
# compatibility_mode=3074 16777213 100 84 55926 92604078 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 46967843 172506364 0 0
# scanned=658837
# found=88
# cleaned=0
# scan_time=51844
sh=E5131144C59C77EBB526F92544C391D2A7578283 ft=1 fh=c506046d362e26f8 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{1550584B-1E24-43AF-A50F-E869CC173E56}"
sh=090B08676792D722BD38A439DDF1E82693BA42A0 ft=1 fh=ef6f39fee99295c7 vn="MSIL/TrojanDropper.Agent.PG Trojaner" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{20B92907-0954-41FE-95BF-235F7953A4EC}"
sh=4F16CB3DB677D2CC9F2EA703B617C314B50BC8C4 ft=1 fh=4c084b46fd7c87aa vn="Variante von Win32/AirAdInstaller.A evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{226A7259-F9A0-4D33-87B1-77059EE11B29}"
sh=16279C89159705793861CC26AC2A281A6CD1BFDD ft=1 fh=ecd68e4c4673179f vn="Win32/DomaIQ.C evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{300FD642-8C77-42EA-A44A-E04978D8294C}"
sh=B6DBEA3A1B959AA4B6209A70FA09264AC9F1C0BF ft=1 fh=6de9439b9e53bc54 vn="Variante von Win32/AirAdInstaller.A evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{303617A9-0837-4DE0-8507-091F5AFAB78E}"
sh=717002F75CFF2AE33759145CCA61937D4DCB0CE6 ft=1 fh=c88bd2338754e815 vn="Win32/InstalleRex.C evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{3A84FB5B-5D53-43F1-AAF6-FBC524B92E29}"
sh=6D12ECDA9F68D94717FBBFBD4F3914555D2BF41E ft=1 fh=ab76c81853d238be vn="Win32/Adware.1ClickDownload.M Anwendung" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{4268AD37-4EEA-41FC-8026-E432F7A7A36B}"
sh=EE800AE4E89792488877D64EF6DDAFAD6EB07716 ft=1 fh=ac972c446813087b vn="Win32/InstalleRex.K evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{58ED5BC2-0D8E-45B2-9A85-646288889A11}"
sh=16279C89159705793861CC26AC2A281A6CD1BFDD ft=1 fh=ecd68e4c4673179f vn="Win32/DomaIQ.C evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{5CDB65F8-4EFF-4752-934D-397B020E414E}"
sh=B21D8548E27B23C5CA4CC7F045287A5FBBF15618 ft=1 fh=4621e847e69fd955 vn="Variante von Win32/iLivid.A evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{72993D37-1564-44D0-912E-1F26D0C614E2}"
sh=81ACF5642730532D54AB1D288AD03A1E32099D5A ft=1 fh=e5d1dab8d1bfbc2b vn="Mehrere Bedrohungen" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{86892D7B-DFBF-4766-9E0C-E7665886F121}"
sh=B741EA8190010210EF71BF7359A3A8A23BED9B86 ft=1 fh=36a962898140d740 vn="Win32/InstalleRex.I evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{A19451F9-660B-4E59-85F2-C5A4DFEA2EC8}"
sh=E63C73DCF77DBF511EDA27A2FF2C6597F1D6090E ft=1 fh=2a4abf6250d3b479 vn="Win32/InstalleRex.K evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{A8D65BB8-3ED7-4C40-9224-5956B547417F}"
sh=2714DB0A06F74A4282CDDC307EA1599670422E09 ft=1 fh=dbe7f66a91f8fadc vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{A8DE549D-3C83-4DE4-8F32-F89124221BCF}"
sh=8312B13FA558A23847F6F07F5974FE5C73CB3689 ft=1 fh=3ef56acc8ebd8767 vn="Win32/DomaIQ.C evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{C53AA90A-C5F0-4209-B521-B391329A1BC8}"
sh=42D79DEC549511961845FC3A0D7163A97EC9DA8F ft=1 fh=3dc1f428b292b609 vn="Win32/AdWare.1ClickDownload.AT Anwendung" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{C73BDFD7-9A48-41F3-8BE1-A41144FBD51F}"
sh=41BD1208544CA6E1F222FA8FC59E87C45DF4BACC ft=1 fh=3f0ee9338233d9e7 vn="Variante von Win32/Amonetize.AW evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{C888AEED-55ED-4949-803B-F6E79F9BFD3C}"
sh=A1B3F551A08FBAADC772759529A6FD9050599B39 ft=1 fh=e5ad91cc27ce6780 vn="Win32/InstalleRex.L evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{C92BE2ED-45EC-41C8-93E6-77C197E45E50}"
sh=81ACF5642730532D54AB1D288AD03A1E32099D5A ft=1 fh=e5d1dab8d1bfbc2b vn="Mehrere Bedrohungen" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{D1161E29-0C3D-4902-BD55-E5174418A472}"
sh=0546A2A4EC3E909DB465E85F694BE303311776E0 ft=1 fh=70c14c603d93f7fc vn="Variante von Win32/Adware.MultiPlug.DW Anwendung" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{D76FCC21-4FDA-408D-91B7-C50FEAEBF0FE}"
sh=9FEDDA5E2FBD7A1C43BA2D924AB1475AE96690C3 ft=1 fh=3daaad025b8f03d2 vn="NSIS/StartPage.CC Trojaner" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{DD3A74CF-95C0-4D86-A433-A2CB20FF71B5}"
sh=0546A2A4EC3E909DB465E85F694BE303311776E0 ft=1 fh=70c14c603d93f7fc vn="Variante von Win32/Adware.MultiPlug.DW Anwendung" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{FC4005B9-8C2A-4458-BC7C-71F2A6AB2BE5}"
sh=E5131144C59C77EBB526F92544C391D2A7578283 ft=1 fh=c506046d362e26f8 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{1550584B-1E24-43AF-A50F-E869CC173E56}"
sh=090B08676792D722BD38A439DDF1E82693BA42A0 ft=1 fh=ef6f39fee99295c7 vn="MSIL/TrojanDropper.Agent.PG Trojaner" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{20B92907-0954-41FE-95BF-235F7953A4EC}"
sh=4F16CB3DB677D2CC9F2EA703B617C314B50BC8C4 ft=1 fh=4c084b46fd7c87aa vn="Variante von Win32/AirAdInstaller.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{226A7259-F9A0-4D33-87B1-77059EE11B29}"
sh=16279C89159705793861CC26AC2A281A6CD1BFDD ft=1 fh=ecd68e4c4673179f vn="Win32/DomaIQ.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{300FD642-8C77-42EA-A44A-E04978D8294C}"
sh=B6DBEA3A1B959AA4B6209A70FA09264AC9F1C0BF ft=1 fh=6de9439b9e53bc54 vn="Variante von Win32/AirAdInstaller.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{303617A9-0837-4DE0-8507-091F5AFAB78E}"
sh=717002F75CFF2AE33759145CCA61937D4DCB0CE6 ft=1 fh=c88bd2338754e815 vn="Win32/InstalleRex.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{3A84FB5B-5D53-43F1-AAF6-FBC524B92E29}"
sh=6D12ECDA9F68D94717FBBFBD4F3914555D2BF41E ft=1 fh=ab76c81853d238be vn="Win32/Adware.1ClickDownload.M Anwendung" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{4268AD37-4EEA-41FC-8026-E432F7A7A36B}"
sh=EE800AE4E89792488877D64EF6DDAFAD6EB07716 ft=1 fh=ac972c446813087b vn="Win32/InstalleRex.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{58ED5BC2-0D8E-45B2-9A85-646288889A11}"
sh=16279C89159705793861CC26AC2A281A6CD1BFDD ft=1 fh=ecd68e4c4673179f vn="Win32/DomaIQ.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{5CDB65F8-4EFF-4752-934D-397B020E414E}"
sh=B21D8548E27B23C5CA4CC7F045287A5FBBF15618 ft=1 fh=4621e847e69fd955 vn="Variante von Win32/iLivid.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{72993D37-1564-44D0-912E-1F26D0C614E2}"
sh=81ACF5642730532D54AB1D288AD03A1E32099D5A ft=1 fh=e5d1dab8d1bfbc2b vn="Mehrere Bedrohungen" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{86892D7B-DFBF-4766-9E0C-E7665886F121}"
sh=B741EA8190010210EF71BF7359A3A8A23BED9B86 ft=1 fh=36a962898140d740 vn="Win32/InstalleRex.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{A19451F9-660B-4E59-85F2-C5A4DFEA2EC8}"
sh=E63C73DCF77DBF511EDA27A2FF2C6597F1D6090E ft=1 fh=2a4abf6250d3b479 vn="Win32/InstalleRex.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{A8D65BB8-3ED7-4C40-9224-5956B547417F}"
sh=2714DB0A06F74A4282CDDC307EA1599670422E09 ft=1 fh=dbe7f66a91f8fadc vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{A8DE549D-3C83-4DE4-8F32-F89124221BCF}"
sh=8312B13FA558A23847F6F07F5974FE5C73CB3689 ft=1 fh=3ef56acc8ebd8767 vn="Win32/DomaIQ.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{C53AA90A-C5F0-4209-B521-B391329A1BC8}"
sh=42D79DEC549511961845FC3A0D7163A97EC9DA8F ft=1 fh=3dc1f428b292b609 vn="Win32/AdWare.1ClickDownload.AT Anwendung" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{C73BDFD7-9A48-41F3-8BE1-A41144FBD51F}"
sh=41BD1208544CA6E1F222FA8FC59E87C45DF4BACC ft=1 fh=3f0ee9338233d9e7 vn="Variante von Win32/Amonetize.AW evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{C888AEED-55ED-4949-803B-F6E79F9BFD3C}"
sh=A1B3F551A08FBAADC772759529A6FD9050599B39 ft=1 fh=e5ad91cc27ce6780 vn="Win32/InstalleRex.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{C92BE2ED-45EC-41C8-93E6-77C197E45E50}"
sh=81ACF5642730532D54AB1D288AD03A1E32099D5A ft=1 fh=e5d1dab8d1bfbc2b vn="Mehrere Bedrohungen" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{D1161E29-0C3D-4902-BD55-E5174418A472}"
sh=0546A2A4EC3E909DB465E85F694BE303311776E0 ft=1 fh=70c14c603d93f7fc vn="Variante von Win32/Adware.MultiPlug.DW Anwendung" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{D76FCC21-4FDA-408D-91B7-C50FEAEBF0FE}"
sh=9FEDDA5E2FBD7A1C43BA2D924AB1475AE96690C3 ft=1 fh=3daaad025b8f03d2 vn="NSIS/StartPage.CC Trojaner" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{DD3A74CF-95C0-4D86-A433-A2CB20FF71B5}"
sh=0546A2A4EC3E909DB465E85F694BE303311776E0 ft=1 fh=70c14c603d93f7fc vn="Variante von Win32/Adware.MultiPlug.DW Anwendung" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{FC4005B9-8C2A-4458-BC7C-71F2A6AB2BE5}"
sh=2309C2C08085D24A55AC97DC8F3709BBE471C67B ft=1 fh=155f067dc1e09aa3 vn="Win32/SoftonicDownloader evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Dropbox\RuK\Alter PC\Alte Downloads\SoftonicDownloader_fuer_screenshot-captor.exe"
sh=2FECC93DA46229F8203D6700F979BC9C9FCF2175 ft=1 fh=8095b2a075eed88e vn="Variante von Win32/DomaIQ.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Dropbox\RuK\Alter PC\Alte Downloads\zipper.exe"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Default User\Lokale Einstellungen\Anwendungsdaten\Vuze_Remote\tbVuz2.dll"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Vuze_Remote\tbVuz2.dll"
sh=4E906571E7749DE5C2F2E74F7CDBAB131F0B874A ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Mozilla\Firefox\Profiles\zcvnyu9n.default\extensions\{6c3a1de1-94ca-4ad6-acdf-c1324adc487b}\chrome\isohunt-vuze.jar"
sh=CE55BBBBAECD415840AC4D09762084A749DBA50A ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NBK Trojaner" ac=I fn="E:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-6e0e8719"
sh=4A9F0A627FFE289F339A2DF6EA68808D47DBB5EA ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NBL Trojaner" ac=I fn="E:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\20\7bb99554-6ba0ff51"
sh=CE55BBBBAECD415840AC4D09762084A749DBA50A ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NBK Trojaner" ac=I fn="E:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\29\7adbb65d-36358016"
sh=4A9F0A627FFE289F339A2DF6EA68808D47DBB5EA ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NBL Trojaner" ac=I fn="E:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-5418919a"
sh=861D9FCFC5C004CE608C195056CEF6265C2B8387 ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NBM Trojaner" ac=I fn="E:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\53\42441975-201eda3b"
sh=861D9FCFC5C004CE608C195056CEF6265C2B8387 ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NBM Trojaner" ac=I fn="E:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\58\1f62c23a-1db7778c"
sh=55120BB6D8C0459C8765163B6326156F9760E022 ft=0 fh=0000000000000000 vn="NSIS/TrojanDownloader.Agent.NBL.Gen Trojaner" ac=I fn="E:\Dokumente und Einstellungen\Tobias\Desktop\Downloads\dtp435.rar"
sh=165A9F72013586C25627CA173DC35B3C6D0EA81B ft=1 fh=250619b7e76b0f1d vn="Variante von Win32/1AntiVirus evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Tobias\Desktop\Downloads\loaristrojanremover.exe"
sh=107B051E8464BCB2FB307A9243F8E6198318300D ft=1 fh=25ec8fd9339a63ff vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Tobias\Eigene Dateien\Datensicherung\Programme zum Systemstart\JDownloader_0.87.EXE"
sh=052A1CA2DF706B29AF5BA28FA4B4B2F1A908018A ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Tobias\Lokale Einstellungen\Anwendungsdaten\Babylon\Setup\Setup-tbff-8.0.5.5.cab"
sh=96A82B9035B47C0BF3ECB14793379273BFEDE58B ft=1 fh=18948fe863f3a5cf vn="Variante von Win32/Toolbar.Babylon.H evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Tobias\Lokale Einstellungen\Anwendungsdaten\Babylon\Setup\Setup.exe"
sh=0DDC9EFBCBB739ECBC9645E0D81144ACB0DC139F ft=1 fh=2cd04407df9b26ee vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Tobias\Lokale Einstellungen\Anwendungsdaten\Conduit\CT2504091\Vuze_RemoteAutoUpdaterHelper.exe"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Tobias\Lokale Einstellungen\Anwendungsdaten\ConduitEngine\ConduitEngine.dll"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Tobias\Lokale Einstellungen\Anwendungsdaten\Vuze_Remote\tbVuz2.dll"
sh=89014A3DB4AB1993E06792FA5EC64CDD94B3AACD ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.Agent.W Trojaner" ac=I fn="E:\Dokumente und Einstellungen\Tobias\Lokale Einstellungen\Temp\jar_cache2281460751461722175.tmp"
sh=68D1CDA996291D942BAF5AE48D978716C31FAD73 ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.CVE-2008-5353.D Trojaner" ac=I fn="E:\Dokumente und Einstellungen\Tobias\Lokale Einstellungen\Temp\jar_cache2295504349341295268.tmp"
sh=11D4166D3D659F8325A98369687889CFBA798E93 ft=1 fh=57b7b704c1b22ac8 vn="Variante von Win32/Adware.Vomba.AA evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Tobias\Lokale Einstellungen\Temp\uninstall.exe"
sh=E3EC04BC5E87A2810BBAB784B66A99A17E994F06 ft=1 fh=ac4e347debb9c471 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Dokumente und Einstellungen\Tobias\Lokale Einstellungen\Temp\ToolbarUpdater_1293102164\autoUpdater.exe"
sh=FA8566D5C24955DF10379F76F80F6D70AEFF48BA ft=1 fh=bc0e194d346ad3af vn="Variante von Win32/Toolbar.MyWebSearch evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\AskSBar\bar\1.bin\A2PLUGIN.DLL"
sh=EE8E9AA90DAB1675D6ADBCCB8318C6B880CA867E ft=1 fh=6c9080b09543e532 vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL"
sh=E96C9DBCDD05D2AB2860F42645A261F0CBE460FE ft=1 fh=c71c001199b6936c vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\Conduit\Community Alerts\Alert.dll"
sh=743CF6F7C346A3CF7BB0B81442DC14A7F3DA352D ft=1 fh=67b200ae242c58b1 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\Conduit\Community Alerts\Alert0.dll"
sh=419716F712489099B040AB846B565D808119B5E8 ft=1 fh=562d50baf79e8eca vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\ConduitEngine\ConduitEngin0.dll"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\ConduitEngine\ConduitEngine.dll"
sh=185A63C6A7CFD85E6D2F72BBECFBE9B38F4D448C ft=1 fh=c71c001172d4bfae vn="Variante von Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll"
sh=EE8E9AA90DAB1675D6ADBCCB8318C6B880CA867E ft=1 fh=6c9080b09543e532 vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\Trend Micro\HijackThis\backups\backup-20081206-203251-325.dll"
sh=7A9D933EAA5A8A32E3277862076CF6C8D6F707CF ft=1 fh=c71c001132b87c4e vn="Variante von Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\Trend Micro\HijackThis\backups\backup-20090325-183448-187.dll"
sh=75846491B7DED957820BDFBD353BC7E73180C0A6 ft=1 fh=858cfb6c13d1382c vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\Vuze\.install4j\i4j_extf_10_5p83tu.exe"
sh=FB7F6F8B615BEA2F6F16C2757F8C30C5A4204F9C ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\Vuze\.install4j\i4j_extf_8_5p83tu.xpi"
sh=5AD8114A571795AA58F76439BC0506B6504A78C2 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\Vuze\.install4j\i4j_extf_9_5p83tu.xpi"
sh=3664B7B546B41FBFB469128DEA194DBA1AF556AC ft=1 fh=532d857584187cdc vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\Vuze_Remote\tbVuz0.dll"
sh=419716F712489099B040AB846B565D808119B5E8 ft=1 fh=562d50baf79e8eca vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\Vuze_Remote\tbVuz1.dll"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\Vuze_Remote\tbVuz2.dll"
sh=169B4B79C8A0EF75FADC99587F3F8AD8ECA32EA6 ft=1 fh=af03aed950e7a7bd vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Programme\Vuze_Remote\tbVuze.dll"
sh=08CEF36631A14E6EF9BCD24271FF1A1077FB7600 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="E:\WINDOWS\Installer\eb9db.msi"
sh=7BA023CB1D1C60D516A31E37DEAC34127875E294 ft=0 fh=0000000000000000 vn="Win32/Adware.Virtumonde.NEO Anwendung" ac=I fn="E:\WINDOWS\system32\mkaadktt.ini"
sh=5701E4B00B24A9D580332CF5806BA2E871C9DF22 ft=0 fh=0000000000000000 vn="Win32/Adware.Virtumonde.NEO Anwendung" ac=I fn="E:\WINDOWS\system32\ndsbfgdf.ini"
sh=FE2E10532B6B12590C0D88DD06479C4AF51706F4 ft=0 fh=0000000000000000 vn="Win32/Adware.Virtumonde.NEO Anwendung" ac=I fn="E:\WINDOWS\system32\VvxbIRqr.ini"
sh=888E787D1DCE045CF299DB6A5AE87F9E8B36457F ft=0 fh=0000000000000000 vn="Win32/Adware.Virtumonde.NEO Anwendung" ac=I fn="E:\WINDOWS\system32\VvxbIRqr.ini2"

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 TuneUp Utilities Language Pack (de-DE) 
 Java 7 Update 67  
 Java version 32-bit out of Date! 
 Adobe Flash Player 16.0.0.235  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox (34.0.5) 
 Mozilla Thunderbird (31.3.0) 
 Google Chrome (39.0.2171.71) 
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Tobias (administrator) on TOBIAS-PC on 10-01-2015 09:59:14
Running from C:\Users\Tobias\Desktop
Loaded Profile: Tobias (Available profiles: Tobias)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
() C:\Program Files (x86)\MAGIX\PC_Check_Tuning_Free_2011\MxTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Dropbox, Inc.) C:\Users\Tobias\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Google Inc.) C:\Users\Tobias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tobias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tobias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tobias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tobias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tobias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tobias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tobias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tobias\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tobias\AppData\Local\Google\Chrome\Application\chrome.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Google Inc.) C:\Users\Tobias\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [6868280 2012-05-21] (Logitech Inc.)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1297112 2014-12-09] (COMODO)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2015-01-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2000-01-01] (Realtek Semiconductor)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [444760 2014-03-07] (Razer Inc.)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43608 2000-01-01] ()
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-15] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\Run: [Google Update] => C:\Users\Tobias\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-21] (Google Inc.)
HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\MountPoints2: H - H:\virtuallyjenna-en.exe
HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\MountPoints2: {01f545e5-c72a-11e3-b9a2-001d7da6420f} - H:\virtuallyjenna-en.exe
HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\MountPoints2: {01f545ea-c72a-11e3-b9a2-001d7da6420f} - K:\autorun.exe
HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\MountPoints2: {01f545f5-c72a-11e3-b9a2-001d7da6420f} - J:\autorun.exe
HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\MountPoints2: {01f54604-c72a-11e3-b9a2-001d7da6420f} - L:\autorun.exe
HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\MountPoints2: {09d7c289-0c19-11e4-8f46-001d7da6420f} - H:\LaunchU3.exe -a
HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\MountPoints2: {1be2274b-c054-11e2-9cb2-806e6f6e6963} - F:\autorun.exe
HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\MountPoints2: {803984f0-0cc1-11e4-832f-001d7da6420f} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\MountPoints2: {986a4d14-7c97-11e3-9eb2-001d7da6420f} - F:\autorun.exe
HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\MountPoints2: {fa311c55-52d6-11e3-957c-001d7da6420f} - H:\Startme.exe
Startup: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2764848105-337601815-2700051401-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com?fr=fp-comodo
HKU\S-1-5-21-2764848105-337601815-2700051401-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: HKLM-x32 - Default Value = {74198672-5F7D-4FE9-A611-4AC1D5A66A15}
URLSearchHook: HKU\S-1-5-21-2764848105-337601815-2700051401-1000 - Default Value = {74198672-5F7D-4FE9-A611-4AC1D5A66A15}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2764848105-337601815-2700051401-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\qgrdidvi.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2764848105-337601815-2700051401-1000: @acestream.net/acestreamplugin,version=3.0.4 -> C:\Users\Tobias\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-2764848105-337601815-2700051401-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Tobias\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2764848105-337601815-2700051401-1000: @talk.google.com/O1DPlugin -> C:\Users\Tobias\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2764848105-337601815-2700051401-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Tobias\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2764848105-337601815-2700051401-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Tobias\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Tobias\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Tobias\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\qgrdidvi.default\searchplugins\pornmd.xml
FF Extension: ProxTube - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\qgrdidvi.default\Extensions\ich@maltegoetz.de.xpi [2014-10-11]
FF Extension: PornMD - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\qgrdidvi.default\Extensions\PornMD@PornMD.xpi [2015-01-08]
FF Extension: Adblock Edge - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\qgrdidvi.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-07-15]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-04-04]

Chrome: 
=======
CHR HomePage: Default -> 
CHR Plugin: (Shockwave Flash) - C:\Users\Tobias\AppData\Local\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Tobias\AppData\Local\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Tobias\AppData\Local\Google\Chrome\Application\39.0.2171.71\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\Tobias\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Tobias\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Tobias\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Tobias\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Profile: C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (IRC QuakeNet webchat) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhaphniflbbhhfailihfckiifpbgeokd [2014-03-18]
CHR Extension: (AdBlock) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-03]
CHR Extension: (ProxMate - Proxy on steroids!) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm [2013-04-13]
CHR Extension: (Stealthy) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje [2014-05-15]
CHR Extension: (Google Wallet) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\Chrome\Extension: [cnnbdaahphjgdgfhliignpepgnbnfomp] - c:\program files (x86)\copernic\desktopsearch4\ChromeConnector\ChromeConnector.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

Locked "BFE" service could not be unlocked. <===== ATTENTION

U2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-08] (BlueStack Systems, Inc.)
U2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-08] (BlueStack Systems, Inc.)
U2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-08] (BlueStack Systems, Inc.)
U2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2014-12-09] (COMODO)
U3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2014-12-09] (COMODO)
U3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [723192 2013-11-14] (Disc Soft Ltd)
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2015-01-09] (NVIDIA Corporation)
U2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2015-01-09] (NVIDIA Corporation)
U2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
U2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
U2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
U3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2014-11-04] (Tunngle.net GmbH)
U2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-09] (NVIDIA Corporation)
U2 MAGIX StartUp Analyze Service; C:\Program Files (x86)\MAGIX\PC_Check_Tuning_Free_2011\MXSAS.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-08] (BlueStack Systems)
U1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2014-12-09] (COMODO)
U1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [792648 2014-12-09] (COMODO)
U1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45880 2014-12-09] (COMODO)
U3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2014-04-18] (Disc Soft Ltd)
U1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2014-12-09] (COMODO)
U5 MBAMSwissArmy; C:\Windows\System32\Drivers\MBAMSwissArmy.sys [129752 2015-01-09] (Malwarebytes Corporation)
U3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-01-09] (NVIDIA Corporation)
U3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation                           )
U3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-10] (Razer, Inc.)
U1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-10] (Razer, Inc.)
U3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-01-13] ()
U3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
U3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
U3 cpuz132; \??\C:\Users\Tobias\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
U3 uwdiipod; \??\C:\Users\Tobias\AppData\Local\Temp\uwdiipod.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 09:51 - 2015-01-10 09:51 - 00852505 _____ () C:\Users\Tobias\Desktop\SecurityCheck.exe
2015-01-09 18:25 - 2015-01-09 18:26 - 02347384 _____ (ESET) C:\Users\Tobias\Desktop\esetsmartinstaller_deu.exe
2015-01-09 14:59 - 2015-01-09 14:59 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-01-09 14:58 - 2015-01-09 14:58 - 00620176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-01-09 14:53 - 2015-01-09 14:58 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2015-01-09 14:53 - 2015-01-09 14:58 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-01-09 14:53 - 2015-01-09 14:58 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-01-09 14:53 - 2015-01-09 14:55 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-09 14:53 - 2015-01-09 14:55 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-09 14:53 - 2015-01-09 14:55 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-01-09 14:53 - 2015-01-09 14:55 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-09 14:53 - 2015-01-09 14:55 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2015-01-09 14:53 - 2015-01-09 14:55 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-01-09 14:53 - 2015-01-09 14:55 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-01-09 14:53 - 2015-01-09 14:55 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-01-09 14:53 - 2015-01-09 14:55 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-01-09 14:53 - 2015-01-09 14:55 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-01-09 14:53 - 2015-01-09 14:55 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-01-09 14:53 - 2015-01-09 14:55 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-01-09 14:53 - 2015-01-09 14:55 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-01-09 14:53 - 2015-01-09 14:54 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-01-09 14:53 - 2015-01-09 14:54 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-01-09 14:53 - 2015-01-09 14:54 - 17264312 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-01-09 14:53 - 2015-01-09 14:54 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-09 14:53 - 2015-01-09 14:54 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-01-09 14:53 - 2015-01-09 14:54 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-09 14:53 - 2015-01-09 14:54 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-01-09 14:53 - 2015-01-09 14:54 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2015-01-09 14:53 - 2015-01-09 14:54 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-01-09 14:53 - 2015-01-09 14:54 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-01-09 14:42 - 2014-12-13 01:12 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-01-09 14:42 - 2014-12-13 01:12 - 01291464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-01-09 14:41 - 2015-01-09 14:41 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-01-09 14:41 - 2015-01-09 14:41 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-01-09 12:26 - 2015-01-09 12:30 - 00030256 _____ () C:\Users\Tobias\Desktop\Addition.txt
2015-01-09 12:24 - 2015-01-10 10:01 - 00022176 _____ () C:\Users\Tobias\Desktop\FRST.txt
2015-01-09 12:18 - 2015-01-09 12:18 - 00000626 _____ () C:\Users\Tobias\Desktop\JRT.txt
2015-01-09 11:05 - 2015-01-09 11:05 - 00003790 _____ () C:\Users\Tobias\Desktop\AdwCleaner[S1].txt
2015-01-09 10:48 - 2015-01-09 10:48 - 00000000 ____D () C:\Windows\ERUNT
2015-01-09 10:45 - 2015-01-09 10:45 - 01707939 _____ (Thisisu) C:\Users\Tobias\Desktop\JRT.exe
2015-01-09 10:30 - 2015-01-09 10:31 - 02191360 _____ () C:\Users\Tobias\Downloads\AdwCleaner_4.107.exe
2015-01-09 00:00 - 2015-01-09 00:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-08 23:41 - 2015-01-09 00:30 - 00000000 ____D () C:\Users\Tobias\Desktop\mbar
2015-01-08 23:38 - 2015-01-08 23:38 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Tobias\Downloads\mbar-1.08.2.1001(1).exe
2015-01-08 23:26 - 2015-01-08 23:27 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Tobias\Desktop\mbar-1.08.2.1001.exe
2015-01-08 23:09 - 2015-01-08 23:09 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Tobias\Desktop\tdsskiller.exe
2015-01-08 22:29 - 2015-01-08 22:39 - 00000000 ____D () C:\Users\Tobias\Desktop\RevoUninstallerPortable
2015-01-08 22:27 - 2015-01-08 22:28 - 02785665 _____ (PortableApps.com) C:\Users\Tobias\Desktop\RevoUninstallerPortable_1.95_Rev_2.paf.exe
2015-01-08 18:57 - 2015-01-08 18:58 - 00000000 ____D () C:\Users\Tobias\AppData\Local\doubleTwist Corporation
2015-01-08 18:56 - 2015-01-08 18:56 - 00002073 _____ () C:\Users\Public\Desktop\doubleTwist.lnk
2015-01-08 18:56 - 2015-01-08 18:56 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-08 18:56 - 2015-01-08 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\doubleTwist
2015-01-08 18:55 - 2015-01-08 18:56 - 00000000 ____D () C:\Program Files (x86)\doubleTwist
2015-01-08 18:54 - 2015-01-08 18:54 - 21754656 _____ () C:\Users\Tobias\Downloads\doubleTwistSetupFull.exe
2015-01-08 16:59 - 2015-01-08 16:59 - 17927749 _____ () C:\Users\Tobias\Desktop\GMER.log
2015-01-08 15:13 - 2015-01-08 15:13 - 00000000 ____D () C:\ProgramData\Wondershare
2015-01-08 15:10 - 2015-01-08 15:10 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\HMYGSetting
2015-01-08 14:13 - 2015-01-08 14:13 - 00290808 _____ () C:\Windows\Minidump\010815-23400-01.dmp
2015-01-08 00:39 - 2015-01-08 00:39 - 00019039 _____ () C:\Users\Tobias\Downloads\Versuch-21.odt
2015-01-08 00:32 - 2015-01-08 00:32 - 15103931 _____ () C:\Users\Tobias\Desktop\gmer.txt
2015-01-07 18:37 - 2015-01-07 18:37 - 00380416 _____ () C:\Users\Tobias\Desktop\o5lw8g6g.exe
2015-01-07 18:36 - 2015-01-09 18:12 - 00000000 ____D () C:\FRST
2015-01-07 18:35 - 2015-01-07 18:35 - 02124288 _____ (Farbar) C:\Users\Tobias\Desktop\FRST64.exe
2015-01-07 18:34 - 2015-01-08 16:36 - 00000474 _____ () C:\Users\Tobias\Desktop\defogger_disable.log
2015-01-07 18:34 - 2015-01-07 18:34 - 00000000 _____ () C:\Users\Tobias\defogger_reenable
2015-01-07 18:16 - 2015-01-07 18:16 - 00050477 _____ () C:\Users\Tobias\Desktop\Defogger.exe
2015-01-07 17:57 - 2015-01-07 17:57 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-07 17:35 - 2015-01-07 17:35 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Wondershare
2015-01-07 17:35 - 2015-01-07 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2015-01-07 17:34 - 2015-01-07 17:34 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Wondershare
2015-01-07 17:34 - 2015-01-07 17:34 - 00000000 ____D () C:\Users\Tobias\.android
2015-01-07 17:34 - 2015-01-07 17:34 - 00000000 ____D () C:\Program Files (x86)\Wondershare
2015-01-07 17:31 - 2015-01-07 17:32 - 39544000 _____ (Wondershare ) C:\Users\Tobias\Downloads\TunesGoforAndroid.exe
2015-01-07 17:15 - 2015-01-07 17:15 - 00000000 ____D () C:\ProgramData\Samsung
2015-01-07 17:10 - 2015-01-07 17:15 - 00000000 ____D () C:\Users\Tobias\Documents\samsung
2015-01-07 17:10 - 2015-01-07 17:10 - 00000000 ____D () C:\Users\Tobias\Documents\SelfMV
2015-01-07 17:10 - 2015-01-07 17:10 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2015-01-07 17:03 - 2015-01-07 17:03 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Samsung
2015-01-07 17:03 - 2015-01-07 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-01-07 17:03 - 2014-05-07 17:42 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2015-01-07 17:02 - 2015-01-07 17:02 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-01-07 16:59 - 2015-01-07 16:59 - 42424368 _____ (Samsung Electronics Co., Ltd.) C:\Users\Tobias\Downloads\Kies_3.2.14113_3.exe
2015-01-04 10:55 - 2015-01-04 10:55 - 01052536 _____ () C:\Windows\Minidump\010415-30217-01.dmp
2015-01-04 10:54 - 2015-01-08 14:12 - 506874316 _____ () C:\Windows\MEMORY.DMP
2014-12-22 23:33 - 2014-12-26 23:30 - 00000000 ____D () C:\ProgramData\Tunngle
2014-12-22 23:33 - 2014-12-22 23:33 - 00000000 ____D () C:\Users\Public\Documents\Tunngle
2014-12-22 23:33 - 2014-12-22 23:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
2014-12-22 23:31 - 2014-12-22 23:31 - 04501720 _____ (Tunngle.net GmbH ) C:\Users\Tobias\Downloads\Tunngle_Setup_v5.0 (1).exe
2014-12-22 23:30 - 2014-12-22 23:30 - 04501720 _____ (Tunngle.net GmbH ) C:\Users\Tobias\Downloads\Tunngle_Setup_v5.0.exe
2014-12-22 21:07 - 2014-12-22 23:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-12-21 09:48 - 2014-12-21 09:48 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-21 09:48 - 2014-12-21 09:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-21 00:56 - 2014-12-21 00:56 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-20 11:13 - 2014-12-20 11:13 - 00297226 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-12-20 11:13 - 2014-12-20 11:13 - 00297222 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-12-20 11:13 - 2014-12-20 11:13 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-12-20 11:11 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-20 11:11 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-20 11:11 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-20 11:11 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-20 11:11 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-20 11:11 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-20 11:11 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-20 11:11 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-20 11:11 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-20 11:11 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-19 14:58 - 2014-12-19 15:02 - 00000000 ____D () C:\Users\Tobias\Downloads\D&D 5e books
2014-12-19 14:56 - 2014-12-19 14:56 - 00015892 _____ () C:\Users\Tobias\Downloads\[kickass.so]d.d.5e.player.s.handbook.monster.manual.adventure.lost.mine.of.phandelver.torrent
2014-12-19 02:50 - 2014-12-26 18:17 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-12-19 02:50 - 2014-12-19 02:50 - 00001236 _____ () C:\Users\Public\Desktop\NCH Suite.lnk
2014-12-19 02:50 - 2014-12-19 02:50 - 00001122 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
2014-12-19 02:50 - 2014-12-19 02:50 - 00001110 _____ () C:\Users\Public\Desktop\Debut Video Capture Software.lnk
2014-12-19 02:50 - 2014-12-19 02:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2014-12-16 21:53 - 2014-12-17 10:53 - 00001197 _____ () C:\Users\Tobias\Desktop\rap.txt
2014-12-15 01:33 - 2014-12-15 01:33 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\MAGIX
2014-12-15 01:14 - 2014-12-15 01:14 - 00002828 _____ () C:\Windows\System32\Tasks\PCCT - MAGIX AG
2014-12-15 01:14 - 2014-12-15 01:14 - 00000000 ____D () C:\Users\Tobias\Documents\MAGIX_MxTray
2014-12-15 01:12 - 2014-12-15 01:12 - 00000000 ____D () C:\Users\Tobias\Documents\OnDemandDump
2014-12-15 01:12 - 2014-12-15 01:12 - 00000000 ____D () C:\Users\Tobias\Documents\CrashLog
2014-12-15 01:12 - 2014-12-15 01:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2014-12-15 01:12 - 2014-12-15 01:12 - 00000000 ____D () C:\ProgramData\MAGIX
2014-12-15 01:12 - 2014-12-15 01:12 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2014-12-15 01:11 - 2014-12-15 01:12 - 00000000 ____D () C:\134ccbc360e05d682fe482cb
2014-12-15 01:09 - 2014-12-15 01:09 - 41085024 _____ (MAGIX AG) C:\Users\Tobias\Downloads\setup_pc_check_tuning.exe
2014-12-14 23:12 - 2014-12-14 23:15 - 00023362 _____ () C:\Users\Tobias\Desktop\SB2 AUFGABE3.odt
2014-12-12 11:08 - 2014-12-12 11:08 - 01764715 _____ () C:\Windows\WindowsUpdate.log
2014-12-11 02:36 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-11 02:36 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-11 02:36 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-11 02:36 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-11 02:36 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-11 02:36 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-11 02:36 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-11 02:36 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-11 02:35 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 02:35 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-11 02:35 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 02:35 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 02:35 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 02:35 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 02:35 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 02:35 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 02:35 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 02:35 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 02:35 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 02:35 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 02:35 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 02:35 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 02:35 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 02:35 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 02:35 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 02:35 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 02:35 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 02:35 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-11 02:35 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 02:35 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 02:35 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 02:35 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 02:35 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-11 02:35 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-11 02:35 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 02:35 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-11 02:35 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 02:35 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-11 02:35 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-11 02:35 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-11 02:35 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-11 02:35 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 02:35 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 02:35 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 02:35 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 02:35 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-11 02:35 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 02:35 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 02:35 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-11 02:35 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 02:35 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 02:35 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 02:35 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 02:35 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 02:35 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 02:35 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-11 02:35 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 02:35 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 02:35 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 02:35 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 02:35 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 02:35 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-11 02:35 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 02:35 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-11 02:35 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-11 02:34 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-11 02:34 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-11 02:34 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-11 02:34 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-11 02:34 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-11 02:34 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-11 02:34 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-11 02:34 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-11 02:34 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-11 02:34 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-11 02:34 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-11 02:34 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-11 02:34 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-11 02:34 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-11 00:56 - 2014-12-11 00:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 09:53 - 2014-07-30 20:05 - 00952376 _____ () C:\Windows\system32\Drivers\fvstore.dat
2015-01-10 09:53 - 2012-08-21 02:32 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2015-01-10 09:35 - 2012-08-21 00:32 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2764848105-337601815-2700051401-1000UA.job
2015-01-10 09:27 - 2013-11-12 15:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-10 07:07 - 2012-08-21 03:02 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2764848105-337601815-2700051401-1000UA.job
2015-01-10 04:07 - 2012-08-21 03:02 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2764848105-337601815-2700051401-1000Core.job
2015-01-10 01:05 - 2012-08-21 00:32 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2764848105-337601815-2700051401-1000Core.job
2015-01-10 00:54 - 2014-04-27 14:00 - 00041757 _____ () C:\Windows\setupact.log
2015-01-09 18:26 - 2009-07-14 05:45 - 00027888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 18:26 - 2009-07-14 05:45 - 00027888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-09 18:18 - 2012-11-07 19:17 - 00000000 ___RD () C:\Users\Tobias\Dropbox
2015-01-09 18:15 - 2012-11-07 19:14 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Dropbox
2015-01-09 18:13 - 2012-08-21 02:04 - 00204448 _____ () C:\Windows\PFRO.log
2015-01-09 18:13 - 2012-08-21 00:39 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-09 18:13 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-09 16:05 - 2012-08-21 00:22 - 00000000 ____D () C:\Users\Tobias
2015-01-09 15:00 - 2014-01-13 21:56 - 00000000 ____D () C:\Users\Tobias\AppData\Local\NVIDIA Corporation
2015-01-09 14:59 - 2012-08-21 00:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-01-09 14:59 - 2012-08-21 00:28 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-01-09 14:56 - 2012-08-21 00:38 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-01-09 14:55 - 2013-02-25 23:32 - 18594432 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-01-09 14:55 - 2013-02-25 23:32 - 03293136 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-01-09 14:55 - 2013-02-25 23:32 - 02897824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-01-09 14:55 - 2012-08-21 00:28 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-01-09 14:54 - 2014-02-19 14:19 - 16040184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-01-09 14:54 - 2013-02-25 23:32 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-01-09 14:54 - 2013-02-25 23:32 - 14128496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-01-09 14:49 - 2012-08-21 03:51 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Skype
2015-01-09 14:42 - 2012-08-21 00:28 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-01-09 14:41 - 2014-01-13 21:43 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-01-09 10:38 - 2014-07-14 01:19 - 00000000 ____D () C:\AdwCleaner
2015-01-09 10:00 - 2014-07-14 01:19 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-09 00:00 - 2014-07-14 01:19 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-08 18:56 - 2012-11-06 01:20 - 00092624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcm110u.dll
2015-01-08 18:56 - 2012-11-06 01:20 - 00073680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc110esn.dll
2015-01-08 15:10 - 2014-10-20 19:21 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-08 14:13 - 2014-06-13 19:33 - 00000000 ____D () C:\Windows\Minidump
2015-01-07 23:52 - 2012-08-21 19:59 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\TS3Client
2015-01-07 22:29 - 2014-11-02 13:37 - 00020491 _____ () C:\Users\Tobias\Downloads\Bartholomäus.ods
2015-01-07 17:57 - 2014-07-14 01:19 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-07 17:57 - 2014-07-14 01:19 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-07 17:57 - 2014-07-14 01:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-07 17:57 - 2014-07-14 01:19 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-07 17:09 - 2012-08-24 18:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-04 10:55 - 2009-07-14 05:45 - 00309736 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-04 10:54 - 2012-10-12 13:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-01 23:53 - 2014-04-08 12:53 - 00000000 ____D () C:\The KMPlayer
2014-12-26 22:22 - 2014-04-07 18:25 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Paint.NET
2014-12-26 18:34 - 2012-08-21 00:32 - 00067200 _____ () C:\Users\Tobias\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-26 11:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-24 15:13 - 2012-08-21 03:52 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Thunderbird
2014-12-23 00:00 - 2012-09-26 22:32 - 00219136 ___SH () C:\Users\Tobias\Thumbs.db
2014-12-22 23:33 - 2014-03-26 23:04 - 00000000 ____D () C:\Program Files (x86)\Tunngle
2014-12-22 23:33 - 2014-03-25 17:45 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Tunngle
2014-12-22 23:20 - 2012-08-22 19:18 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\vlc
2014-12-21 01:26 - 2012-08-23 00:00 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Adobe
2014-12-21 01:17 - 2013-11-12 15:45 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-21 01:17 - 2013-02-09 22:21 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-21 01:17 - 2013-02-09 22:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-21 00:56 - 2014-06-14 07:38 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-21 00:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-21 00:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-20 11:20 - 2013-08-15 00:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-20 11:13 - 2012-08-21 15:18 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-19 20:35 - 2014-04-18 20:00 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\uTorrent
2014-12-19 14:56 - 2014-11-29 20:04 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\.ACEStream
2014-12-16 22:02 - 2014-11-29 20:06 - 00000000 ___HD () C:\_acestream_cache_
2014-12-13 20:44 - 2012-11-07 19:17 - 00001021 _____ () C:\Users\Tobias\Desktop\Dropbox.lnk
2014-12-13 20:44 - 2012-11-07 19:15 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-13 11:08 - 2014-02-19 14:18 - 00027983 _____ () C:\Windows\system32\nvinfo.pb
2014-12-13 09:03 - 2012-08-21 00:38 - 06859408 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-12-13 09:03 - 2012-08-21 00:38 - 03513488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-12-13 09:03 - 2012-08-21 00:38 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-12-13 09:03 - 2012-08-21 00:38 - 00386368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-12-13 09:03 - 2012-08-21 00:38 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-12-13 01:12 - 2014-01-13 21:53 - 02824504 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-12-13 01:12 - 2014-01-13 21:53 - 02210040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-12-13 00:11 - 2012-08-21 00:38 - 04151176 _____ () C:\Windows\system32\nvcoproc.bin
2014-12-12 11:12 - 2014-05-15 12:25 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2014-12-12 10:42 - 2009-07-14 18:58 - 00801286 _____ () C:\Windows\system32\perfh007.dat
2014-12-12 10:42 - 2009-07-14 18:58 - 00206086 _____ () C:\Windows\system32\perfc007.dat
2014-12-11 20:14 - 2014-09-22 10:14 - 00000000 ____D () C:\Users\Tobias\.maptool

Some content of TEMP:
====================
C:\Users\Tobias\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzfnldo.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 11:50

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Tobias at 2015-01-10 10:02:10
Running from C:\Users\Tobias\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
Ace Stream Media 3.0.4 (HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\AceStream) (Version: 3.0.4 - Ace Stream Media)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
A-PDF INFO Changer 2.0 (HKLM-x32\...\A-PDF INFO Changer_is1) (Version:  - A-PDF.com)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Photo Optimizer 5 v.5.1.1 (HKLM-x32\...\Ashampoo Photo Optimizer 5_is1) (Version: 5.1.1 - Ashampoo GmbH & Co. KG)
BASE 5.5 (HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\BASE 5.5) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitTorrent (HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\BitTorrent) (Version: 7.9.2.32692 - BitTorrent Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4079 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{8DCCC556-265B-478A-8B32-C12DA988BA74}) (Version: 0.9.4.4079 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Codecs for Windows 7 Pack 4.0.5 (HKLM-x32\...\Codecs for Windows 7 Pack) (Version: 4.0.5 - Codecs for Windows 7 Pack)
COMODO Internet Security (HKLM\...\{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}) (Version: 5.10.31649.2253 - COMODO Security Solutions Inc.)
CPUID CPU-Z 1.66.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
d20Pro (HKLM-x32\...\d20Pro) (Version:  - )
DAEMON Tools Ultra (HKLM-x32\...\DAEMON Tools Ultra) (Version: 2.1.0.0187 - Disc Soft Ltd)
DAoC Portal (HKLM-x32\...\{EC9359B3-2548-4DB1-B322-6D71A17501F9}) (Version: 2.8.2 - Dawn of Light)
DAOC-Charplan (HKLM-x32\...\DAOCCharplan) (Version:  - )
Dark Age of Camelot (HKLM-x32\...\Dark Age of Camelot) (Version:  - Electronic Arts)
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 2.05 - NCH Software)
DisplayFusion 4.1 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 4.1.0.0 - Binary Fortress Software)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)
doubleTwist Sync (HKLM-x32\...\doubleTwist) (Version: 4.0.4.19771 - doubleTwist Corporation)
Dropbox (HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
EroBottle 4.6  (HKLM-x32\...\EroBottle) (Version: 4.6 - Kai Ebersbach - www.erosoft.de)
EroBottle-Extensions-Editor Vers. 1.4 (HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\EroBottle-Extensions-Editor Vers. 1.4) (Version:  - )
Evernote v. 5.6.4 (HKLM-x32\...\{DFDF0BE2-2D71-11E4-9454-00163E98E7D6}) (Version: 5.6.4.4632 - Evernote Corp.)
Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
Fantasy Voice Pack (HKLM-x32\...\{86E06E3C-CAAD-4A11-B984-B05961FDA98A}) (Version: 1.3.3 - Screaming Bee)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Genesis version Genesis Launcher 1.005 (HKLM-x32\...\{975e7799-c584-47f0-9c12-c1551f3e95f2}_is1) (Version: Genesis Launcher 1.005 - Pawel D. alias Laplume for Genesis.)
Google Chrome (HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hero Lab 4.1 (HKLM-x32\...\{760AA190-82DF-4A80-BE05-B9FEEC88946D}_is1) (Version: 4.1 - LWD Technology, Inc.)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.65.11 - JMicron Technology Corp.)
Logitech Gaming Software 8.30 (HKLM\...\Logitech Gaming Software) (Version: 8.30.86 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.58 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.58 - LogMeIn, Inc.) Hidden
MAGIX Screenshare (HKLM-x32\...\{B63DFA23-5C10-44B4-881D-45EFBF4A4761}) (Version: 4.3.6.1987 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mora's Ausrüstungsplaner (HKLM-x32\...\{8A33CE67-80FB-4469-9ED1-E5D116391F68}_is1) (Version: 1.72 - Mora)
MorphVOX Junior (HKLM-x32\...\{E6C7380F-15DD-445E-BA02-B7A180BA0A5A}) (Version: 2.8.1 - Screaming Bee)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NEF Codec (HKLM-x32\...\{D6506521-0959-4FA3-875F-E2E28830B0D2}) (Version: 1.00.0000 - Nikon)
NSU (HKLM-x32\...\{323F7AD9-1F4D-49E1-973B-80E1B6F1623A}) (Version: 1.00.1000 - Medion AG)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Patch Origins version 1.0.11 (HKLM-x32\...\{75147b12-6219-448d-886b-0a9a02d1e648}_is1) (Version: 1.0.11 - Pawel D. alias Laplume pour Origins.)
PCGen6000 (HKLM-x32\...\PCGen6000) (Version:  - )
PDF Architect (HKLM-x32\...\{80A07844-CA64-4DE4-AB61-D37DDBE8074F}) (Version: 1.0.52.8917 - pdfforge)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RarZilla Free Unrar (HKLM-x32\...\RarZilla Free Unrar) (Version: 4.80 - Philipp Winterberg)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.17.22 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.) Hidden
Scrabble3D (HKLM-x32\...\{E11BBF69-C686-45B3-9267-CE44603B47AE}) (Version: 3.1.0.29 - Heiko Tietze)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Sid Meier's Civilization 4 - Beyond the Sword (HKLM-x32\...\{32E4F0D2-C135-475E-A841-1D59A0D22989}) (Version: 3.19 - Firaxis Games)
Sid Meier's Civilization 4 - Warlords (HKLM-x32\...\{3E4B349F-10B5-4586-9D99-489A90A8B228}) (Version: 2.13 - Firaxis Games)
Sid Meier's Civilization 4 (HKLM-x32\...\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}) (Version: 1.74 - Firaxis Games)
Sid Meier's Civilization 4 (x32 Version: 1.00.0000 - Firaxis Games) Hidden
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SlimDrivers (HKLM-x32\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27339 - TeamViewer)
TeXstudio 2.6.6 (HKLM-x32\...\TeXstudio_is1) (Version: 2.6.6 - Benito van der Zander)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The KMPlayer (HKLM-x32\...\The KMPlayer) (Version: 3.8.0.122 - PandoraTV)
ThrashIRC version 2.9 (HKLM-x32\...\{D3C0BE0C-9761-4AC1-8CEF-B53796FEDE44}) (Version: 2.9.0 - Anthony Thrash Durbin)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.3000.132 - TuneUp Software) Hidden
Tunngle Version Tunngle (HKLM-x32\...\Tunngle_is1) (Version: Tunngle - Tunngle.net GmbH)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wondershare TunesGo(Version 5.0.0) (HKLM-x32\...\{ADBA24FE-D6F6-4B21-97F3-D58A327422E4}_is1) (Version: 5.0.0 - Wondershare)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version:  - )
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Tobias\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Tobias\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Tobias\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Tobias\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tobias\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Tobias\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

Could not list restore points.
Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0ACE5948-49B8-4051-B091-2D7731DAB0AF} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-12-09] (COMODO)
Task: {1F4CE6EE-F11B-4D45-BD80-648A7AE51668} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {2149ACB9-406A-4799-B03D-E464744C55B0} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {3278CC75-2A4F-42E5-9E45-0B23993A37FC} - System32\Tasks\PCCT - MAGIX AG => C:\Program Files (x86)\MAGIX\PC_Check_Tuning_Free_2011\MxTray.exe
Task: {435F4013-DAB5-42A2-8608-FE980F293497} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4A6BB261-2823-48D6-B5FF-3605A1B5D549} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2764848105-337601815-2700051401-1000Core => C:\Users\Tobias\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {6EC5EE04-6804-4582-9F1B-F1D9319F54BF} - System32\Tasks\{2C2811EC-68D2-4790-A416-DCB51A70191C} => pcalua.exe -a "C:\Program Files\TeamSpeak 3 Client\plugins\ts3overlay\InstallHook.exe" -d "C:\Program Files\TeamSpeak 3 Client\plugins\ts3overlay\" -c ts3overlay_hook_win32.dll 10000
Task: {70CE8F9B-36A7-4EE3-AB38-59EED8E2D903} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2764848105-337601815-2700051401-1000UA => C:\Users\Tobias\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-21] (Google Inc.)
Task: {C6B6DD74-7D6C-4DD0-93D8-4DBEECDA58C8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2764848105-337601815-2700051401-1000Core => C:\Users\Tobias\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-21] (Google Inc.)
Task: {CA52BB50-4FB5-409E-B7E4-46F3F176FCC1} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2764848105-337601815-2700051401-1000UA => C:\Users\Tobias\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {D16C173F-EEF5-4641-ACAD-F5D7A5DCAF4F} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {D1C7621B-5C1D-4484-B24A-2BBB99883037} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {FB26CFD0-7289-4703-9BBC-9DC6E4546010} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-21] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2764848105-337601815-2700051401-1000Core.job => C:\Users\Tobias\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2764848105-337601815-2700051401-1000UA.job => C:\Users\Tobias\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2764848105-337601815-2700051401-1000Core.job => C:\Users\Tobias\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2764848105-337601815-2700051401-1000UA.job => C:\Users\Tobias\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-08-21 00:38 - 2014-12-13 09:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-11-15 01:48 - 2013-11-15 01:48 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2011-12-19 17:59 - 2013-04-15 18:39 - 00073424 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Tobias\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-09 18:14 - 2015-01-09 18:14 - 00043008 _____ () c:\users\tobias\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzfnldo.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Tobias\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Tobias\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Tobias\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-08-26 15:47 - 2014-08-26 15:47 - 00436576 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-08-26 15:47 - 2014-08-26 15:47 - 00318304 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2013-11-15 01:49 - 2013-11-15 01:49 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-12-11 00:56 - 2014-12-11 00:57 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-12-13 09:33 - 2014-12-06 02:50 - 01077064 _____ () C:\Users\Tobias\AppData\Local\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-13 09:33 - 2014-12-06 02:50 - 00211272 _____ () C:\Users\Tobias\AppData\Local\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-13 09:33 - 2014-12-06 02:50 - 09009480 _____ () C:\Users\Tobias\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 09:33 - 2014-12-06 02:50 - 01677128 _____ () C:\Users\Tobias\AppData\Local\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-13 09:33 - 2014-12-06 02:50 - 14913352 _____ () C:\Users\Tobias\AppData\Local\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
2014-12-21 01:17 - 2014-12-21 01:17 - 16843952 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvapi64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvaudcap64v.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvcompiler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvcuda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvcuvid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvd3dumx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispco6434709.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434709.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NvFBC64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvhdagenco64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvhdap64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NvIFR64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvinitx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvoglshim64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvoglv64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvopencl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvumdshimx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvvsvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvwgf2umx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc110esn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfcm110u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvaudcap32v.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvcompiler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvcuda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvcuvid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvd3dum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NvFBC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NvIFR.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvinit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvoglshim32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvoglv32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvopencl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvStreaming.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvumdshim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvwgf2um.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvhda64v.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvlddmkm.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvvad64v.sys:$CmdTcID
AlternateDataStreams: C:\ProgramData\TEMP:05EE1EEF
AlternateDataStreams: C:\Users\Tobias\Desktop\3+-+Kognitive+Aktivierung.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\Alpines - Cocoon - from YouTube.mp3:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\Chairlift - Amanaemonesia - from YouTube.mp3:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\Chairlift - Bruises - from YouTube.mp3:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\Defogger.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tobias\Desktop\Defogger.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\esetsmartinstaller_deu.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\Grimes - Vanessa (Official Video) - from YouTube.mp3:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\Logarithmusaufgaben 1.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\Logarithmusaufgaben mit Lösungen.PDF:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\mbar-1.08.2.1001.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tobias\Desktop\mbar-1.08.2.1001.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\o5lw8g6g.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tobias\Desktop\o5lw8g6g.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\RevoUninstallerPortable_1.95_Rev_2.paf.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\SecurityCheck.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\tdsskiller.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tobias\Desktop\tdsskiller.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\AdwCleaner_4.107.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\Aufgaben_und_Loesungen_zu_Logarithmen.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\Charakter_N'Tser Hreshzar Lodokain (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\Charakter_N'Tser Hreshzar Lodokain.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\DieWinterkoenigin-Spielerleitfaden_80ff (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\doubleTwistSetupFull.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tobias\Downloads\doubleTwistSetupFull.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\DS-Battlefield.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\Falkengrunds_letzte_Hoffnung_f2d3.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\Fitch-Formelsammlung.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\GS-Blob.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\GS_Schlangenmensch.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\GT_Klosterkarte.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\Kies_3.2.14113_3.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\mbar-1.08.2.1001(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Tobias\Downloads\mbar-1.08.2.1001(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\setup_pc_check_tuning.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\Spielleiterinformationen_Finstermond_Module_als_Kampagne_00f6.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\TunesGoforAndroid.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\Tunngle_Setup_v5.0 (1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\Tunngle_Setup_v5.0.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\Versuch-21.odt:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\[kickass.so]d.d.5e.player.s.handbook.monster.manual.adventure.lost.mine.of.phandelver.torrent:$CmdZnID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: DAEMON Tools Ultra Agent => "C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe" -autorun
MSCONFIG\startupreg: Hoolapp Android => "C:\Users\Tobias\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-2764848105-337601815-2700051401-500 - Administrator - Disabled)
Gast (S-1-5-21-2764848105-337601815-2700051401-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2764848105-337601815-2700051401-1014 - Limited - Enabled)
Tobias (S-1-5-21-2764848105-337601815-2700051401-1000 - Administrator - Enabled) => C:\Users\Tobias

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Could not start eventlog service, could not read events.

Systemfehler 123 aufgetreten.

Die Syntax f�r den Dateinamen, Verzeichnisnamen oder die Datentr�gerbezeichnung ist falsch.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 60%
Total physical RAM: 6142.49 MB
Available physical RAM: 2443.61 MB
Total Pagefile: 12283.16 MB
Available Pagefile: 6834.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:596.07 GB) (Free:147.72 GB) NTFS
Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:465.75 GB) (Free:37.81 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (NAS-SERVER) (CDROM) (Total:0.24 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 7E967411)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=596.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 115D115D)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

So, das war die letzte Log!

Ich werde jetzt den Tag über mal beobachten, wie der Rechner sich so verhält. Vielen, vielen Dank, schrauber, an dieser Stelle schon mal für die überragende Hilfe!

LG Wilfried

schrauber · 10.01.2015, 13:08

Java und Adobe updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Users\Tobias\Dropbox\RuK\Alter PC\Alte Downloads\SoftonicDownloader_fuer_screenshot-captor.exe

C:\Users\Tobias\Dropbox\RuK\Alter PC\Alte Downloads\zipper.exe

E:\Dokumente und Einstellungen\Default User\Lokale Einstellungen\Anwendungsdaten\Vuze_Remote\tbVuz2.dll

E:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Vuze_Remote\tbVuz2.dll

E:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Mozilla\Firefox\Profiles\zcvnyu9n.default\extensions\{6c3a1de1-94ca-4ad6-acdf-c1324adc487b}\chrome\isohunt-vuze.jar

E:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-6e0e8719

E:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\20\7bb99554-6ba0ff51

E:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\29\7adbb65d-36358016

E:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-5418919a

E:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\53\42441975-201eda3b

E:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\58\1f62c23a-1db7778c

E:\Dokumente und Einstellungen\Tobias\Desktop\Downloads\dtp435.rar

E:\Dokumente und Einstellungen\Tobias\Desktop\Downloads\loaristrojanremover.exe

E:\Dokumente und Einstellungen\Tobias\Eigene Dateien\Datensicherung\Programme zum Systemstart\JDownloader_0.87.EXE

E:\Dokumente und Einstellungen\Tobias\Lokale Einstellungen\Anwendungsdaten\Babylon\Setup\Setup-tbff-8.0.5.5.cab

E:\Dokumente und Einstellungen\Tobias\Lokale Einstellungen\Anwendungsdaten\Babylon\Setup\Setup.exe

E:\Dokumente und Einstellungen\Tobias\Lokale Einstellungen\Anwendungsdaten\Conduit\CT2504091\Vuze_RemoteAutoUpdaterHelper.exe

E:\Dokumente und Einstellungen\Tobias\Lokale Einstellungen\Anwendungsdaten\ConduitEngine\ConduitEngine.dll

E:\Dokumente und Einstellungen\Tobias\Lokale Einstellungen\Anwendungsdaten\Vuze_Remote\tbVuz2.dll

E:\Dokumente und Einstellungen\Tobias\Lokale Einstellungen\Temp\jar_cache2281460751461722175.tmp

E:\Dokumente und Einstellungen\Tobias\Lokale Einstellungen\Temp\jar_cache2295504349341295268.tmp

E:\Dokumente und Einstellungen\Tobias\Lokale Einstellungen\Temp\uninstall.exe

E:\Dokumente und Einstellungen\Tobias\Lokale Einstellungen\Temp\ToolbarUpdater_1293102164\autoUpdater.exe

E:\Programme\AskSBar\bar\1.bin\A2PLUGIN.DLL

E:\Programme\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

E:\Programme\Conduit\Community Alerts\Alert.dll

E:\Programme\Conduit\Community Alerts\Alert0.dll

E:\Programme\ConduitEngine\ConduitEngin0.dll

E:\Programme\ConduitEngine\ConduitEngine.dll

E:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll

E:\Programme\Trend Micro\HijackThis\backups\backup-20081206-203251-325.dll

E:\Programme\Trend Micro\HijackThis\backups\backup-20090325-183448-187.dll

E:\Programme\Vuze\.install4j\i4j_extf_10_5p83tu.exe

E:\Programme\Vuze\.install4j\i4j_extf_8_5p83tu.xpi

E:\Programme\Vuze\.install4j\i4j_extf_9_5p83tu.xpi

E:\Programme\Vuze_Remote\tbVuz0.dll

E:\Programme\Vuze_Remote\tbVuz1.dll

E:\Programme\Vuze_Remote\tbVuz2.dll

E:\Programme\Vuze_Remote\tbVuze.dll

E:\WINDOWS\Installer\eb9db.msi

E:\WINDOWS\system32\mkaadktt.ini

E:\WINDOWS\system32\ndsbfgdf.ini

E:\WINDOWS\system32\VvxbIRqr.ini

E:\WINDOWS\system32\VvxbIRqr.ini2

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Wilfried49 · 10.01.2015, 15:10

Adobe lässt sich nicht updaten:

"Update-Fehler

Zugriff verweigert

Fehler: 5"

Hier die Fixlog:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Tobias at 2015-01-10 15:05:18 Run:2
Running from C:\Users\Tobias\Desktop
Loaded Profile: Tobias (Available profiles: Tobias)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Tobias\Dropbox\RuK\Alter PC\Alte Downloads\SoftonicDownloader_fuer_screenshot-captor.exe

C:\Users\Tobias\Dropbox\RuK\Alter PC\Alte Downloads\zipper.exe

E:\Dokumente und Einstellungen\Default User\Lokale Einstellungen\Anwendungsdaten\Vuze_Remote\tbVuz2.dll

E:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Vuze_Remote\tbVuz2.dll

E:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Mozilla\Firefox\Profiles\zcvnyu9n.default\extensions\{6c3a1de1-94ca-4ad6-acdf-c1324adc487b}\chrome\isohunt-vuze.jar

E:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-6e0e8719

E:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\20\7bb99554-6ba0ff51

E:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\29\7adbb65d-36358016

E:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-5418919a

E:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\53\42441975-201eda3b

E:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\58\1f62c23a-1db7778c

E:\Dokumente und Einstellungen\Tobias\Desktop\Downloads\dtp435.rar

E:\Dokumente und Einstellungen\Tobias\Desktop\Downloads\loaristrojanremover.exe

E:\Dokumente und Einstellungen\Tobias\Eigene Dateien\Datensicherung\Programme zum Systemstart\JDownloader_0.87.EXE

E:\Dokumente und Einstellungen\Tobias\Lokale Einstellungen\Anwendungsdaten\Babylon\Setup\Setup-tbff-8.0.5.5.cab

E:\Dokumente und Einstellungen\Tobias\Lokale Einstellungen\Anwendungsdaten\Babylon\Setup\Setup.exe

E:\Dokumente und Einstellungen\Tobias\Lokale Einstellungen\Anwendungsdaten\Conduit\CT2504091\Vuze_RemoteAutoUpdaterHelper.exe

E:\Dokumente und Einstellungen\Tobias\Lokale Einstellungen\Anwendungsdaten\ConduitEngine\ConduitEngine.dll

E:\Dokumente und Einstellungen\Tobias\Lokale Einstellungen\Anwendungsdaten\Vuze_Remote\tbVuz2.dll

E:\Dokumente und Einstellungen\Tobias\Lokale Einstellungen\Temp\jar_cache2281460751461722175.tmp

E:\Dokumente und Einstellungen\Tobias\Lokale Einstellungen\Temp\jar_cache2295504349341295268.tmp

E:\Dokumente und Einstellungen\Tobias\Lokale Einstellungen\Temp\uninstall.exe

E:\Dokumente und Einstellungen\Tobias\Lokale Einstellungen\Temp\ToolbarUpdater_1293102164\autoUpdater.exe

E:\Programme\AskSBar\bar\1.bin\A2PLUGIN.DLL

E:\Programme\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

E:\Programme\Conduit\Community Alerts\Alert.dll

E:\Programme\Conduit\Community Alerts\Alert0.dll

E:\Programme\ConduitEngine\ConduitEngin0.dll

E:\Programme\ConduitEngine\ConduitEngine.dll

E:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll

E:\Programme\Trend Micro\HijackThis\backups\backup-20081206-203251-325.dll

E:\Programme\Trend Micro\HijackThis\backups\backup-20090325-183448-187.dll

E:\Programme\Vuze\.install4j\i4j_extf_10_5p83tu.exe

E:\Programme\Vuze\.install4j\i4j_extf_8_5p83tu.xpi

E:\Programme\Vuze\.install4j\i4j_extf_9_5p83tu.xpi

E:\Programme\Vuze_Remote\tbVuz0.dll

E:\Programme\Vuze_Remote\tbVuz1.dll

E:\Programme\Vuze_Remote\tbVuz2.dll

E:\Programme\Vuze_Remote\tbVuze.dll

E:\WINDOWS\Installer\eb9db.msi

E:\WINDOWS\system32\mkaadktt.ini

E:\WINDOWS\system32\ndsbfgdf.ini

E:\WINDOWS\system32\VvxbIRqr.ini

E:\WINDOWS\system32\VvxbIRqr.ini2
         
*****************

C:\Users\Tobias\Dropbox\RuK\Alter PC\Alte Downloads\SoftonicDownloader_fuer_screenshot-captor.exe => Moved successfully.
C:\Users\Tobias\Dropbox\RuK\Alter PC\Alte Downloads\zipper.exe => Moved successfully.
E:\Dokumente und Einstellungen\Default User\Lokale Einstellungen\Anwendungsdaten\Vuze_Remote\tbVuz2.dll => Moved successfully.
E:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Vuze_Remote\tbVuz2.dll => Moved successfully.
E:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Mozilla\Firefox\Profiles\zcvnyu9n.default\extensions\{6c3a1de1-94ca-4ad6-acdf-c1324adc487b}\chrome\isohunt-vuze.jar => Moved successfully.
E:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-6e0e8719 => Moved successfully.
E:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\20\7bb99554-6ba0ff51 => Moved successfully.
E:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\29\7adbb65d-36358016 => Moved successfully.
E:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-5418919a => Moved successfully.
E:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\53\42441975-201eda3b => Moved successfully.
E:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\58\1f62c23a-1db7778c => Moved successfully.
E:\Dokumente und Einstellungen\Tobias\Desktop\Downloads\dtp435.rar => Moved successfully.
E:\Dokumente und Einstellungen\Tobias\Desktop\Downloads\loaristrojanremover.exe => Moved successfully.
E:\Dokumente und Einstellungen\Tobias\Eigene Dateien\Datensicherung\Programme zum Systemstart\JDownloader_0.87.EXE => Moved successfully.
E:\Dokumente und Einstellungen\Tobias\Lokale Einstellungen\Anwendungsdaten\Babylon\Setup\Setup-tbff-8.0.5.5.cab => Moved successfully.
E:\Dokumente und Einstellungen\Tobias\Lokale Einstellungen\Anwendungsdaten\Babylon\Setup\Setup.exe => Moved successfully.
E:\Dokumente und Einstellungen\Tobias\Lokale Einstellungen\Anwendungsdaten\Conduit\CT2504091\Vuze_RemoteAutoUpdaterHelper.exe => Moved successfully.
E:\Dokumente und Einstellungen\Tobias\Lokale Einstellungen\Anwendungsdaten\ConduitEngine\ConduitEngine.dll => Moved successfully.
E:\Dokumente und Einstellungen\Tobias\Lokale Einstellungen\Anwendungsdaten\Vuze_Remote\tbVuz2.dll => Moved successfully.
E:\Dokumente und Einstellungen\Tobias\Lokale Einstellungen\Temp\jar_cache2281460751461722175.tmp => Moved successfully.
E:\Dokumente und Einstellungen\Tobias\Lokale Einstellungen\Temp\jar_cache2295504349341295268.tmp => Moved successfully.
E:\Dokumente und Einstellungen\Tobias\Lokale Einstellungen\Temp\uninstall.exe => Moved successfully.
E:\Dokumente und Einstellungen\Tobias\Lokale Einstellungen\Temp\ToolbarUpdater_1293102164\autoUpdater.exe => Moved successfully.
E:\Programme\AskSBar\bar\1.bin\A2PLUGIN.DLL => Moved successfully.
E:\Programme\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL => Moved successfully.
E:\Programme\Conduit\Community Alerts\Alert.dll => Moved successfully.
E:\Programme\Conduit\Community Alerts\Alert0.dll => Moved successfully.
E:\Programme\ConduitEngine\ConduitEngin0.dll => Moved successfully.
E:\Programme\ConduitEngine\ConduitEngine.dll => Moved successfully.
E:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll => Moved successfully.
E:\Programme\Trend Micro\HijackThis\backups\backup-20081206-203251-325.dll => Moved successfully.
E:\Programme\Trend Micro\HijackThis\backups\backup-20090325-183448-187.dll => Moved successfully.
E:\Programme\Vuze\.install4j\i4j_extf_10_5p83tu.exe => Moved successfully.
E:\Programme\Vuze\.install4j\i4j_extf_8_5p83tu.xpi => Moved successfully.
E:\Programme\Vuze\.install4j\i4j_extf_9_5p83tu.xpi => Moved successfully.
E:\Programme\Vuze_Remote\tbVuz0.dll => Moved successfully.
E:\Programme\Vuze_Remote\tbVuz1.dll => Moved successfully.
E:\Programme\Vuze_Remote\tbVuz2.dll => Moved successfully.
E:\Programme\Vuze_Remote\tbVuze.dll => Moved successfully.
E:\WINDOWS\Installer\eb9db.msi => Moved successfully.
E:\WINDOWS\system32\mkaadktt.ini => Moved successfully.
E:\WINDOWS\system32\ndsbfgdf.ini => Moved successfully.
E:\WINDOWS\system32\VvxbIRqr.ini => Moved successfully.
E:\WINDOWS\system32\VvxbIRqr.ini2 => Moved successfully.

==== End of Fixlog 15:05:34 ====

Combofix folgt!

und kannst Du mir eventuell sagen, wie ich das mit den Tastatur-Treibern mache? Mein erster Versuch über den Gerätemanager ist fehlgeschlagenen.

LG Wilfried

schrauber · 10.01.2015, 16:04

Adobe deinstallieren, dann neu installieren.
Ich denke die Tastatur geht wieder?

Wilfried49 · 10.01.2015, 19:27

Mh, gerade wirkt es, als sei es ein Glücksspiel, ob die Tastatur nach einem Neustart ihren Dienst erfüllt.

Combofix ist durchgelaufen, aber ich kann bei bestem Willen nirgends eine Log-Datei finden, weder in C noch sonst wo. Habe ich eventuell etwas falsch gemacht?

Übrigens kamen beim Start von Combofix und einmal mittendrin ~15 Fehlermeldungen, alle etwa so:

"Error saving file
C:\Windows\erdnt\Hiv-backup....

Continue with next file?

RegCreateKeyEx: 5 (Zugriff verweigert)"

Hat das irgendwas mit dem Fehler bei Adobe zu tun? Immerhin auch hier die "5" und "Zugriff verweigert" oder hat das damit nichts zu tun?

PS: Gerade funktioniert die Tastatur (eine Logitech G110) überhaupt nicht mehr. Allerdings ist die Beleuchtung aktiv (das war die ersten Male als sie nicht ging anders) und die zugehörige Software erkennt das Gerät.

schrauber · 10.01.2015, 20:34

</title> <meta content="" name="Search_category" /> <meta content="" name="Search_title" /> </head> <script> $( document ).ready(function() { if(false){ $(".full-specification-btn").click(); } }); </script> <head> <meta HTTP-EQUIV="PRAGMA" CONTENT="N
Hier den passenden Treiber für das Keyboard laden. Wenn das nicht klappt mal ein normales Keyboard anklemmen.

Und poste bitte ein frisches FRST log.

Wilfried49 · 10.01.2015, 20:45

Genau den Treiber habe ich installiert. Danach ging die Beleuchtung der Tastatur wieder und sie wurde dort auch angezeigt. Nur die Tasten gehen einfach nicht.

Werde morgen meine alte Tastatur testen.

hier FRST-Logs:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Tobias (administrator) on TOBIAS-PC on 10-01-2015 20:36:46
Running from C:\Users\Tobias\Desktop
Loaded Profile: Tobias (Available profiles: Tobias)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Dropbox, Inc.) C:\Users\Tobias\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [combofix] => C:\ComboFix\Combobatch.bat [8272 2015-01-10] ()
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2015-01-10] (Logitech Inc.)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1297112 2014-12-09] (COMODO)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2015-01-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2000-01-01] (Realtek Semiconductor)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [444760 2014-03-07] (Razer Inc.)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43608 2000-01-01] ()
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-15] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\RunOnce: [combofix] => C:\ComboFix\CF30071.3XE /c C:\ComboFixCombobatch.bat
HKLM\...\runonceex: [flags] => 
HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
Startup: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2764848105-337601815-2700051401-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2764848105-337601815-2700051401-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2764848105-337601815-2700051401-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com?fr=fp-comodo
URLSearchHook: HKLM-x32 - Default Value = {74198672-5F7D-4FE9-A611-4AC1D5A66A15}
URLSearchHook: HKU\S-1-5-21-2764848105-337601815-2700051401-1000 - Default Value = {74198672-5F7D-4FE9-A611-4AC1D5A66A15}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2764848105-337601815-2700051401-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\qgrdidvi.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2764848105-337601815-2700051401-1000: @acestream.net/acestreamplugin,version=3.0.4 -> C:\Users\Tobias\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-2764848105-337601815-2700051401-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Tobias\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2764848105-337601815-2700051401-1000: @talk.google.com/O1DPlugin -> C:\Users\Tobias\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2764848105-337601815-2700051401-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Tobias\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2764848105-337601815-2700051401-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Tobias\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Tobias\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Tobias\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\qgrdidvi.default\searchplugins\pornmd.xml
FF Extension: ProxTube - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\qgrdidvi.default\Extensions\ich@maltegoetz.de.xpi [2014-10-11]
FF Extension: PornMD - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\qgrdidvi.default\Extensions\PornMD@PornMD.xpi [2015-01-08]
FF Extension: Adblock Edge - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\qgrdidvi.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-07-15]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-04-04]

Chrome: 
=======
CHR HomePage: Default -> 
CHR Plugin: (Shockwave Flash) - C:\Users\Tobias\AppData\Local\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Tobias\AppData\Local\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Tobias\AppData\Local\Google\Chrome\Application\39.0.2171.71\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Tobias\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Tobias\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Tobias\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Tobias\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Profile: C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (IRC QuakeNet webchat) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhaphniflbbhhfailihfckiifpbgeokd [2014-03-18]
CHR Extension: (AdBlock) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-03]
CHR Extension: (ProxMate - Proxy on steroids!) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm [2013-04-13]
CHR Extension: (Stealthy) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje [2014-05-15]
CHR Extension: (Google Wallet) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\Chrome\Extension: [cnnbdaahphjgdgfhliignpepgnbnfomp] - c:\program files (x86)\copernic\desktopsearch4\ChromeConnector\ChromeConnector.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

Locked "BFE" service could not be unlocked. <===== ATTENTION

U2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-08] (BlueStack Systems, Inc.)
U2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-08] (BlueStack Systems, Inc.)
U2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-08] (BlueStack Systems, Inc.)
U2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2014-12-09] (COMODO)
U3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2014-12-09] (COMODO)
U3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [723192 2013-11-14] (Disc Soft Ltd)
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2015-01-09] (NVIDIA Corporation)
U2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2015-01-09] (NVIDIA Corporation)
U2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
U2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
U2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
U3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2014-11-04] (Tunngle.net GmbH)
U2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-09] (NVIDIA Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-08] (BlueStack Systems)
U1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2014-12-09] (COMODO)
U1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [792648 2014-12-09] (COMODO)
U1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45880 2014-12-09] (COMODO)
U3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2014-04-18] (Disc Soft Ltd)
U1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2014-12-09] (COMODO)
U5 MBAMSwissArmy; C:\Windows\System32\Drivers\MBAMSwissArmy.sys [129752 2015-01-09] (Malwarebytes Corporation)
U3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-01-09] (NVIDIA Corporation)
U3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation                           )
U3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-10] (Razer, Inc.)
U1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-10] (Razer, Inc.)
U3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-01-13] ()
U3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
U3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 uwdiipod; \??\C:\Users\Tobias\AppData\Local\Temp\uwdiipod.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 20:19 - 2015-01-10 20:19 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-01-10 19:34 - 2015-01-10 20:13 - 00000000 ___SD () C:\ComboFix
2015-01-10 19:13 - 2015-01-10 19:13 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-10 19:13 - 2015-01-10 19:13 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-01-10 19:13 - 2015-01-10 19:13 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-10 19:07 - 2015-01-10 19:07 - 67350808 _____ (Logitech Inc.) C:\Users\Tobias\Downloads\LGS_8.57.145_x64_Logitech.exe
2015-01-10 15:22 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-10 15:22 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-10 15:22 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-10 15:22 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-10 15:22 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-10 15:22 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-10 15:22 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-10 15:22 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-10 15:20 - 2015-01-10 15:58 - 00000000 ____D () C:\Qoobox
2015-01-10 15:16 - 2015-01-10 19:39 - 00000000 ____D () C:\Windows\erdnt
2015-01-10 15:10 - 2015-01-10 15:10 - 05609736 ___RN (Swearware) C:\Users\Tobias\Desktop\ComboFix.exe
2015-01-10 15:07 - 2015-01-10 15:07 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-01-10 15:07 - 2015-01-10 15:07 - 00000000 ____D () C:\Program Files\Java
2015-01-10 14:52 - 2015-01-10 14:55 - 92658088 _____ (Oracle Corporation) C:\Users\Tobias\Downloads\jre-8u25-windows-x64.exe
2015-01-10 14:52 - 2015-01-10 14:54 - 92658088 _____ (Oracle Corporation) C:\Users\Tobias\Downloads\jre-8u25-windows-x64(1).exe
2015-01-10 14:38 - 2015-01-10 14:38 - 01117584 _____ () C:\Windows\Minidump\011015-23056-01.dmp
2015-01-10 09:51 - 2015-01-10 09:51 - 00852505 _____ () C:\Users\Tobias\Desktop\SecurityCheck.exe
2015-01-09 18:25 - 2015-01-09 18:26 - 02347384 _____ (ESET) C:\Users\Tobias\Desktop\esetsmartinstaller_deu.exe
2015-01-09 14:59 - 2015-01-09 14:59 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-01-09 14:58 - 2015-01-09 14:58 - 00620176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-01-09 14:53 - 2015-01-09 14:58 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2015-01-09 14:53 - 2015-01-09 14:58 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-01-09 14:53 - 2015-01-09 14:58 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-01-09 14:53 - 2015-01-09 14:55 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-09 14:53 - 2015-01-09 14:55 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-09 14:53 - 2015-01-09 14:55 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-01-09 14:53 - 2015-01-09 14:55 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-09 14:53 - 2015-01-09 14:55 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2015-01-09 14:53 - 2015-01-09 14:55 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-01-09 14:53 - 2015-01-09 14:55 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-01-09 14:53 - 2015-01-09 14:55 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-01-09 14:53 - 2015-01-09 14:55 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-01-09 14:53 - 2015-01-09 14:55 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-01-09 14:53 - 2015-01-09 14:55 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-01-09 14:53 - 2015-01-09 14:55 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-01-09 14:53 - 2015-01-09 14:55 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-01-09 14:53 - 2015-01-09 14:54 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-01-09 14:53 - 2015-01-09 14:54 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-01-09 14:53 - 2015-01-09 14:54 - 17264312 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-01-09 14:53 - 2015-01-09 14:54 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-09 14:53 - 2015-01-09 14:54 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-01-09 14:53 - 2015-01-09 14:54 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-09 14:53 - 2015-01-09 14:54 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-01-09 14:53 - 2015-01-09 14:54 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2015-01-09 14:53 - 2015-01-09 14:54 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-01-09 14:53 - 2015-01-09 14:54 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-01-09 14:42 - 2014-12-13 01:12 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-01-09 14:42 - 2014-12-13 01:12 - 01291464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-01-09 14:41 - 2015-01-09 14:41 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-01-09 14:41 - 2015-01-09 14:41 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-01-09 12:26 - 2015-01-10 10:03 - 00033421 _____ () C:\Users\Tobias\Desktop\Addition.txt
2015-01-09 12:24 - 2015-01-10 20:38 - 00020069 _____ () C:\Users\Tobias\Desktop\FRST.txt
2015-01-09 12:18 - 2015-01-09 12:18 - 00000626 _____ () C:\Users\Tobias\Desktop\JRT.txt
2015-01-09 11:05 - 2015-01-09 11:05 - 00003790 _____ () C:\Users\Tobias\Desktop\AdwCleaner[S1].txt
2015-01-09 10:48 - 2015-01-09 10:48 - 00000000 ____D () C:\Windows\ERUNT
2015-01-09 10:45 - 2015-01-09 10:45 - 01707939 _____ (Thisisu) C:\Users\Tobias\Desktop\JRT.exe
2015-01-09 10:30 - 2015-01-09 10:31 - 02191360 _____ () C:\Users\Tobias\Downloads\AdwCleaner_4.107.exe
2015-01-09 00:00 - 2015-01-09 00:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-08 23:41 - 2015-01-09 00:30 - 00000000 ____D () C:\Users\Tobias\Desktop\mbar
2015-01-08 23:38 - 2015-01-08 23:38 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Tobias\Downloads\mbar-1.08.2.1001(1).exe
2015-01-08 23:26 - 2015-01-08 23:27 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Tobias\Desktop\mbar-1.08.2.1001.exe
2015-01-08 23:09 - 2015-01-08 23:09 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Tobias\Desktop\tdsskiller.exe
2015-01-08 22:29 - 2015-01-08 22:39 - 00000000 ____D () C:\Users\Tobias\Desktop\RevoUninstallerPortable
2015-01-08 22:27 - 2015-01-08 22:28 - 02785665 _____ (PortableApps.com) C:\Users\Tobias\Desktop\RevoUninstallerPortable_1.95_Rev_2.paf.exe
2015-01-08 18:57 - 2015-01-08 18:58 - 00000000 ____D () C:\Users\Tobias\AppData\Local\doubleTwist Corporation
2015-01-08 18:56 - 2015-01-10 19:10 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-08 18:56 - 2015-01-08 18:56 - 00002073 _____ () C:\Users\Public\Desktop\doubleTwist.lnk
2015-01-08 18:56 - 2015-01-08 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\doubleTwist
2015-01-08 18:55 - 2015-01-08 18:56 - 00000000 ____D () C:\Program Files (x86)\doubleTwist
2015-01-08 18:54 - 2015-01-08 18:54 - 21754656 _____ () C:\Users\Tobias\Downloads\doubleTwistSetupFull.exe
2015-01-08 16:59 - 2015-01-08 16:59 - 17927749 _____ () C:\Users\Tobias\Desktop\GMER.log
2015-01-08 15:13 - 2015-01-08 15:13 - 00000000 ____D () C:\ProgramData\Wondershare
2015-01-08 15:10 - 2015-01-08 15:10 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\HMYGSetting
2015-01-08 14:13 - 2015-01-08 14:13 - 00290808 _____ () C:\Windows\Minidump\010815-23400-01.dmp
2015-01-08 00:39 - 2015-01-08 00:39 - 00019039 _____ () C:\Users\Tobias\Downloads\Versuch-21.odt
2015-01-08 00:32 - 2015-01-08 00:32 - 15103931 _____ () C:\Users\Tobias\Desktop\gmer.txt
2015-01-07 18:37 - 2015-01-07 18:37 - 00380416 _____ () C:\Users\Tobias\Desktop\o5lw8g6g.exe
2015-01-07 18:36 - 2015-01-09 18:12 - 00000000 ____D () C:\FRST
2015-01-07 18:35 - 2015-01-07 18:35 - 02124288 _____ (Farbar) C:\Users\Tobias\Desktop\FRST64.exe
2015-01-07 18:34 - 2015-01-08 16:36 - 00000474 _____ () C:\Users\Tobias\Desktop\defogger_disable.log
2015-01-07 18:34 - 2015-01-07 18:34 - 00000000 _____ () C:\Users\Tobias\defogger_reenable
2015-01-07 18:16 - 2015-01-07 18:16 - 00050477 _____ () C:\Users\Tobias\Desktop\Defogger.exe
2015-01-07 17:57 - 2015-01-07 17:57 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-07 17:35 - 2015-01-07 17:35 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Wondershare
2015-01-07 17:35 - 2015-01-07 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2015-01-07 17:34 - 2015-01-07 17:34 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Wondershare
2015-01-07 17:34 - 2015-01-07 17:34 - 00000000 ____D () C:\Users\Tobias\.android
2015-01-07 17:34 - 2015-01-07 17:34 - 00000000 ____D () C:\Program Files (x86)\Wondershare
2015-01-07 17:31 - 2015-01-07 17:32 - 39544000 _____ (Wondershare ) C:\Users\Tobias\Downloads\TunesGoforAndroid.exe
2015-01-07 17:15 - 2015-01-07 17:15 - 00000000 ____D () C:\ProgramData\Samsung
2015-01-07 17:10 - 2015-01-07 17:15 - 00000000 ____D () C:\Users\Tobias\Documents\samsung
2015-01-07 17:10 - 2015-01-07 17:10 - 00000000 ____D () C:\Users\Tobias\Documents\SelfMV
2015-01-07 17:10 - 2015-01-07 17:10 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2015-01-07 17:03 - 2015-01-07 17:03 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Samsung
2015-01-07 17:03 - 2015-01-07 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-01-07 17:03 - 2014-05-07 17:42 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2015-01-07 17:02 - 2015-01-07 17:02 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-01-07 16:59 - 2015-01-07 16:59 - 42424368 _____ (Samsung Electronics Co., Ltd.) C:\Users\Tobias\Downloads\Kies_3.2.14113_3.exe
2015-01-04 10:55 - 2015-01-04 10:55 - 01052536 _____ () C:\Windows\Minidump\010415-30217-01.dmp
2015-01-04 10:54 - 2015-01-10 14:38 - 585620172 _____ () C:\Windows\MEMORY.DMP
2014-12-22 23:33 - 2014-12-26 23:30 - 00000000 ____D () C:\ProgramData\Tunngle
2014-12-22 23:33 - 2014-12-22 23:33 - 00000000 ____D () C:\Users\Public\Documents\Tunngle
2014-12-22 23:33 - 2014-12-22 23:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
2014-12-22 23:31 - 2014-12-22 23:31 - 04501720 _____ (Tunngle.net GmbH ) C:\Users\Tobias\Downloads\Tunngle_Setup_v5.0 (1).exe
2014-12-22 23:30 - 2014-12-22 23:30 - 04501720 _____ (Tunngle.net GmbH ) C:\Users\Tobias\Downloads\Tunngle_Setup_v5.0.exe
2014-12-22 21:07 - 2014-12-22 23:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-12-21 09:48 - 2014-12-21 09:48 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-21 09:48 - 2014-12-21 09:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-21 00:56 - 2014-12-21 00:56 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-20 11:13 - 2014-12-20 11:13 - 00297226 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-12-20 11:13 - 2014-12-20 11:13 - 00297222 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-12-20 11:13 - 2014-12-20 11:13 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-12-20 11:11 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-20 11:11 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-20 11:11 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-20 11:11 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-20 11:11 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-20 11:11 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-20 11:11 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-20 11:11 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-20 11:11 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-20 11:11 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-19 14:58 - 2014-12-19 15:02 - 00000000 ____D () C:\Users\Tobias\Downloads\D&D 5e books
2014-12-19 14:56 - 2014-12-19 14:56 - 00015892 _____ () C:\Users\Tobias\Downloads\[kickass.so]d.d.5e.player.s.handbook.monster.manual.adventure.lost.mine.of.phandelver.torrent
2014-12-19 02:50 - 2014-12-26 18:17 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-12-19 02:50 - 2014-12-19 02:50 - 00001236 _____ () C:\Users\Public\Desktop\NCH Suite.lnk
2014-12-19 02:50 - 2014-12-19 02:50 - 00001122 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
2014-12-19 02:50 - 2014-12-19 02:50 - 00001110 _____ () C:\Users\Public\Desktop\Debut Video Capture Software.lnk
2014-12-19 02:50 - 2014-12-19 02:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2014-12-16 21:53 - 2014-12-17 10:53 - 00001197 _____ () C:\Users\Tobias\Desktop\rap.txt
2014-12-15 01:33 - 2014-12-15 01:33 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\MAGIX
2014-12-15 01:14 - 2015-01-10 15:14 - 00000000 ____D () C:\Users\Tobias\Documents\MAGIX_MxTray
2014-12-15 01:12 - 2014-12-15 01:12 - 00000000 ____D () C:\Users\Tobias\Documents\OnDemandDump
2014-12-15 01:12 - 2014-12-15 01:12 - 00000000 ____D () C:\Users\Tobias\Documents\CrashLog
2014-12-15 01:12 - 2014-12-15 01:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2014-12-15 01:12 - 2014-12-15 01:12 - 00000000 ____D () C:\ProgramData\MAGIX
2014-12-15 01:12 - 2014-12-15 01:12 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2014-12-15 01:11 - 2014-12-15 01:12 - 00000000 ____D () C:\134ccbc360e05d682fe482cb
2014-12-15 01:09 - 2014-12-15 01:09 - 41085024 _____ (MAGIX AG) C:\Users\Tobias\Downloads\setup_pc_check_tuning.exe
2014-12-14 23:12 - 2014-12-14 23:15 - 00023362 _____ () C:\Users\Tobias\Desktop\SB2 AUFGABE3.odt
2014-12-12 11:08 - 2014-12-12 11:08 - 01764715 _____ () C:\Windows\WindowsUpdate.log
2014-12-11 02:36 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-11 02:36 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-11 02:36 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-11 02:36 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-11 02:36 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-11 02:36 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-11 02:36 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-11 02:36 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-11 02:35 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 02:35 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-11 02:35 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 02:35 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 02:35 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 02:35 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 02:35 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 02:35 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 02:35 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 02:35 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 02:35 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 02:35 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 02:35 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 02:35 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 02:35 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 02:35 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 02:35 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 02:35 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 02:35 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 02:35 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-11 02:35 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 02:35 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 02:35 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 02:35 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 02:35 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-11 02:35 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-11 02:35 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 02:35 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-11 02:35 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 02:35 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-11 02:35 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-11 02:35 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-11 02:35 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-11 02:35 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 02:35 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 02:35 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 02:35 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 02:35 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-11 02:35 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 02:35 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 02:35 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-11 02:35 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 02:35 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 02:35 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 02:35 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 02:35 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 02:35 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 02:35 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-11 02:35 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 02:35 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 02:35 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 02:35 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 02:35 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 02:35 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-11 02:35 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 02:35 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-11 02:35 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-11 02:34 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-11 02:34 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-11 02:34 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-11 02:34 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-11 02:34 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-11 02:34 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-11 02:34 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-11 02:34 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-11 02:34 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-11 02:34 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-11 02:34 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-11 02:34 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-11 02:34 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-11 02:34 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-11 00:56 - 2014-12-11 00:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 20:36 - 2014-07-30 20:05 - 01356696 _____ () C:\Windows\system32\Drivers\fvstore.dat
2015-01-10 20:35 - 2012-08-21 00:32 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2764848105-337601815-2700051401-1000UA.job
2015-01-10 20:34 - 2012-08-21 02:32 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2015-01-10 20:27 - 2013-11-12 15:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-10 20:27 - 2009-07-14 05:45 - 00027888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-10 20:27 - 2009-07-14 05:45 - 00027888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-10 20:20 - 2012-11-07 19:17 - 00000000 ___RD () C:\Users\Tobias\Dropbox
2015-01-10 20:17 - 2012-11-07 19:14 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Dropbox
2015-01-10 20:15 - 2014-04-27 14:00 - 00042687 _____ () C:\Windows\setupact.log
2015-01-10 20:15 - 2012-08-21 00:39 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-10 20:15 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-10 19:22 - 2012-08-23 00:00 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Adobe
2015-01-10 19:13 - 2012-08-21 02:49 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-10 19:13 - 2012-08-21 02:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-01-10 19:13 - 2012-08-21 01:22 - 00000000 ____D () C:\Program Files\Logitech Gaming Software
2015-01-10 19:09 - 2012-08-21 01:21 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Logishrd
2015-01-10 19:07 - 2012-08-21 03:02 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2764848105-337601815-2700051401-1000UA.job
2015-01-10 18:52 - 2012-08-21 02:04 - 00206056 _____ () C:\Windows\PFRO.log
2015-01-10 18:10 - 2014-04-07 18:25 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Paint.NET
2015-01-10 18:05 - 2012-09-26 22:32 - 00219136 ___SH () C:\Users\Tobias\Thumbs.db
2015-01-10 15:07 - 2014-08-07 09:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-10 15:07 - 2014-04-17 06:57 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-10 14:38 - 2014-06-13 19:33 - 00000000 ____D () C:\Windows\Minidump
2015-01-10 11:12 - 2012-08-21 03:51 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Skype
2015-01-10 04:07 - 2012-08-21 03:02 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2764848105-337601815-2700051401-1000Core.job
2015-01-10 01:05 - 2012-08-21 00:32 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2764848105-337601815-2700051401-1000Core.job
2015-01-09 16:05 - 2012-08-21 00:22 - 00000000 ____D () C:\Users\Tobias
2015-01-09 15:00 - 2014-01-13 21:56 - 00000000 ____D () C:\Users\Tobias\AppData\Local\NVIDIA Corporation
2015-01-09 14:59 - 2012-08-21 00:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-01-09 14:59 - 2012-08-21 00:28 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-01-09 14:56 - 2012-08-21 00:38 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-01-09 14:55 - 2013-02-25 23:32 - 18594432 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-01-09 14:55 - 2013-02-25 23:32 - 03293136 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-01-09 14:55 - 2013-02-25 23:32 - 02897824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-01-09 14:55 - 2012-08-21 00:28 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-01-09 14:54 - 2014-02-19 14:19 - 16040184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-01-09 14:54 - 2013-02-25 23:32 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-01-09 14:54 - 2013-02-25 23:32 - 14128496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-01-09 14:42 - 2012-08-21 00:28 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-01-09 14:41 - 2014-01-13 21:43 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-01-09 10:38 - 2014-07-14 01:19 - 00000000 ____D () C:\AdwCleaner
2015-01-09 10:00 - 2014-07-14 01:19 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-09 00:00 - 2014-07-14 01:19 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-08 18:56 - 2012-11-06 01:20 - 00092624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcm110u.dll
2015-01-08 18:56 - 2012-11-06 01:20 - 00073680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc110esn.dll
2015-01-08 15:10 - 2014-10-20 19:21 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-07 23:52 - 2012-08-21 19:59 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\TS3Client
2015-01-07 22:29 - 2014-11-02 13:37 - 00020491 _____ () C:\Users\Tobias\Downloads\Bartholomäus.ods
2015-01-07 17:57 - 2014-07-14 01:19 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-07 17:57 - 2014-07-14 01:19 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-07 17:57 - 2014-07-14 01:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-07 17:57 - 2014-07-14 01:19 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-07 17:09 - 2012-08-24 18:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-04 10:55 - 2009-07-14 05:45 - 00309736 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-04 10:54 - 2012-10-12 13:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-01 23:53 - 2014-04-08 12:53 - 00000000 ____D () C:\The KMPlayer
2014-12-26 18:34 - 2012-08-21 00:32 - 00067200 _____ () C:\Users\Tobias\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-26 11:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-24 15:13 - 2012-08-21 03:52 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Thunderbird
2014-12-22 23:33 - 2014-03-26 23:04 - 00000000 ____D () C:\Program Files (x86)\Tunngle
2014-12-22 23:33 - 2014-03-25 17:45 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Tunngle
2014-12-22 23:20 - 2012-08-22 19:18 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\vlc
2014-12-21 01:17 - 2013-11-12 15:45 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-21 01:17 - 2013-02-09 22:21 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-21 01:17 - 2013-02-09 22:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-21 00:56 - 2014-06-14 07:38 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-21 00:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-21 00:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-20 11:20 - 2013-08-15 00:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-20 11:13 - 2012-08-21 15:18 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-19 20:35 - 2014-04-18 20:00 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\uTorrent
2014-12-19 14:56 - 2014-11-29 20:04 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\.ACEStream
2014-12-16 22:02 - 2014-11-29 20:06 - 00000000 ___HD () C:\_acestream_cache_
2014-12-13 20:44 - 2012-11-07 19:17 - 00001021 _____ () C:\Users\Tobias\Desktop\Dropbox.lnk
2014-12-13 20:44 - 2012-11-07 19:15 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-13 11:08 - 2014-02-19 14:18 - 00027983 _____ () C:\Windows\system32\nvinfo.pb
2014-12-13 09:03 - 2012-08-21 00:38 - 06859408 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-12-13 09:03 - 2012-08-21 00:38 - 03513488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-12-13 09:03 - 2012-08-21 00:38 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-12-13 09:03 - 2012-08-21 00:38 - 00386368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-12-13 09:03 - 2012-08-21 00:38 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-12-13 01:12 - 2014-01-13 21:53 - 02824504 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-12-13 01:12 - 2014-01-13 21:53 - 02210040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-12-13 00:11 - 2012-08-21 00:38 - 04151176 _____ () C:\Windows\system32\nvcoproc.bin
2014-12-12 11:12 - 2014-05-15 12:25 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2014-12-12 10:42 - 2009-07-14 18:58 - 00801286 _____ () C:\Windows\system32\perfh007.dat
2014-12-12 10:42 - 2009-07-14 18:58 - 00206086 _____ () C:\Windows\system32\perfc007.dat
2014-12-11 20:14 - 2014-09-22 10:14 - 00000000 ____D () C:\Users\Tobias\.maptool

Some content of TEMP:
====================
C:\Users\Tobias\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4uct5y.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 11:50

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Tobias at 2015-01-10 20:38:54
Running from C:\Users\Tobias\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
Ace Stream Media 3.0.4 (HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\AceStream) (Version: 3.0.4 - Ace Stream Media)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
A-PDF INFO Changer 2.0 (HKLM-x32\...\A-PDF INFO Changer_is1) (Version:  - A-PDF.com)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Photo Optimizer 5 v.5.1.1 (HKLM-x32\...\Ashampoo Photo Optimizer 5_is1) (Version: 5.1.1 - Ashampoo GmbH & Co. KG)
BASE 5.5 (HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\BASE 5.5) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitTorrent (HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\BitTorrent) (Version: 7.9.2.32692 - BitTorrent Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4079 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{8DCCC556-265B-478A-8B32-C12DA988BA74}) (Version: 0.9.4.4079 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Codecs for Windows 7 Pack 4.0.5 (HKLM-x32\...\Codecs for Windows 7 Pack) (Version: 4.0.5 - Codecs for Windows 7 Pack)
COMODO Internet Security (HKLM\...\{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}) (Version: 5.10.31649.2253 - COMODO Security Solutions Inc.)
CPUID CPU-Z 1.66.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
d20Pro (HKLM-x32\...\d20Pro) (Version:  - )
DAEMON Tools Ultra (HKLM-x32\...\DAEMON Tools Ultra) (Version: 2.1.0.0187 - Disc Soft Ltd)
DAoC Portal (HKLM-x32\...\{EC9359B3-2548-4DB1-B322-6D71A17501F9}) (Version: 2.8.2 - Dawn of Light)
DAOC-Charplan (HKLM-x32\...\DAOCCharplan) (Version:  - )
Dark Age of Camelot (HKLM-x32\...\Dark Age of Camelot) (Version:  - Electronic Arts)
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 2.05 - NCH Software)
DisplayFusion 4.1 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 4.1.0.0 - Binary Fortress Software)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)
doubleTwist Sync (HKLM-x32\...\doubleTwist) (Version: 4.0.4.19771 - doubleTwist Corporation)
Dropbox (HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
EroBottle 4.6  (HKLM-x32\...\EroBottle) (Version: 4.6 - Kai Ebersbach - www.erosoft.de)
EroBottle-Extensions-Editor Vers. 1.4 (HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\EroBottle-Extensions-Editor Vers. 1.4) (Version:  - )
Evernote v. 5.6.4 (HKLM-x32\...\{DFDF0BE2-2D71-11E4-9454-00163E98E7D6}) (Version: 5.6.4.4632 - Evernote Corp.)
Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
Fantasy Voice Pack (HKLM-x32\...\{86E06E3C-CAAD-4A11-B984-B05961FDA98A}) (Version: 1.3.3 - Screaming Bee)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Genesis version Genesis Launcher 1.005 (HKLM-x32\...\{975e7799-c584-47f0-9c12-c1551f3e95f2}_is1) (Version: Genesis Launcher 1.005 - Pawel D. alias Laplume for Genesis.)
Google Chrome (HKU\S-1-5-21-2764848105-337601815-2700051401-1000\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hero Lab 4.1 (HKLM-x32\...\{760AA190-82DF-4A80-BE05-B9FEEC88946D}_is1) (Version: 4.1 - LWD Technology, Inc.)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.65.11 - JMicron Technology Corp.)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.58 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.58 - LogMeIn, Inc.) Hidden
MAGIX Screenshare (HKLM-x32\...\{B63DFA23-5C10-44B4-881D-45EFBF4A4761}) (Version: 4.3.6.1987 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mora's Ausrüstungsplaner (HKLM-x32\...\{8A33CE67-80FB-4469-9ED1-E5D116391F68}_is1) (Version: 1.72 - Mora)
MorphVOX Junior (HKLM-x32\...\{E6C7380F-15DD-445E-BA02-B7A180BA0A5A}) (Version: 2.8.1 - Screaming Bee)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NEF Codec (HKLM-x32\...\{D6506521-0959-4FA3-875F-E2E28830B0D2}) (Version: 1.00.0000 - Nikon)
NSU (HKLM-x32\...\{323F7AD9-1F4D-49E1-973B-80E1B6F1623A}) (Version: 1.00.1000 - Medion AG)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Patch Origins version 1.0.11 (HKLM-x32\...\{75147b12-6219-448d-886b-0a9a02d1e648}_is1) (Version: 1.0.11 - Pawel D. alias Laplume pour Origins.)
PCGen6000 (HKLM-x32\...\PCGen6000) (Version:  - )
PDF Architect (HKLM-x32\...\{80A07844-CA64-4DE4-AB61-D37DDBE8074F}) (Version: 1.0.52.8917 - pdfforge)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RarZilla Free Unrar (HKLM-x32\...\RarZilla Free Unrar) (Version: 4.80 - Philipp Winterberg)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.17.22 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.) Hidden
Scrabble3D (HKLM-x32\...\{E11BBF69-C686-45B3-9267-CE44603B47AE}) (Version: 3.1.0.29 - Heiko Tietze)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Sid Meier's Civilization 4 - Beyond the Sword (HKLM-x32\...\{32E4F0D2-C135-475E-A841-1D59A0D22989}) (Version: 3.19 - Firaxis Games)
Sid Meier's Civilization 4 - Warlords (HKLM-x32\...\{3E4B349F-10B5-4586-9D99-489A90A8B228}) (Version: 2.13 - Firaxis Games)
Sid Meier's Civilization 4 (HKLM-x32\...\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}) (Version: 1.74 - Firaxis Games)
Sid Meier's Civilization 4 (x32 Version: 1.00.0000 - Firaxis Games) Hidden
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SlimDrivers (HKLM-x32\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27339 - TeamViewer)
TeXstudio 2.6.6 (HKLM-x32\...\TeXstudio_is1) (Version: 2.6.6 - Benito van der Zander)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The KMPlayer (HKLM-x32\...\The KMPlayer) (Version: 3.8.0.122 - PandoraTV)
ThrashIRC version 2.9 (HKLM-x32\...\{D3C0BE0C-9761-4AC1-8CEF-B53796FEDE44}) (Version: 2.9.0 - Anthony Thrash Durbin)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.3000.132 - TuneUp Software) Hidden
Tunngle Version Tunngle (HKLM-x32\...\Tunngle_is1) (Version: Tunngle - Tunngle.net GmbH)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wondershare TunesGo(Version 5.0.0) (HKLM-x32\...\{ADBA24FE-D6F6-4B21-97F3-D58A327422E4}_is1) (Version: 5.0.0 - Wondershare)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version:  - )
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Tobias\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Tobias\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Tobias\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Tobias\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tobias\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764848105-337601815-2700051401-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Tobias\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

Could not list restore points.
Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {079E9101-891E-400C-9EB7-68E86D3C67B0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {0ACE5948-49B8-4051-B091-2D7731DAB0AF} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-12-09] (COMODO)
Task: {1F4CE6EE-F11B-4D45-BD80-648A7AE51668} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {2149ACB9-406A-4799-B03D-E464744C55B0} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {435F4013-DAB5-42A2-8608-FE980F293497} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4A6BB261-2823-48D6-B5FF-3605A1B5D549} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2764848105-337601815-2700051401-1000Core => C:\Users\Tobias\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {6EC5EE04-6804-4582-9F1B-F1D9319F54BF} - System32\Tasks\{2C2811EC-68D2-4790-A416-DCB51A70191C} => pcalua.exe -a "C:\Program Files\TeamSpeak 3 Client\plugins\ts3overlay\InstallHook.exe" -d "C:\Program Files\TeamSpeak 3 Client\plugins\ts3overlay\" -c ts3overlay_hook_win32.dll 10000
Task: {70CE8F9B-36A7-4EE3-AB38-59EED8E2D903} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2764848105-337601815-2700051401-1000UA => C:\Users\Tobias\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-21] (Google Inc.)
Task: {C6B6DD74-7D6C-4DD0-93D8-4DBEECDA58C8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2764848105-337601815-2700051401-1000Core => C:\Users\Tobias\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-21] (Google Inc.)
Task: {CA52BB50-4FB5-409E-B7E4-46F3F176FCC1} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2764848105-337601815-2700051401-1000UA => C:\Users\Tobias\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {D16C173F-EEF5-4641-ACAD-F5D7A5DCAF4F} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {D1C7621B-5C1D-4484-B24A-2BBB99883037} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {FB26CFD0-7289-4703-9BBC-9DC6E4546010} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-21] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2764848105-337601815-2700051401-1000Core.job => C:\Users\Tobias\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2764848105-337601815-2700051401-1000UA.job => C:\Users\Tobias\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2764848105-337601815-2700051401-1000Core.job => C:\Users\Tobias\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2764848105-337601815-2700051401-1000UA.job => C:\Users\Tobias\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-08-21 00:38 - 2014-12-13 09:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-18 08:23 - 2014-09-18 08:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 08:23 - 2014-09-18 08:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2013-11-15 01:48 - 2013-11-15 01:48 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2011-12-19 17:59 - 2013-04-15 18:39 - 00073424 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Tobias\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-10 20:16 - 2015-01-10 20:16 - 00043008 _____ () c:\users\tobias\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4uct5y.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Tobias\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Tobias\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Tobias\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-08-26 15:47 - 2014-08-26 15:47 - 00436576 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-08-26 15:47 - 2014-08-26 15:47 - 00318304 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2013-11-15 01:49 - 2013-11-15 01:49 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-12-11 00:56 - 2014-12-11 00:57 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-12-21 01:17 - 2014-12-21 01:17 - 16843952 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvapi64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvaudcap64v.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvcompiler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvcuda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvcuvid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvd3dumx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispco6434709.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434709.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NvFBC64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvhdagenco64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvhdap64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NvIFR64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvinitx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvoglshim64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvoglv64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvopencl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvumdshimx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvvsvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvwgf2umx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc110esn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfcm110u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvaudcap32v.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvcompiler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvcuda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvcuvid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvd3dum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NvFBC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\NvIFR.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvinit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvoglshim32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvoglv32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvopencl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvStreaming.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvumdshim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvwgf2um.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvhda64v.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvlddmkm.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvvad64v.sys:$CmdTcID
AlternateDataStreams: C:\ProgramData\TEMP:05EE1EEF
AlternateDataStreams: C:\Users\Tobias\Desktop\3+-+Kognitive+Aktivierung.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\Alpines - Cocoon - from YouTube.mp3:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\Chairlift - Amanaemonesia - from YouTube.mp3:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\Chairlift - Bruises - from YouTube.mp3:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\ComboFix.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\Defogger.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tobias\Desktop\Defogger.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\esetsmartinstaller_deu.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\Grimes - Vanessa (Official Video) - from YouTube.mp3:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\Logarithmusaufgaben 1.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\Logarithmusaufgaben mit Lösungen.PDF:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\mbar-1.08.2.1001.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tobias\Desktop\mbar-1.08.2.1001.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\o5lw8g6g.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tobias\Desktop\o5lw8g6g.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\RevoUninstallerPortable_1.95_Rev_2.paf.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\SecurityCheck.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Desktop\tdsskiller.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tobias\Desktop\tdsskiller.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\AdwCleaner_4.107.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\Aufgaben_und_Loesungen_zu_Logarithmen.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\Charakter_N'Tser Hreshzar Lodokain (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\Charakter_N'Tser Hreshzar Lodokain.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\DieWinterkoenigin-Spielerleitfaden_80ff (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\doubleTwistSetupFull.exe:$CmdTcID
AlternateDataStreams: C:\Users\Tobias\Downloads\doubleTwistSetupFull.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\DS-Battlefield.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\Falkengrunds_letzte_Hoffnung_f2d3.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\Fitch-Formelsammlung.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\GS-Blob.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\GS_Schlangenmensch.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\GT_Klosterkarte.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\jre-8u25-windows-x64(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\jre-8u25-windows-x64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\Kies_3.2.14113_3.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\LGS_8.57.145_x64_Logitech.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\mbar-1.08.2.1001(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Tobias\Downloads\mbar-1.08.2.1001(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\setup_pc_check_tuning.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\Spielleiterinformationen_Finstermond_Module_als_Kampagne_00f6.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\TunesGoforAndroid.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\Tunngle_Setup_v5.0 (1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\Tunngle_Setup_v5.0.exe:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\Versuch-21.odt:$CmdZnID
AlternateDataStreams: C:\Users\Tobias\Downloads\[kickass.so]d.d.5e.player.s.handbook.monster.manual.adventure.lost.mine.of.phandelver.torrent:$CmdZnID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: DAEMON Tools Ultra Agent => "C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe" -autorun
MSCONFIG\startupreg: Hoolapp Android => "C:\Users\Tobias\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-2764848105-337601815-2700051401-500 - Administrator - Disabled)
Gast (S-1-5-21-2764848105-337601815-2700051401-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2764848105-337601815-2700051401-1014 - Limited - Enabled)
Tobias (S-1-5-21-2764848105-337601815-2700051401-1000 - Administrator - Enabled) => C:\Users\Tobias

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Could not start eventlog service, could not read events.

Systemfehler 123 aufgetreten.

Die Syntax f�r den Dateinamen, Verzeichnisnamen oder die Datentr�gerbezeichnung ist falsch.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 37%
Total physical RAM: 6142.49 MB
Available physical RAM: 3838.89 MB
Total Pagefile: 12283.16 MB
Available Pagefile: 9590.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:596.07 GB) (Free:148.44 GB) NTFS
Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:465.75 GB) (Free:37.81 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (NAS-SERVER) (CDROM) (Total:0.24 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 7E967411)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=596.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 115D115D)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Combofix hat auch im 2. Versuch keine Log-Datei erstellt.

09.01.2015, 19:54	#21
schrauber /// the machine /// TB-Ausbilder	Diverse Probleme mit Rechner und seit neustem: WShelper.exe Nach dem Reboot müsste die wieder gehen. Was ist das für ein Keyboard? ODer ist das ein Laptop. Dann Treiber neu laden. __________________ --> Diverse Probleme mit Rechner und seit neustem: WShelper.exe

09.01.2015, 20:53	#23
schrauber /// the machine /// TB-Ausbilder	Diverse Probleme mit Rechner und seit neustem: WShelper.exe OK, da brauchts nen Extra Treiber. Tastatur mal abklemmen und wieder anklemmen. Oder bei Logitech auf der Seite den Treiber neu laden. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

10.01.2015, 16:04	#27
schrauber /// the machine /// TB-Ausbilder	Diverse Probleme mit Rechner und seit neustem: WShelper.exe Adobe deinstallieren, dann neu installieren. Ich denke die Tastatur geht wieder? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Diverse Probleme mit Rechner und seit neustem: WShelper.exe

Log-Analyse und Auswertung: Diverse Probleme mit Rechner und seit neustem: WShelper.exe