Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Positive Finds Ads

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.02.2015, 22:37   #1
Ivi03
 
Positive Finds Ads - Standard

Positive Finds Ads



Guten Abend

Ich habe seit heute ein Problem - bei fast allen Seiten die ich öffne (komischerweise bei allen außer Google und Facebook), öffnen sich mehrere Werbungen. Nach langwieriger Recherche hab ich herausgefunden dass es wohl Positive Finds Ads sind....
Ich hab heute schon zwei Mal einen Scan vom Norten AntiVirus ausgeführt, doch es wurde nie etwas gefunden!

Leider bin ich alles andere als ein Genie im im Umgang mit Computern :-/

Ich hoffe mir kann hier jemand helfen!

Vielen Dank!

Liebe Grüße,
Ivi

Alt 01.02.2015, 22:41   #2
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Positive Finds Ads - Standard

Positive Finds Ads





Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.



Los geht's:

Schritt 1


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 01.02.2015, 22:51   #3
Ivi03
 
Positive Finds Ads - Standard

Positive Finds Ads



Hallo Jürgen!

Vielen vielen Dank für deine Hilfe!!

Hier das FRST.txt:




FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Cornelia (administrator) on CORNELIALAPTOP on 01-02-2015 22:46:20
Running from C:\Users\Cornelia\Desktop
Loaded Profiles: UpdatusUser & Cornelia (Available profiles: UpdatusUser & Cornelia & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
() C:\Program Files (x86)\bob internetsoftware\bobInternetsoftware_Service.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Dropbox, Inc.) C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files (x86)\bob internetsoftware\bobInternetsoftware_Launcher.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe
() C:\Program Files (x86)\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe
(WebToGo Gmbh) C:\Program Files (x86)\bob internetsoftware\bobInternetsoftware.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\8\Plugin.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\5\Plugin.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2010-10-29] (Acer Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11619432 2010-11-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2185832 2010-11-26] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296768 2010-11-12] (NTI Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-14] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1025616 2010-12-09] (Dritek System Inc.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2010-12-10] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\ssmmgr.exe [618496 2010-06-07] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2014-05-23] (Sony Corporation)
HKLM-x32\...\Run: [TAG_bobinternetsoftware_Launcher.exe] => C:\Program Files (x86)\bob internetsoftware\bobinternetsoftware_Launcher.exe [478192 2012-10-23] ()
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-05-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-109719926-1927758322-2587551322-1000\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Run: [Google Update] => C:\Users\Cornelia\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-30] (Google Inc.)
HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Run: [GoogleChromeAutoLaunch_B25262183A7D0BB9D958785DE345946E] => C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe [843592 2015-01-27] (Google Inc.)
HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-05-23] (Samsung)
HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-05-23] (Samsung)
HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\MountPoints2: {f0a87f3c-b662-11e2-97fd-b870f4b04956} - F:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs:  C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2010-12-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
AppInit_DLLs-x32:  C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [192616 2010-12-12] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Cornelia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.6.0.32
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.6.0.32
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.6.0.32
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.6.0.32
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-109719926-1927758322-2587551322-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-21-109719926-1927758322-2587551322-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-109719926-1927758322-2587551322-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.6.0.32
HKU\S-1-5-21-109719926-1927758322-2587551322-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-109719926-1927758322-2587551322-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-109719926-1927758322-2587551322-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.6.0.32
HKU\S-1-5-21-109719926-1927758322-2587551322-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-21-109719926-1927758322-2587551322-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-109719926-1927758322-2587551322-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-109719926-1927758322-2587551322-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
SearchScopes: HKLM -> DefaultScope {71588120-FC17-4463-B07D-2C71FE6E057B} URL = hxxp://go.findrsearch.com/search/web?q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {71588120-FC17-4463-B07D-2C71FE6E057B} URL = hxxp://go.findrsearch.com/search/web?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-109719926-1927758322-2587551322-1001 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=119816&babsrc=SP_ss_din2g&mntrId=C2B5CCAF7872A4D7
SearchScopes: HKU\S-1-5-21-109719926-1927758322-2587551322-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-109719926-1927758322-2587551322-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=119816&babsrc=SP_ss_din2g&mntrId=C2B5CCAF7872A4D7
SearchScopes: HKU\S-1-5-21-109719926-1927758322-2587551322-1001 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\S-1-5-21-109719926-1927758322-2587551322-1001 -> {71588120-FC17-4463-B07D-2C71FE6E057B} URL = hxxp://go.findrsearch.com/search/web?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Positive Finds -> {30c85a3d-1d96-4589-b63f-91fb7ef45a41} -> C:\Program Files (x86)\Positive Finds\Extensions\30c85a3d-1d96-4589-b63f-91fb7ef45a41.dll ()
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
Tcpip\..\Interfaces\{5EA47198-71AC-4837-9E18-C7FC3143A626}: [NameServer] 194.48.139.254 194.48.128.199

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-109719926-1927758322-2587551322-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-109719926-1927758322-2587551322-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-109719926-1927758322-2587551322-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.3.0.12\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.3.0.12\IPSFF [2014-06-26]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.0.43\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.0.43\coFFPlgn [2015-01-31]
FF HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Firefox\Extensions: [lrcspal@xinghao.net] - C:\Program Files (x86)\XingHaoLyrics\FF
FF Extension: LyricsPal - C:\Program Files (x86)\XingHaoLyrics\FF [2013-06-12]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=C2B5CCAF7872A4D7
CHR StartupUrls: Default -> "hxxp://google.at/", "https://learn.wu.ac.at/"
CHR Profile: C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (YouTube) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]
CHR Extension: (Google-Suche) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]
CHR Extension: (Norton Identity Safe) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-31]
CHR Extension: (Google Wallet) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
CHR Extension: (Norton Security Toolbar) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2014-06-25]
CHR Extension: (Google Mail) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]
CHR HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Cornelia\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-05-06]
CHR HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Cornelia\AppData\Roaming\BabSolution\CR\Delta.crx [2013-04-22]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Cornelia\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2013-06-01]
CHR HKLM-x32\...\Chrome\Extension: [mmiopbgcekanlhpjkonogoljpfmhpkhf] - C:\Program Files (x86)\XingHaoLyrics\Chrome.crx [2013-06-04]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\Exts\Chrome.crx [2014-08-07]
StartMenuInternet: Google Chrome - C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe [262968 2014-09-21] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe [130104 2014-07-31] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2010-11-12] (NTI Corporation)
R2 Service Mgr PositiveFinds; C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe [549624 2015-02-01] ()
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2014-04-25] (Sony Corporation) [File not signed]
R2 TAG_Service; C:\Program Files (x86)\bob internetsoftware\bobinternetsoftware_Service.exe [497648 2012-10-23] ()
R2 Update Mgr PositiveFinds; C:\Program Files (x86)\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe [351992 2015-02-01] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.3.0.12\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1506000.020\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07060.00F\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-05-22] () [File not signed]
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.3.0.12\Definitions\IPSDefs\20150130.001\IDSvia64.sys [668888 2015-01-14] (Symantec Corporation)
R3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [120832 2011-03-04] (TCT International Mobile Ltd)
R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.3.0.12\Definitions\VirusDefs\20150131.003\ENG64.SYS [129752 2015-01-19] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.3.0.12\Definitions\VirusDefs\20150131.003\EX64.SYS [2137304 2015-01-19] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\NAVx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
S2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-07-29] (Samsung Electronics)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-03-19] (DEVGURU Co., LTD.(www.devguru.co.kr))
R0 SymDS; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-06-24] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 22:46 - 2015-02-01 22:47 - 00030967 _____ () C:\Users\Cornelia\Desktop\FRST.txt
2015-02-01 22:46 - 2015-02-01 22:46 - 00000000 ____D () C:\FRST
2015-02-01 22:45 - 2015-02-01 22:45 - 02131456 _____ (Farbar) C:\Users\Cornelia\Desktop\frst64.exe
2015-01-31 23:10 - 2015-01-31 23:10 - 00000000 ____D () C:\Users\Cornelia\AppData\Roaming\OpenOffice
2015-01-31 23:09 - 2015-01-31 23:09 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2015-01-31 23:09 - 2015-01-31 23:09 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2015-01-31 23:08 - 2015-01-31 23:09 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2015-01-31 23:03 - 2015-01-31 23:03 - 00000000 ____D () C:\Users\Cornelia\Desktop\OpenOffice 4.1.1 (de) Installation Files
2015-01-31 22:59 - 2015-01-31 23:02 - 164858324 _____ () C:\Users\Cornelia\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de.exe
2015-01-31 19:35 - 2015-01-31 19:35 - 00001757 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-01-31 19:35 - 2015-01-31 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-31 19:34 - 2015-01-31 19:35 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-31 19:34 - 2015-01-31 19:35 - 00000000 ____D () C:\Program Files\iTunes
2015-01-31 19:34 - 2015-01-31 19:34 - 00000000 ____D () C:\Program Files\iPod
2015-01-31 19:34 - 2015-01-31 19:34 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-31 19:32 - 2015-02-01 11:32 - 00000000 ____D () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
2015-01-31 19:32 - 2015-01-31 19:32 - 00000000 ____D () C:\Program Files (x86)\Positive Finds
2015-01-31 19:30 - 2015-01-31 19:30 - 00000000 ____D () C:\Users\Cornelia\AppData\Roaming\RHEng
2015-01-31 19:30 - 2015-01-31 19:30 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-01-31 19:26 - 2015-01-31 19:26 - 03533528 _____ (DVDVideoSoft Ltd. ) C:\Users\Cornelia\Downloads\FreeStudio.exe
2015-01-31 19:23 - 2015-01-31 19:24 - 03533008 _____ (DVDVideoSoft Ltd. ) C:\Users\Cornelia\Downloads\FreeYouTubeToMP3Converter (1).exe
2015-01-19 11:11 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-19 11:11 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-19 11:11 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-19 11:11 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-19 11:11 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-19 11:11 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-19 11:11 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-16 18:29 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-16 18:29 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-16 18:29 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-16 18:29 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-16 18:29 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-16 18:29 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 22:42 - 2011-12-04 00:08 - 00000000 ____D () C:\Users\Cornelia\AppData\Roaming\Skype
2015-02-01 22:41 - 2014-05-06 21:59 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-01 22:07 - 2013-02-28 17:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-01 22:06 - 2011-11-24 17:04 - 01612827 _____ () C:\Windows\WindowsUpdate.log
2015-02-01 21:54 - 2011-12-03 23:21 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001UA.job
2015-02-01 21:03 - 2011-12-05 22:16 - 00000099 _____ () C:\Users\Public\LMDebug.log
2015-02-01 20:54 - 2011-12-03 23:21 - 00001080 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001Core.job
2015-02-01 20:41 - 2014-05-06 21:59 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-01 20:41 - 2011-11-24 16:58 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2015-02-01 20:41 - 2011-11-24 16:58 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2015-02-01 20:41 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-01 20:38 - 2011-11-24 17:44 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-01-31 23:10 - 2011-12-01 19:24 - 00068616 _____ () C:\Users\Cornelia\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-31 23:08 - 2011-12-08 13:34 - 00000000 ____D () C:\Program Files (x86)\OpenOffice.org 3
2015-01-31 23:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-31 19:49 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-31 19:49 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-31 19:46 - 2011-12-01 21:16 - 00000000 ____D () C:\ProgramData\clear.fi
2015-01-31 19:44 - 2012-11-25 17:12 - 00000000 ___RD () C:\Users\Cornelia\Dropbox
2015-01-31 19:44 - 2012-11-25 17:10 - 00000000 ____D () C:\Users\Cornelia\AppData\Roaming\Dropbox
2015-01-31 19:43 - 2014-05-06 22:01 - 00000000 ___RD () C:\Users\Cornelia\Google Drive
2015-01-31 19:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-31 19:41 - 2009-07-14 05:51 - 00089785 _____ () C:\Windows\setupact.log
2015-01-31 19:40 - 2011-11-24 17:01 - 00114628 _____ () C:\Windows\PFRO.log
2015-01-31 19:34 - 2011-12-03 23:57 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-31 19:32 - 2011-12-03 23:52 - 00000000 ____D () C:\Users\Cornelia\AppData\Roaming\DVDVideoSoft
2015-01-31 19:31 - 2014-05-12 10:57 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-01-31 19:31 - 2013-04-22 14:26 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-01-31 19:31 - 2013-03-15 12:28 - 00001536 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2015-01-31 19:31 - 2013-03-15 12:28 - 00001245 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-01-31 19:31 - 2011-12-03 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-01-31 19:07 - 2013-02-28 17:29 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-31 19:07 - 2013-02-28 17:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-31 19:07 - 2013-02-28 17:29 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-31 19:07 - 2011-12-03 23:23 - 00002381 _____ () C:\Users\Cornelia\Desktop\Google Chrome.lnk
2015-01-29 22:46 - 2014-05-06 22:00 - 00002046 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-01-29 22:46 - 2014-05-06 22:00 - 00002044 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-01-29 22:46 - 2014-05-06 22:00 - 00002034 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-01-29 22:46 - 2014-05-06 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-19 10:57 - 2012-11-11 19:11 - 00000000 ____D () C:\Users\Cornelia\AppData\Local\CrashDumps
2015-01-16 20:03 - 2013-07-22 20:03 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-16 20:03 - 2011-12-04 20:44 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-12 20:05 - 2012-05-27 20:28 - 01344512 ___SH () C:\Users\Cornelia\Downloads\Thumbs.db

==================== Files in the root of some directories =======

2013-04-25 10:21 - 2013-02-09 22:55 - 0114176 _____ () C:\Users\Cornelia\AppData\Roaming\BabMaint.exe
2011-11-24 17:36 - 2011-11-24 17:39 - 0016108 _____ () C:\ProgramData\ArcadeDeluxe5.log
2011-01-11 16:25 - 2010-03-03 00:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe

Some content of TEMP:
====================
C:\Users\Cornelia\AppData\Local\Temp\amazonicon.exe
C:\Users\Cornelia\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Cornelia\AppData\Local\Temp\COMAP.EXE
C:\Users\Cornelia\AppData\Local\Temp\DeltaTB.exe
C:\Users\Cornelia\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmph7iqvs.dll
C:\Users\Cornelia\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Cornelia\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Cornelia\AppData\Local\Temp\FreeYouTubeToMP3Converter.exe
C:\Users\Cornelia\AppData\Local\Temp\MSN7AFB.exe
C:\Users\Cornelia\AppData\Local\Temp\nsi5C0F.exe
C:\Users\Cornelia\AppData\Local\Temp\nsn548F.exe
C:\Users\Cornelia\AppData\Local\Temp\nsnF91B.exe
C:\Users\Cornelia\AppData\Local\Temp\nsxFED6.exe
C:\Users\Cornelia\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Cornelia\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Cornelia\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Cornelia\AppData\Local\Temp\tmpB3CF.exe
C:\Users\Cornelia\AppData\Local\Temp\tmpB8D8.exe
C:\Users\Cornelia\AppData\Local\Temp\UpdateCheckerSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-26 06:37

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Cornelia at 2015-02-01 22:47:26
Running from C:\Users\Cornelia\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton AntiVirus (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton AntiVirus (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.69 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1216 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1216 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3000 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.1130.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Photoshop Elements (HKLM-x32\...\Adobe Photoshop Elements 1.0) (Version: 1.0 - Adobe Systems, Inc.)
Adobe Reader 9.2 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.2.0 - Adobe Systems Incorporated)
Airport Mania First Flight (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}) (Version:  - Oberon Media)
Amazon Kindle (HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Amazon Kindle) (Version:  - Amazon)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Apple Application Support (32-Bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Backup Manager V3 (x32 Version: 3.0.0.69 - NTI Corporation) Hidden
bob internetsoftware (HKLM-x32\...\TAG) (Version: 2.0 - A1 Telekom Austria AG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.100.235.19 - Broadcom Corporation)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.4.9.3 - Broadcom Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{029A4933-3F36-4E4F-AEC3-2207AB26463D}) (Version: 14.4.8.3 - Broadcom Corporation)
BrowserProtect (HKLM-x32\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version:  - Bit89 Inc) <==== ATTENTION
Bundled software uninstaller (HKLM-x32\...\bi_uninstaller) (Version:  - ) <==== ATTENTION
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version:  - Oberon Media)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1223.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1223.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.7209 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3008 - Acer Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delta Chrome Toolbar (HKLM-x32\...\Delta Chrome Toolbar) (Version:  - Visual Tools) <==== ATTENTION
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
DriverTuner 3.0.1.0 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.0.0.1 - LionSea SoftWare)
Dropbox (HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
Free Studio version 5.3.1 (HKLM-x32\...\Free Studio_is1) (Version:  - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.54.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.)
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version:  - Oberon Media)
Google Chrome (HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.0.82.0 - Intel)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.0.3 - Acer Inc.)
LyricsPal (HKLM-x32\...\lrcspal@xinghao.net) (Version:  - XingHao Software) <==== ATTENTION
MediaEspresso (x32 Version: 1.0.1210_33255 - CyberLink Corp.) Hidden
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version:  - Oberon Media)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\MyFreeCodec) (Version:  - )
MyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.11 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
Norton AntiVirus (HKLM-x32\...\NAV) (Version: 21.6.0.32 - Symantec Corporation)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.6.15 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8939 - NTI Corporation) Hidden
NVIDIA Graphics Driver 266.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.19 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Poker Pop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version:  - Oberon Media)
Positive Finds (HKLM-x32\...\Positive Finds) (Version: 2.0.5509.12952 - Positive Finds) <==== ATTENTION!
Reader for PC (HKLM-x32\...\{38FB32F7-5A2A-40E4-B106-4C35F75725CD}) (Version: 2.4.00.05230 - Sony Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6254 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_15 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_15 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.40.0 - SAMSUNG Electronics Co., Ltd.)
Shredder (Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version:  - Oberon Media)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.0 - Synaptics Incorporated)
Wartung Samsung ML-1660 Series (HKLM-x32\...\Samsung ML-1660 Series) (Version:  - Samsung Electronics Co., Ltd.)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3007 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

10-12-2014 20:36:09 Windows Update
15-12-2014 23:20:50 Windows Update
16-12-2014 22:54:16 Windows Update
21-12-2014 23:02:24 Windows Update
16-01-2015 20:02:54 Windows Update
21-01-2015 21:33:00 Windows Modules Installer
31-01-2015 23:04:23 OpenOffice 4.1.1 wird installiert

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06BA6298-290B-4817-86D4-8CD0D28C9EBE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {199D932C-0C4A-4439-B48E-220627C8FA35} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {2445FE38-BD4B-4FEF-89C4-45B6EB718D72} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-06] (Google Inc.)
Task: {37410EB5-7B03-4E47-A2D3-97639690DEC5} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2010-12-23] (Acer Incorporated)
Task: {476DE42C-46BB-436B-8D97-07B95EE9AED9} - System32\Tasks\BrowserProtect => Sc.exe start BrowserProtect <==== ATTENTION
Task: {555F6ED2-2EB7-4C61-8086-9700931166FD} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {75210ACE-464B-4BB1-A5FE-798842B5A5E6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001UA => C:\Users\Cornelia\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-30] (Google Inc.)
Task: {9036EF6C-3105-4280-BEBB-A3A2967CF5C5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-31] (Adobe Systems Incorporated)
Task: {95DEAF90-B330-4F36-890C-3FF5459F612F} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2010-12-23] (CyberLink Corp.)
Task: {97584F22-C785-4C9F-9A19-108750BE6775} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2010-12-23] (CyberLink)
Task: {98829D97-1101-46B9-8431-F612446E240F} - System32\Tasks\{C34F34C0-9C41-4EC5-9BCC-E825F7BE1B90} => Chrome.exe hxxp://ui.skype.com/ui/0/6.14.59.104/de/abandoninstall?page=tsProgressBar
Task: {AD67AB1F-23A1-4E79-B991-E8665CFF4AD9} - System32\Tasks\EPUpdater => C:\Users\Cornelia\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-06-06] () <==== ATTENTION
Task: {B4C0D583-8889-452A-BD6D-5DBD8597CE26} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2010-12-01] (Acer)
Task: {B55BD94B-FA1A-4B53-87CD-54E144EEC4A9} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {B5D864F1-76D5-4E4A-BF37-2D01A5F03AF6} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {B763D147-978F-4725-AD4B-A67135B8AC4B} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D787E221-3558-4706-8D6A-63D816B97178} - System32\Tasks\{8D77CDAC-FE8C-4581-AE68-F85B6B60BE02} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=4.1.0.179.367&amp;LastError=404
Task: {F14F0E35-8A84-4080-A884-0CFA3EBC11B7} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {F1CE618E-1B8A-4816-8F34-2A7B3AAD40B8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001Core => C:\Users\Cornelia\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-30] (Google Inc.)
Task: {FCC870A9-3B61-4E41-A96D-0C0FDE8A9462} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-06] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001Core.job => C:\Users\Cornelia\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001UA.job => C:\Users\Cornelia\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-06-22 06:48 - 2011-06-22 06:48 - 00034304 _____ () C:\Windows\System32\ssp7ml6.dll
2011-06-22 06:48 - 2011-06-22 06:48 - 00826880 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\ssp7mdu.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-06 16:46 - 2012-10-23 12:27 - 00497648 _____ () C:\Program Files (x86)\bob internetsoftware\bobinternetsoftware_Service.exe
2009-01-22 01:45 - 2009-01-22 01:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2010-12-29 05:13 - 2010-12-17 01:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-12-05 22:12 - 2010-06-07 11:35 - 00618496 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2011-12-05 22:12 - 2009-07-29 11:13 - 00306688 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe
2013-05-06 16:46 - 2012-10-23 12:27 - 00478192 _____ () C:\Program Files (x86)\bob internetsoftware\bobInternetsoftware_Launcher.exe
2015-01-20 22:35 - 2015-01-20 22:35 - 00306984 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2015-01-31 12:48 - 2015-02-01 02:12 - 00549624 _____ () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe
2015-01-31 11:48 - 2015-02-01 01:12 - 00351992 _____ () C:\Program Files (x86)\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe
2015-02-01 09:12 - 2015-02-01 09:12 - 00503032 _____ () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\8\plugin.exe
2015-02-01 07:59 - 2015-02-01 07:59 - 00518904 _____ () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\5\plugin.exe
2010-11-12 02:22 - 2010-11-12 02:22 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2010-11-12 02:22 - 2010-11-12 02:22 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2010-11-12 02:22 - 2010-11-12 02:22 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2010-12-23 23:46 - 2010-12-23 23:46 - 00210312 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-31 19:43 - 2015-01-31 19:43 - 00043008 _____ () c:\users\cornelia\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmph7iqvs.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-05-23 18:13 - 2014-05-23 18:13 - 00880640 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00040264 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00239944 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00026952 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
2014-04-25 21:27 - 2014-04-25 21:27 - 00798720 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00125256 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00016200 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00024904 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00017224 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00015176 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00034632 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00018760 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00092488 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00149832 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00178504 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll
2015-01-31 19:42 - 2015-01-31 19:42 - 00098816 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\win32api.pyd
2015-01-31 19:42 - 2015-01-31 19:42 - 00110080 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\pywintypes27.dll
2015-01-31 19:42 - 2015-01-31 19:42 - 00364544 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\pythoncom27.dll
2015-01-31 19:42 - 2015-01-31 19:42 - 00045568 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\_socket.pyd
2015-01-31 19:42 - 2015-01-31 19:42 - 01160704 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\_ssl.pyd
2015-01-31 19:42 - 2015-01-31 19:42 - 00320512 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\win32com.shell.shell.pyd
2015-01-31 19:42 - 2015-01-31 19:42 - 00713216 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\_hashlib.pyd
2015-01-31 19:42 - 2015-01-31 19:42 - 01175040 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\wx._core_.pyd
2015-01-31 19:42 - 2015-01-31 19:42 - 00805888 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\wx._gdi_.pyd
2015-01-31 19:42 - 2015-01-31 19:42 - 00811008 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\wx._windows_.pyd
2015-01-31 19:42 - 2015-01-31 19:42 - 01062400 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\wx._controls_.pyd
2015-01-31 19:42 - 2015-01-31 19:42 - 00735232 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\wx._misc_.pyd
2015-01-31 19:42 - 2015-01-31 19:42 - 00557056 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\pysqlite2._sqlite.pyd
2015-01-31 19:42 - 2015-01-31 19:42 - 00128512 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\_elementtree.pyd
2015-01-31 19:42 - 2015-01-31 19:42 - 00127488 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\pyexpat.pyd
2015-01-31 19:42 - 2015-01-31 19:42 - 00087552 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\_ctypes.pyd
2015-01-31 19:42 - 2015-01-31 19:42 - 00119808 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\win32file.pyd
2015-01-31 19:42 - 2015-01-31 19:42 - 00108544 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\win32security.pyd
2015-01-31 19:42 - 2015-01-31 19:42 - 00007168 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\hashobjs_ext.pyd
2015-01-31 19:42 - 2015-01-31 19:42 - 00167936 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\win32gui.pyd
2015-01-31 19:42 - 2015-01-31 19:42 - 00018432 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\win32event.pyd
2015-01-31 19:42 - 2015-01-31 19:42 - 00038912 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\win32inet.pyd
2015-01-31 19:42 - 2015-01-31 19:42 - 00011264 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\win32crypt.pyd
2015-01-31 19:42 - 2015-01-31 19:42 - 00070656 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\wx._html2.pyd
2015-01-31 19:42 - 2015-01-31 19:42 - 00027136 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\_multiprocessing.pyd
2015-01-31 19:41 - 2015-01-31 19:42 - 00035840 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\win32process.pyd
2015-01-31 19:42 - 2015-01-31 19:42 - 00686080 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\unicodedata.pyd
2015-01-31 19:42 - 2015-01-31 19:42 - 00122368 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\wx._wizard.pyd
2015-01-31 19:42 - 2015-01-31 19:42 - 00024064 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\win32pipe.pyd
2015-01-31 19:42 - 2015-01-31 19:42 - 00025600 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\win32pdh.pyd
2015-01-31 19:42 - 2015-01-31 19:42 - 00525640 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\windows._lib_cacheinvalidation.pyd
2015-01-31 19:42 - 2015-01-31 19:42 - 00010240 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\select.pyd
2015-01-31 19:42 - 2015-01-31 19:42 - 00017408 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\win32profile.pyd
2015-01-31 19:42 - 2015-01-31 19:42 - 00022528 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\win32ts.pyd
2015-01-31 19:42 - 2015-01-31 19:42 - 00078336 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI47882\wx._animate.pyd
2013-05-06 16:46 - 2012-10-23 12:26 - 00256512 _____ () C:\Program Files (x86)\bob internetsoftware\WtgMobileBroadband7.dll
2014-10-30 19:17 - 2014-10-30 19:17 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ba8588c3319d63350220ec2ac3eb2c36\IsdiInterop.ni.dll
2011-11-24 17:14 - 2010-09-14 03:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-05-06 16:46 - 2012-01-25 10:38 - 01097728 _____ () C:\Program Files (x86)\bob internetsoftware\NDISAPI.dll
2015-01-31 19:07 - 2015-01-27 04:44 - 01117512 _____ () C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\40.0.2214.94\libglesv2.dll
2015-01-31 19:07 - 2015-01-27 04:44 - 00211272 _____ () C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\40.0.2214.94\libegl.dll
2015-01-31 19:07 - 2015-01-27 04:44 - 09171272 _____ () C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\40.0.2214.94\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-109719926-1927758322-2587551322-500 - Administrator - Disabled)
Cornelia (S-1-5-21-109719926-1927758322-2587551322-1001 - Administrator - Enabled) => C:\Users\Cornelia
Gast (S-1-5-21-109719926-1927758322-2587551322-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-109719926-1927758322-2587551322-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-109719926-1927758322-2587551322-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/01/2015 11:13:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9969

Error: (02/01/2015 11:13:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9969

Error: (02/01/2015 11:13:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/29/2015 10:56:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21964

Error: (01/29/2015 10:56:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21964

Error: (01/29/2015 10:56:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/29/2015 10:55:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9952

Error: (01/29/2015 10:55:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9952

Error: (01/29/2015 10:55:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/27/2015 10:19:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9953


System errors:
=============
Error: (02/01/2015 08:43:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/01/2015 08:43:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/01/2015 04:02:16 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (02/01/2015 04:02:16 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (02/01/2015 04:02:15 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (02/01/2015 04:02:15 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (02/01/2015 04:02:14 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (01/31/2015 07:41:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/31/2015 07:41:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/31/2015 07:38:34 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {DC0C2640-1415-4644-875C-6F4D769839BA}


Microsoft Office Sessions:
=========================
Error: (02/01/2015 11:13:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9969

Error: (02/01/2015 11:13:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9969

Error: (02/01/2015 11:13:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/29/2015 10:56:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21964

Error: (01/29/2015 10:56:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21964

Error: (01/29/2015 10:56:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/29/2015 10:55:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9952

Error: (01/29/2015 10:55:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9952

Error: (01/29/2015 10:55:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/27/2015 10:19:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9953


CodeIntegrity Errors:
===================================
  Date: 2013-07-17 20:55:48.783
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-17 20:55:48.630
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-17 20:55:46.310
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-17 20:55:46.157
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-17 20:55:42.867
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-17 20:55:42.718
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-17 20:55:40.460
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-17 20:55:40.310
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-17 20:55:38.055
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-17 20:55:37.906
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 74%
Total physical RAM: 3947.86 MB
Available physical RAM: 1000.03 MB
Total Pagefile: 7893.9 MB
Available Pagefile: 4361.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:224.87 GB) (Free:129.88 GB) NTFS
Drive d: (DATA) (Fixed) (Total:225.17 GB) (Free:225.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: ACEEA5BB)
Partition 1: (Not Active) - (Size=15.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=224.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=225.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 01.02.2015, 23:01   #4
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Positive Finds Ads - Standard

Positive Finds Ads



Gerne!

Schritt 1

Bitte deinstalliere folgende Programme:

BrowserProtect
Bundled software uninstaller
Delta Chrome Toolbar
LyricsPal
Positive Finds


Versuche es bei Windows 7 zunächst über Systemsteuerung/Programme deinstallieren.

Sollte das nicht gehen, lade Dir bitte Revo Uninstallerhier herunter. Entpacke die zip-Datei auf den Desktop. Anleitung
  • Starte die Revouninstaller.exe
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den oben angegebenen Programmen und wähle sie einzeln aus.
    Klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

Wenn Du ein Programm nicht deinstallieren kannst, mach mit dem nächsten weiter.
Auch wenn am Ende noch Programme übrig geblieben sind, führe den nächsten Schritt aus:

Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 3

  • Download
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Unter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
  • Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten".
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...)
  • Poste mir den Inhalt der Logdatei (geht so...). Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread.

Schritt 4



Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 01.02.2015, 23:38   #5
Ivi03
 
Positive Finds Ads - Standard

Positive Finds Ads



Das Log zum AdwCleaner:

Code:
ATTFilter
# AdwCleaner v4.109 - Bericht erstellt am 01/02/2015 um 23:29:17
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Cornelia - CORNELIALAPTOP
# Gestartet von : C:\Users\Cornelia\Desktop\AdwCleaner_4.109.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\Users\Cornelia\AppData\Local\onlysearch
Ordner Gelöscht : C:\Users\Cornelia\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Cornelia\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Cornelia\AppData\Roaming\Delta
Ordner Gelöscht : C:\Users\Cornelia\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Cornelia\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Cornelia\AppData\Roaming\RHEng
Ordner Gelöscht : C:\Users\Cornelia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Ordner Gelöscht : C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob
Datei Gelöscht : C:\Users\Cornelia\AppData\Roaming\BabMaint.exe
Datei Gelöscht : C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
Datei Gelöscht : C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\bprotector web data
Datei Gelöscht : C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal

***** [ Tasks ] *****

Task Gelöscht : BrowserProtect
Task Gelöscht : EPUpdater

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\nppllibpnmahfaklnpggkibhkapjkeob
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\d
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKCU\Software\Classes\keepmysearch
Schlüssel Gelöscht : HKCU\Software\848cdcbd3ebf44
Schlüssel Gelöscht : HKLM\SOFTWARE\848cdcbd3ebf44
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{71588120-FC17-4463-B07D-2C71FE6E057B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{71588120-FC17-4463-B07D-2C71FE6E057B}
Schlüssel Gelöscht : HKCU\Software\BABSOLUTION
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\DataMngr
[#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\XingHaoLyrics
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\isearch.babylon.com

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Google Chrome v

[C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=C2B5CCAF7872A4D7

*************************

AdwCleaner[R0].txt - [7825 octets] - [01/02/2015 23:16:03]
AdwCleaner[S0].txt - [6713 octets] - [01/02/2015 23:29:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6773 octets] ##########
         


Alt 01.02.2015, 23:39   #6
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Positive Finds Ads - Standard

Positive Finds Ads



Prima!
__________________
--> Positive Finds Ads

Alt 02.02.2015, 00:59   #7
Ivi03
 
Positive Finds Ads - Standard

Positive Finds Ads



So next one...Inhalt der Log Datei von Anti-Melware

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org


Scan, 02.02.2015 00:43:10, SYSTEM, CORNELIALAPTOP, Manual, Start: % 1 "% 2", Dauer: % 1 min 51 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 2 Malwareerkennung, 66-Malwareerkennung, 
Protection, 02.02.2015 00:46:47, SYSTEM, CORNELIALAPTOP, Protection, Malware Protection, Starting, 
Protection, 02.02.2015 00:46:47, SYSTEM, CORNELIALAPTOP, Protection, Malware Protection, Started, 
Protection, 02.02.2015 00:46:47, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Starting, 
Protection, 02.02.2015 00:47:11, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Started, 

(end)
         
So und noch mal das FRST


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Cornelia (administrator) on CORNELIALAPTOP on 02-02-2015 00:54:14
Running from C:\Users\Cornelia\Desktop
Loaded Profiles: UpdatusUser & Cornelia (Available profiles: UpdatusUser & Cornelia & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
() C:\Program Files (x86)\bob internetsoftware\bobInternetsoftware_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Dropbox, Inc.) C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
() C:\Program Files (x86)\bob internetsoftware\bobInternetsoftware_Launcher.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(WebToGo Gmbh) C:\Program Files (x86)\bob internetsoftware\bobInternetsoftware.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2010-10-29] (Acer Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11619432 2010-11-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2185832 2010-11-26] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296768 2010-11-12] (NTI Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-14] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1025616 2010-12-09] (Dritek System Inc.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2010-12-10] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\ssmmgr.exe [618496 2010-06-07] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2014-05-23] (Sony Corporation)
HKLM-x32\...\Run: [TAG_bobinternetsoftware_Launcher.exe] => C:\Program Files (x86)\bob internetsoftware\bobinternetsoftware_Launcher.exe [478192 2012-10-23] ()
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-05-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-109719926-1927758322-2587551322-1000\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Run: [Google Update] => C:\Users\Cornelia\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-30] (Google Inc.)
HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Run: [GoogleChromeAutoLaunch_B25262183A7D0BB9D958785DE345946E] => C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe [843592 2015-01-27] (Google Inc.)
HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-05-23] (Samsung)
HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-05-23] (Samsung)
HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\MountPoints2: {f0a87f3c-b662-11e2-97fd-b870f4b04956} - F:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2010-12-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [192616 2010-12-12] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Cornelia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.6.0.32
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.6.0.32
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.6.0.32
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.6.0.32
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-109719926-1927758322-2587551322-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-21-109719926-1927758322-2587551322-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-109719926-1927758322-2587551322-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.6.0.32
HKU\S-1-5-21-109719926-1927758322-2587551322-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-109719926-1927758322-2587551322-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-109719926-1927758322-2587551322-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.6.0.32
HKU\S-1-5-21-109719926-1927758322-2587551322-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-21-109719926-1927758322-2587551322-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-109719926-1927758322-2587551322-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-109719926-1927758322-2587551322-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-109719926-1927758322-2587551322-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
Tcpip\..\Interfaces\{5EA47198-71AC-4837-9E18-C7FC3143A626}: [NameServer] 194.48.139.254 194.48.128.199

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-109719926-1927758322-2587551322-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-109719926-1927758322-2587551322-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-109719926-1927758322-2587551322-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.3.0.12\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.3.0.12\IPSFF [2014-06-26]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.0.43\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.0.43\coFFPlgn [2015-02-02]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=C2B5CCAF7872A4D7
CHR StartupUrls: Default -> "hxxp://google.at/", "https://learn.wu.ac.at/"
CHR Profile: C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (YouTube) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]
CHR Extension: (Google-Suche) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]
CHR Extension: (Norton Identity Safe) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-31]
CHR Extension: (Google Wallet) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
CHR Extension: (Google Mail) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]
CHR HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Cornelia\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-05-06]
CHR HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
StartMenuInternet: Google Chrome - C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe [262968 2014-09-21] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe [130104 2014-07-31] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2010-11-12] (NTI Corporation)
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2014-04-25] (Sony Corporation) [File not signed]
R2 TAG_Service; C:\Program Files (x86)\bob internetsoftware\bobinternetsoftware_Service.exe [497648 2012-10-23] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.3.0.12\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1506000.020\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07060.00F\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-05-22] () [File not signed]
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.3.0.12\Definitions\IPSDefs\20150130.001\IDSvia64.sys [668888 2015-01-14] (Symantec Corporation)
R3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [120832 2011-03-04] (TCT International Mobile Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.3.0.12\Definitions\VirusDefs\20150131.003\ENG64.SYS [129752 2015-01-19] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.3.0.12\Definitions\VirusDefs\20150131.003\EX64.SYS [2137304 2015-01-19] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\NAVx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
S2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-07-29] (Samsung Electronics)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-03-19] (DEVGURU Co., LTD.(www.devguru.co.kr))
R0 SymDS; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-06-24] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 23:42 - 2015-02-02 00:47 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-01 23:42 - 2015-02-01 23:42 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-01 23:42 - 2015-02-01 23:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-01 23:42 - 2015-02-01 23:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-01 23:42 - 2015-02-01 23:42 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-01 23:42 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-01 23:42 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-01 23:42 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-01 23:39 - 2015-02-01 23:40 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Cornelia\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-01 23:33 - 2015-02-01 23:33 - 00006881 _____ () C:\Users\Cornelia\Desktop\AdwCleaner[S0].txt
2015-02-01 23:15 - 2015-02-01 23:29 - 00000000 ____D () C:\AdwCleaner
2015-02-01 23:13 - 2015-02-01 23:13 - 02194432 _____ () C:\Users\Cornelia\Desktop\AdwCleaner_4.109.exe
2015-02-01 23:08 - 2015-02-01 23:08 - 00000000 ____D () C:\Users\Cornelia\Desktop\RevoUninstallerPortable
2015-02-01 23:07 - 2015-02-01 23:07 - 02785665 _____ (PortableApps.com) C:\Users\Cornelia\Desktop\RevoUninstallerPortable_1.95_Rev_2.paf.exe
2015-02-01 23:03 - 2015-02-01 23:03 - 00003440 _____ () C:\Windows\System32\Tasks\{0B05C414-15BC-4BEC-9826-3E03612A7BA4}
2015-02-01 22:47 - 2015-02-01 22:48 - 00045384 _____ () C:\Users\Cornelia\Desktop\Addition.txt
2015-02-01 22:46 - 2015-02-02 00:55 - 00027952 _____ () C:\Users\Cornelia\Desktop\FRST.txt
2015-02-01 22:46 - 2015-02-02 00:54 - 00000000 ____D () C:\FRST
2015-02-01 22:45 - 2015-02-01 22:45 - 02131456 _____ (Farbar) C:\Users\Cornelia\Desktop\frst64.exe
2015-01-31 23:10 - 2015-01-31 23:10 - 00000000 ____D () C:\Users\Cornelia\AppData\Roaming\OpenOffice
2015-01-31 23:09 - 2015-01-31 23:09 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2015-01-31 23:09 - 2015-01-31 23:09 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2015-01-31 23:08 - 2015-01-31 23:09 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2015-01-31 23:03 - 2015-01-31 23:03 - 00000000 ____D () C:\Users\Cornelia\Desktop\OpenOffice 4.1.1 (de) Installation Files
2015-01-31 22:59 - 2015-01-31 23:02 - 164858324 _____ () C:\Users\Cornelia\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de.exe
2015-01-31 19:35 - 2015-01-31 19:35 - 00001757 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-01-31 19:35 - 2015-01-31 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-31 19:34 - 2015-01-31 19:35 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-31 19:34 - 2015-01-31 19:35 - 00000000 ____D () C:\Program Files\iTunes
2015-01-31 19:34 - 2015-01-31 19:34 - 00000000 ____D () C:\Program Files\iPod
2015-01-31 19:34 - 2015-01-31 19:34 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-31 19:30 - 2015-01-31 19:30 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-01-31 19:26 - 2015-01-31 19:26 - 03533528 _____ (DVDVideoSoft Ltd. ) C:\Users\Cornelia\Downloads\FreeStudio.exe
2015-01-31 19:23 - 2015-01-31 19:24 - 03533008 _____ (DVDVideoSoft Ltd. ) C:\Users\Cornelia\Downloads\FreeYouTubeToMP3Converter (1).exe
2015-01-19 11:11 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-19 11:11 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-19 11:11 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-19 11:11 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-19 11:11 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-19 11:11 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-19 11:11 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-16 18:29 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-16 18:29 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-16 18:29 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-16 18:29 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-16 18:29 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-16 18:29 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 00:55 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-02 00:55 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-02 00:54 - 2011-12-03 23:21 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001UA.job
2015-02-02 00:53 - 2011-11-24 17:04 - 01638936 _____ () C:\Windows\WindowsUpdate.log
2015-02-02 00:50 - 2014-05-06 22:01 - 00000000 ___RD () C:\Users\Cornelia\Google Drive
2015-02-02 00:50 - 2012-11-25 17:12 - 00000000 ___RD () C:\Users\Cornelia\Dropbox
2015-02-02 00:50 - 2012-11-25 17:10 - 00000000 ____D () C:\Users\Cornelia\AppData\Roaming\Dropbox
2015-02-02 00:50 - 2011-12-04 00:08 - 00000000 ____D () C:\Users\Cornelia\AppData\Roaming\Skype
2015-02-02 00:48 - 2011-11-24 17:44 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-02-02 00:47 - 2011-12-01 21:16 - 00000000 ____D () C:\ProgramData\clear.fi
2015-02-02 00:46 - 2014-05-06 21:59 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-02 00:46 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-02 00:46 - 2009-07-14 05:51 - 00089897 _____ () C:\Windows\setupact.log
2015-02-02 00:45 - 2011-11-24 17:01 - 00131970 _____ () C:\Windows\PFRO.log
2015-02-02 00:43 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\Performance
2015-02-02 00:41 - 2014-05-06 21:59 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-02 00:07 - 2013-02-28 17:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-01 23:38 - 2011-11-24 16:58 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2015-02-01 23:38 - 2011-11-24 16:58 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2015-02-01 23:38 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-01 23:31 - 2009-07-14 05:45 - 00295672 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-01 21:03 - 2011-12-05 22:16 - 00000099 _____ () C:\Users\Public\LMDebug.log
2015-02-01 20:54 - 2011-12-03 23:21 - 00001080 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001Core.job
2015-01-31 23:10 - 2011-12-01 19:24 - 00068616 _____ () C:\Users\Cornelia\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-31 23:08 - 2011-12-08 13:34 - 00000000 ____D () C:\Program Files (x86)\OpenOffice.org 3
2015-01-31 23:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-31 19:34 - 2011-12-03 23:57 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-31 19:32 - 2011-12-03 23:52 - 00000000 ____D () C:\Users\Cornelia\AppData\Roaming\DVDVideoSoft
2015-01-31 19:31 - 2014-05-12 10:57 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-01-31 19:31 - 2013-04-22 14:26 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-01-31 19:31 - 2013-03-15 12:28 - 00001536 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2015-01-31 19:31 - 2013-03-15 12:28 - 00001245 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-01-31 19:31 - 2011-12-03 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-01-31 19:07 - 2013-02-28 17:29 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-31 19:07 - 2013-02-28 17:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-31 19:07 - 2013-02-28 17:29 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-31 19:07 - 2011-12-03 23:23 - 00002381 _____ () C:\Users\Cornelia\Desktop\Google Chrome.lnk
2015-01-29 22:46 - 2014-05-06 22:00 - 00002046 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-01-29 22:46 - 2014-05-06 22:00 - 00002044 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-01-29 22:46 - 2014-05-06 22:00 - 00002034 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-01-29 22:46 - 2014-05-06 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-19 10:57 - 2012-11-11 19:11 - 00000000 ____D () C:\Users\Cornelia\AppData\Local\CrashDumps
2015-01-16 20:03 - 2013-07-22 20:03 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-16 20:03 - 2011-12-04 20:44 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-12 20:05 - 2012-05-27 20:28 - 01344512 ___SH () C:\Users\Cornelia\Downloads\Thumbs.db

==================== Files in the root of some directories =======

2011-11-24 17:36 - 2011-11-24 17:39 - 0016108 _____ () C:\ProgramData\ArcadeDeluxe5.log
2011-01-11 16:25 - 2010-03-03 00:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe

Some content of TEMP:
====================
C:\Users\Cornelia\AppData\Local\Temp\amazonicon.exe
C:\Users\Cornelia\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Cornelia\AppData\Local\Temp\COMAP.EXE
C:\Users\Cornelia\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpoiw0lo.dll
C:\Users\Cornelia\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Cornelia\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Cornelia\AppData\Local\Temp\FreeYouTubeToMP3Converter.exe
C:\Users\Cornelia\AppData\Local\Temp\MSN7AFB.exe
C:\Users\Cornelia\AppData\Local\Temp\Quarantine.exe
C:\Users\Cornelia\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Cornelia\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Cornelia\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Cornelia\AppData\Local\Temp\sqlite3.dll
C:\Users\Cornelia\AppData\Local\Temp\tmpB3CF.exe
C:\Users\Cornelia\AppData\Local\Temp\tmpB8D8.exe
C:\Users\Cornelia\AppData\Local\Temp\uninst1.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-26 06:37

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Und Addition

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Cornelia at 2015-02-02 00:56:17
Running from C:\Users\Cornelia\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton AntiVirus (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton AntiVirus (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.69 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1216 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1216 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3000 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.1130.2010 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Photoshop Elements (HKLM-x32\...\Adobe Photoshop Elements 1.0) (Version: 1.0 - Adobe Systems, Inc.)
Adobe Reader 9.2 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.2.0 - Adobe Systems Incorporated)
Airport Mania First Flight (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}) (Version:  - Oberon Media)
Amazon Kindle (HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Amazon Kindle) (Version:  - Amazon)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Apple Application Support (32-Bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Backup Manager V3 (x32 Version: 3.0.0.69 - NTI Corporation) Hidden
bob internetsoftware (HKLM-x32\...\TAG) (Version: 2.0 - A1 Telekom Austria AG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.100.235.19 - Broadcom Corporation)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.4.9.3 - Broadcom Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{029A4933-3F36-4E4F-AEC3-2207AB26463D}) (Version: 14.4.8.3 - Broadcom Corporation)
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version:  - Oberon Media)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1223.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1223.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.7209 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3008 - Acer Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
DriverTuner 3.0.1.0 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.0.0.1 - LionSea SoftWare)
Dropbox (HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
Free Studio version 5.3.1 (HKLM-x32\...\Free Studio_is1) (Version:  - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.54.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.)
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version:  - Oberon Media)
Google Chrome (HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.0.82.0 - Intel)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.0.3 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MediaEspresso (x32 Version: 1.0.1210_33255 - CyberLink Corp.) Hidden
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version:  - Oberon Media)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\MyFreeCodec) (Version:  - )
MyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.11 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
Norton AntiVirus (HKLM-x32\...\NAV) (Version: 21.6.0.32 - Symantec Corporation)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.6.15 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8939 - NTI Corporation) Hidden
NVIDIA Graphics Driver 266.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.19 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Poker Pop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version:  - Oberon Media)
Reader for PC (HKLM-x32\...\{38FB32F7-5A2A-40E4-B106-4C35F75725CD}) (Version: 2.4.00.05230 - Sony Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6254 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_15 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_15 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.40.0 - SAMSUNG Electronics Co., Ltd.)
Shredder (Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version:  - Oberon Media)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.0 - Synaptics Incorporated)
Wartung Samsung ML-1660 Series (HKLM-x32\...\Samsung ML-1660 Series) (Version:  - Samsung Electronics Co., Ltd.)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3007 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

10-12-2014 20:36:09 Windows Update
15-12-2014 23:20:50 Windows Update
16-12-2014 22:54:16 Windows Update
21-12-2014 23:02:24 Windows Update
16-01-2015 20:02:54 Windows Update
21-01-2015 21:33:00 Windows Modules Installer
31-01-2015 23:04:23 OpenOffice 4.1.1 wird installiert
01-02-2015 23:09:59 Revo Uninstaller's restore point - Bundled software uninstaller

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06BA6298-290B-4817-86D4-8CD0D28C9EBE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {199D932C-0C4A-4439-B48E-220627C8FA35} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {220C245B-25BA-4C9D-BEE8-003CA43A5BD9} - System32\Tasks\{0B05C414-15BC-4BEC-9826-3E03612A7BA4} => pcalua.exe -a "C:\Users\Cornelia\Local Settings\Application Data\Bundled software uninstaller\biclient.exe" -c /initurl hxxp://bi.bisrv.com/:affid:/:sid:/:uid:? /affid uninstall /id uninstall /name "Bundled software uninstaller"
Task: {2445FE38-BD4B-4FEF-89C4-45B6EB718D72} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-06] (Google Inc.)
Task: {37410EB5-7B03-4E47-A2D3-97639690DEC5} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2010-12-23] (Acer Incorporated)
Task: {555F6ED2-2EB7-4C61-8086-9700931166FD} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {75210ACE-464B-4BB1-A5FE-798842B5A5E6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001UA => C:\Users\Cornelia\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-30] (Google Inc.)
Task: {9036EF6C-3105-4280-BEBB-A3A2967CF5C5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-31] (Adobe Systems Incorporated)
Task: {95DEAF90-B330-4F36-890C-3FF5459F612F} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2010-12-23] (CyberLink Corp.)
Task: {97584F22-C785-4C9F-9A19-108750BE6775} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2010-12-23] (CyberLink)
Task: {98829D97-1101-46B9-8431-F612446E240F} - System32\Tasks\{C34F34C0-9C41-4EC5-9BCC-E825F7BE1B90} => Chrome.exe hxxp://ui.skype.com/ui/0/6.14.59.104/de/abandoninstall?page=tsProgressBar
Task: {B4C0D583-8889-452A-BD6D-5DBD8597CE26} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2010-12-01] (Acer)
Task: {B55BD94B-FA1A-4B53-87CD-54E144EEC4A9} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {B5D864F1-76D5-4E4A-BF37-2D01A5F03AF6} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {B763D147-978F-4725-AD4B-A67135B8AC4B} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D787E221-3558-4706-8D6A-63D816B97178} - System32\Tasks\{8D77CDAC-FE8C-4581-AE68-F85B6B60BE02} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=4.1.0.179.367&amp;LastError=404
Task: {F14F0E35-8A84-4080-A884-0CFA3EBC11B7} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {F1CE618E-1B8A-4816-8F34-2A7B3AAD40B8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001Core => C:\Users\Cornelia\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-30] (Google Inc.)
Task: {FCC870A9-3B61-4E41-A96D-0C0FDE8A9462} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-06] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001Core.job => C:\Users\Cornelia\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001UA.job => C:\Users\Cornelia\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-06-22 06:48 - 2011-06-22 06:48 - 00034304 _____ () C:\Windows\System32\ssp7ml6.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-06 16:46 - 2012-10-23 12:27 - 00497648 _____ () C:\Program Files (x86)\bob internetsoftware\bobinternetsoftware_Service.exe
2010-12-29 05:13 - 2010-12-17 01:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-12-05 22:12 - 2010-06-07 11:35 - 00618496 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2013-05-06 16:46 - 2012-10-23 12:27 - 00478192 _____ () C:\Program Files (x86)\bob internetsoftware\bobInternetsoftware_Launcher.exe
2011-12-05 22:12 - 2009-07-29 11:13 - 00306688 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe
2010-11-12 02:22 - 2010-11-12 02:22 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2010-11-12 02:22 - 2010-11-12 02:22 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2010-11-12 02:22 - 2010-11-12 02:22 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2010-12-23 23:46 - 2010-12-23 23:46 - 00210312 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-02 00:48 - 2015-02-02 00:48 - 00043008 _____ () c:\users\cornelia\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpoiw0lo.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-05-23 18:13 - 2014-05-23 18:13 - 00880640 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00040264 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00239944 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00026952 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
2014-04-25 21:27 - 2014-04-25 21:27 - 00798720 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00125256 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00016200 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00024904 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00017224 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00015176 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00034632 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00018760 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00092488 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00149832 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00178504 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll
2013-05-06 16:46 - 2012-10-23 12:26 - 00256512 _____ () C:\Program Files (x86)\bob internetsoftware\WtgMobileBroadband7.dll
2015-02-02 00:47 - 2015-02-02 00:47 - 00098816 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\win32api.pyd
2015-02-02 00:47 - 2015-02-02 00:47 - 00110080 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\pywintypes27.dll
2015-02-02 00:47 - 2015-02-02 00:47 - 00364544 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\pythoncom27.dll
2015-02-02 00:47 - 2015-02-02 00:47 - 00045568 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\_socket.pyd
2015-02-02 00:47 - 2015-02-02 00:47 - 01160704 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\_ssl.pyd
2015-02-02 00:47 - 2015-02-02 00:47 - 00320512 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\win32com.shell.shell.pyd
2015-02-02 00:47 - 2015-02-02 00:47 - 00713216 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\_hashlib.pyd
2015-02-02 00:47 - 2015-02-02 00:47 - 01175040 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\wx._core_.pyd
2015-02-02 00:47 - 2015-02-02 00:47 - 00805888 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\wx._gdi_.pyd
2015-02-02 00:47 - 2015-02-02 00:47 - 00811008 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\wx._windows_.pyd
2015-02-02 00:47 - 2015-02-02 00:47 - 01062400 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\wx._controls_.pyd
2015-02-02 00:47 - 2015-02-02 00:47 - 00735232 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\wx._misc_.pyd
2015-02-02 00:47 - 2015-02-02 00:47 - 00557056 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\pysqlite2._sqlite.pyd
2015-02-02 00:47 - 2015-02-02 00:47 - 00128512 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\_elementtree.pyd
2015-02-02 00:47 - 2015-02-02 00:47 - 00127488 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\pyexpat.pyd
2015-02-02 00:47 - 2015-02-02 00:47 - 00087552 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\_ctypes.pyd
2015-02-02 00:47 - 2015-02-02 00:47 - 00119808 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\win32file.pyd
2015-02-02 00:47 - 2015-02-02 00:47 - 00108544 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\win32security.pyd
2015-02-02 00:47 - 2015-02-02 00:47 - 00007168 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\hashobjs_ext.pyd
2015-02-02 00:47 - 2015-02-02 00:47 - 00167936 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\win32gui.pyd
2015-02-02 00:47 - 2015-02-02 00:47 - 00018432 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\win32event.pyd
2015-02-02 00:47 - 2015-02-02 00:47 - 00038912 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\win32inet.pyd
2015-02-02 00:47 - 2015-02-02 00:47 - 00011264 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\win32crypt.pyd
2015-02-02 00:47 - 2015-02-02 00:47 - 00070656 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\wx._html2.pyd
2015-02-02 00:47 - 2015-02-02 00:47 - 00027136 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\_multiprocessing.pyd
2015-02-02 00:47 - 2015-02-02 00:47 - 00035840 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\win32process.pyd
2015-02-02 00:47 - 2015-02-02 00:47 - 00686080 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\unicodedata.pyd
2015-02-02 00:47 - 2015-02-02 00:47 - 00122368 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\wx._wizard.pyd
2015-02-02 00:47 - 2015-02-02 00:47 - 00024064 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\win32pipe.pyd
2015-02-02 00:47 - 2015-02-02 00:47 - 00025600 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\win32pdh.pyd
2015-02-02 00:47 - 2015-02-02 00:47 - 00525640 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\windows._lib_cacheinvalidation.pyd
2015-02-02 00:47 - 2015-02-02 00:47 - 00010240 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\select.pyd
2015-02-02 00:47 - 2015-02-02 00:47 - 00017408 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\win32profile.pyd
2015-02-02 00:47 - 2015-02-02 00:47 - 00022528 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\win32ts.pyd
2015-02-02 00:47 - 2015-02-02 00:47 - 00078336 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI20402\wx._animate.pyd
2013-05-06 16:46 - 2012-01-25 10:38 - 01097728 _____ () C:\Program Files (x86)\bob internetsoftware\NDISAPI.dll
2014-10-30 19:17 - 2014-10-30 19:17 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ba8588c3319d63350220ec2ac3eb2c36\IsdiInterop.ni.dll
2011-11-24 17:14 - 2010-09-14 03:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-01-31 19:07 - 2015-01-27 04:44 - 01117512 _____ () C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\40.0.2214.94\libglesv2.dll
2015-01-31 19:07 - 2015-01-27 04:44 - 00211272 _____ () C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\40.0.2214.94\libegl.dll
2015-01-31 19:07 - 2015-01-27 04:44 - 09171272 _____ () C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\40.0.2214.94\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-109719926-1927758322-2587551322-500 - Administrator - Disabled)
Cornelia (S-1-5-21-109719926-1927758322-2587551322-1001 - Administrator - Enabled) => C:\Users\Cornelia
Gast (S-1-5-21-109719926-1927758322-2587551322-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-109719926-1927758322-2587551322-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-109719926-1927758322-2587551322-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/01/2015 11:41:57 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (02/01/2015 11:13:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9969

Error: (02/01/2015 11:13:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9969

Error: (02/01/2015 11:13:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/29/2015 10:56:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21964

Error: (01/29/2015 10:56:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21964

Error: (01/29/2015 10:56:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/29/2015 10:55:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9952

Error: (01/29/2015 10:55:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9952

Error: (01/29/2015 10:55:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (02/02/2015 00:46:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/02/2015 00:46:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/02/2015 00:44:37 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (02/01/2015 11:36:36 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (02/01/2015 11:35:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (02/01/2015 11:35:13 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (02/01/2015 11:32:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/01/2015 11:31:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/01/2015 11:29:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (02/01/2015 11:29:52 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WMPNetworkSvc" konnte sich nicht als "NT AUTHORITY\NetworkService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (02/01/2015 11:41:57 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: F:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (02/01/2015 11:13:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9969

Error: (02/01/2015 11:13:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9969

Error: (02/01/2015 11:13:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/29/2015 10:56:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21964

Error: (01/29/2015 10:56:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21964

Error: (01/29/2015 10:56:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/29/2015 10:55:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9952

Error: (01/29/2015 10:55:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9952

Error: (01/29/2015 10:55:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
  Date: 2013-07-17 20:55:48.783
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-17 20:55:48.630
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-17 20:55:46.310
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-17 20:55:46.157
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-17 20:55:42.867
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-17 20:55:42.718
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-17 20:55:40.460
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-17 20:55:40.310
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-17 20:55:38.055
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-17 20:55:37.906
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 68%
Total physical RAM: 3947.86 MB
Available physical RAM: 1254.63 MB
Total Pagefile: 7893.9 MB
Available Pagefile: 4812.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:224.87 GB) (Free:129.23 GB) NTFS
Drive d: (DATA) (Fixed) (Total:225.17 GB) (Free:225.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: ACEEA5BB)
Partition 1: (Not Active) - (Size=15.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=224.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=225.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 02.02.2015, 14:37   #8
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Positive Finds Ads - Standard

Positive Finds Ads



Hallo bitte noch das Malwarebytes Log posten. Danke

__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 02.02.2015, 22:03   #9
Ivi03
 
Positive Finds Ads - Standard

Positive Finds Ads



Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org


Scan, 02.02.2015 00:43:10, SYSTEM, CORNELIALAPTOP, Manual, Start: % 1 "% 2", Dauer: % 1 min 51 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 2 Malwareerkennung, 66-Malwareerkennung, 
Protection, 02.02.2015 00:46:47, SYSTEM, CORNELIALAPTOP, Protection, Malware Protection, Starting, 
Protection, 02.02.2015 00:46:47, SYSTEM, CORNELIALAPTOP, Protection, Malware Protection, Started, 
Protection, 02.02.2015 00:46:47, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Starting, 
Protection, 02.02.2015 00:47:11, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Started, 
Update, 02.02.2015 07:46:54, SYSTEM, CORNELIALAPTOP, Scheduler, Failed, Unable to access update server, 
Update, 02.02.2015 21:52:43, SYSTEM, CORNELIALAPTOP, Scheduler, Failed, Unable to access update server, 
Update, 02.02.2015 21:55:31, SYSTEM, CORNELIALAPTOP, Scheduler, Malware Database, 2015.2.1.7, 2015.2.2.5, 
Protection, 02.02.2015 21:55:31, SYSTEM, CORNELIALAPTOP, Protection, Refresh, Starting, 
Protection, 02.02.2015 21:55:31, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Stopping, 
Protection, 02.02.2015 21:55:32, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Stopped, 
Protection, 02.02.2015 21:55:45, SYSTEM, CORNELIALAPTOP, Protection, Refresh, Success, 
Protection, 02.02.2015 21:55:45, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Starting, 
Protection, 02.02.2015 21:55:47, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Started, 

(end)
         
Stimmt das?




Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org


Scan, 02.02.2015 00:43:10, SYSTEM, CORNELIALAPTOP, Manual, Start: % 1 "% 2", Dauer: % 1 min 51 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 2 Malwareerkennung, 66-Malwareerkennung, 
Protection, 02.02.2015 00:46:47, SYSTEM, CORNELIALAPTOP, Protection, Malware Protection, Starting, 
Protection, 02.02.2015 00:46:47, SYSTEM, CORNELIALAPTOP, Protection, Malware Protection, Started, 
Protection, 02.02.2015 00:46:47, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Starting, 
Protection, 02.02.2015 00:47:11, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Started, 
Update, 02.02.2015 07:46:54, SYSTEM, CORNELIALAPTOP, Scheduler, Failed, Unable to access update server, 
Update, 02.02.2015 21:52:43, SYSTEM, CORNELIALAPTOP, Scheduler, Failed, Unable to access update server, 
Update, 02.02.2015 21:55:31, SYSTEM, CORNELIALAPTOP, Scheduler, Malware Database, 2015.2.1.7, 2015.2.2.5, 
Protection, 02.02.2015 21:55:31, SYSTEM, CORNELIALAPTOP, Protection, Refresh, Starting, 
Protection, 02.02.2015 21:55:31, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Stopping, 
Protection, 02.02.2015 21:55:32, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Stopped, 
Protection, 02.02.2015 21:55:45, SYSTEM, CORNELIALAPTOP, Protection, Refresh, Success, 
Protection, 02.02.2015 21:55:45, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Starting, 
Protection, 02.02.2015 21:55:47, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Started, 

(end)
         
Sorry, habs nicht kapiert...
hier das Suchlaufprotokoll

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org


Scan, 02.02.2015 00:43:10, SYSTEM, CORNELIALAPTOP, Manual, Start: % 1 "% 2", Dauer: % 1 min 51 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 2 Malwareerkennung, 66-Malwareerkennung, 
Protection, 02.02.2015 00:46:47, SYSTEM, CORNELIALAPTOP, Protection, Malware Protection, Starting, 
Protection, 02.02.2015 00:46:47, SYSTEM, CORNELIALAPTOP, Protection, Malware Protection, Started, 
Protection, 02.02.2015 00:46:47, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Starting, 
Protection, 02.02.2015 00:47:11, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Started, 
Update, 02.02.2015 07:46:54, SYSTEM, CORNELIALAPTOP, Scheduler, Failed, Unable to access update server, 
Update, 02.02.2015 21:52:43, SYSTEM, CORNELIALAPTOP, Scheduler, Failed, Unable to access update server, 
Update, 02.02.2015 21:55:31, SYSTEM, CORNELIALAPTOP, Scheduler, Malware Database, 2015.2.1.7, 2015.2.2.5, 
Protection, 02.02.2015 21:55:31, SYSTEM, CORNELIALAPTOP, Protection, Refresh, Starting, 
Protection, 02.02.2015 21:55:31, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Stopping, 
Protection, 02.02.2015 21:55:32, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Stopped, 
Protection, 02.02.2015 21:55:45, SYSTEM, CORNELIALAPTOP, Protection, Refresh, Success, 
Protection, 02.02.2015 21:55:45, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Starting, 
Protection, 02.02.2015 21:55:47, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Started, 

(end)
         

Alt 02.02.2015, 22:14   #10
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Positive Finds Ads - Standard

Positive Finds Ads



Lass MBAM einfach nochmal laufen...

Schritt 1

  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Unter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
  • Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten".
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...)
  • Poste mir den Inhalt der Logdatei (geht so...). Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 02.02.2015, 23:20   #11
Ivi03
 
Positive Finds Ads - Standard

Positive Finds Ads



Habs erneut laufen lassen ....hier das Suchlauf Verlaufsprotokoll:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 02.02.2015
Suchlauf-Zeit: 22:34:41
Logdatei: 
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.02.05
Rootkit Datenbank: v2015.01.14.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Cornelia

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 429755
Verstrichene Zeit: 42 Min, 34 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         

und das Schutzprotokoll:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org


Scan, 02.02.2015 00:43:10, SYSTEM, CORNELIALAPTOP, Manual, Start: % 1 "% 2", Dauer: % 1 min 51 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 2 Malwareerkennung, 66-Malwareerkennung, 
Protection, 02.02.2015 00:46:47, SYSTEM, CORNELIALAPTOP, Protection, Malware Protection, Starting, 
Protection, 02.02.2015 00:46:47, SYSTEM, CORNELIALAPTOP, Protection, Malware Protection, Started, 
Protection, 02.02.2015 00:46:47, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Starting, 
Protection, 02.02.2015 00:47:11, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Started, 
Update, 02.02.2015 07:46:54, SYSTEM, CORNELIALAPTOP, Scheduler, Failed, Unable to access update server, 
Update, 02.02.2015 21:52:43, SYSTEM, CORNELIALAPTOP, Scheduler, Failed, Unable to access update server, 
Update, 02.02.2015 21:55:31, SYSTEM, CORNELIALAPTOP, Scheduler, Malware Database, 2015.2.1.7, 2015.2.2.5, 
Protection, 02.02.2015 21:55:31, SYSTEM, CORNELIALAPTOP, Protection, Refresh, Starting, 
Protection, 02.02.2015 21:55:31, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Stopping, 
Protection, 02.02.2015 21:55:32, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Stopped, 
Protection, 02.02.2015 21:55:45, SYSTEM, CORNELIALAPTOP, Protection, Refresh, Success, 
Protection, 02.02.2015 21:55:45, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Starting, 
Protection, 02.02.2015 21:55:47, SYSTEM, CORNELIALAPTOP, Protection, Malicious Website Protection, Started, 
Scan, 02.02.2015 22:24:15, SYSTEM, CORNELIALAPTOP, Manual, Start: % 1 "% 2", Dauer: % 1 Std. 14 37 Minuten, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, 0-Malwareerkennung, 
Scan, 02.02.2015 23:17:16, SYSTEM, CORNELIALAPTOP, Manual, Start: % 1 "% 2", Dauer: % 1 min 42 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, 0-Malwareerkennung, 

(end)
         
Danke nochmals für die Hilfe!

Alt 03.02.2015, 20:33   #12
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Positive Finds Ads - Standard

Positive Finds Ads



Gerne!

Letzte Scans:

Schritt 1

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Schritt 2



Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 04.02.2015, 08:10   #13
Ivi03
 
Positive Finds Ads - Standard

Positive Finds Ads



Log vom Eset:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ad475225895c5c47a7c5396a64919d63
# engine=22290
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-03 09:25:57
# local_time=2015-02-03 10:25:57 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Norton AntiVirus'
# compatibility_mode=3599 16777213 100 100 8043323 241988143 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 66 85 49343081 174628607 0 0
# scanned=64526
# found=15
# cleaned=0
# scan_time=5967
sh=91FD0C68DC46843917C8FEA976D8DDF7B941D897 ft=1 fh=fe05ab993baef410 vn="Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Cornelia\AppData\Roaming\BabMaint.exe.vir"
sh=E0814D0F17EE1122F6D3507DC676030F8E1CC133 ft=1 fh=0e0f46db8e6ee8c4 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Cornelia\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
sh=829D808C091045F45C513A6E4AB17055A52A9320 ft=1 fh=282fb76e1825b814 vn="Variante von Win32/Toolbar.Babylon.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Cornelia\AppData\Roaming\OpenCandy\01C976C96F514D358FA07CC86DEA4C35\DeltaTB.exe.vir"
sh=E0814D0F17EE1122F6D3507DC676030F8E1CC133 ft=1 fh=0e0f46db8e6ee8c4 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\344D390F-BAB0-7891-B767-618BD5BA7797\Latest\BabMaint.exe"
sh=E2BA5F8A7BD2BAF32FF31730BAD873C8E7957030 ft=1 fh=6e8622963c31f56a vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\344D390F-BAB0-7891-B767-618BD5BA7797\Latest\BUSolution.dll"
sh=7759A3318DE2ABC3755EBB7F50322C6D586B5286 ft=1 fh=e3d39714b3bfb2a0 vn="Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\344D390F-BAB0-7891-B767-618BD5BA7797\Latest\IEHelper.dll"
sh=91FD0C68DC46843917C8FEA976D8DDF7B941D897 ft=1 fh=fe05ab993baef410 vn="Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\busC467\BabMaint.x"
sh=43EAA89AE51391FE6219B415ED726FB621B354FE ft=1 fh=c71c00115a62a541 vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\busC467\BUSolution.x"
sh=3CB374AC1A0ED39C2A98701908F2722472A3F853 ft=1 fh=06738372f8f49ab8 vn="Variante von Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\F5E50571-BAB0-7891-8134-27FDB15F375C\Latest\BabMaint.exe"
sh=AB1FD143BCC3ADE0758E8A7D82871C213D2FC4C9 ft=1 fh=8de5c5e0dcc9bb6f vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\F5E50571-BAB0-7891-8134-27FDB15F375C\Latest\BUSolution.dll"
sh=B56E298AA3EB2BBAEDEDEF1F751474750811B52F ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\F5E50571-BAB0-7891-8134-27FDB15F375C\Latest\delta.crx"
sh=7759A3318DE2ABC3755EBB7F50322C6D586B5286 ft=1 fh=e3d39714b3bfb2a0 vn="Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\F5E50571-BAB0-7891-8134-27FDB15F375C\Latest\IEHelper.dll"
sh=E52ACFD28024312209C5F833C4E711E01D0C31AF ft=1 fh=ee941069ae4ebe68 vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\F5E50571-BAB0-7891-8134-27FDB15F375C\Latest\Setup.exe"
sh=2DCA8A4DED867F3CB1B5F672D3D221448A385BA4 ft=1 fh=8a8ff7b61e72d628 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\Documents\Downloads\FreeYouTubeToMp3Converter (2).exe"
sh=23229499A040BB3745E959F4B2EBD76B1ED3B046 ft=1 fh=8a8ff7b60e314f51 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\Documents\Downloads\FreeYouTubeToMp3Converter (3).exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ad475225895c5c47a7c5396a64919d63
# engine=22293
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-04 12:46:10
# local_time=2015-02-04 01:46:10 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Norton AntiVirus'
# compatibility_mode=3599 16777213 100 100 8055336 242000156 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 66 85 49355094 174640620 0 0
# scanned=207104
# found=16
# cleaned=0
# scan_time=11828
sh=91FD0C68DC46843917C8FEA976D8DDF7B941D897 ft=1 fh=fe05ab993baef410 vn="Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Cornelia\AppData\Roaming\BabMaint.exe.vir"
sh=E0814D0F17EE1122F6D3507DC676030F8E1CC133 ft=1 fh=0e0f46db8e6ee8c4 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Cornelia\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
sh=829D808C091045F45C513A6E4AB17055A52A9320 ft=1 fh=282fb76e1825b814 vn="Variante von Win32/Toolbar.Babylon.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Cornelia\AppData\Roaming\OpenCandy\01C976C96F514D358FA07CC86DEA4C35\DeltaTB.exe.vir"
sh=E0814D0F17EE1122F6D3507DC676030F8E1CC133 ft=1 fh=0e0f46db8e6ee8c4 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\344D390F-BAB0-7891-B767-618BD5BA7797\Latest\BabMaint.exe"
sh=E2BA5F8A7BD2BAF32FF31730BAD873C8E7957030 ft=1 fh=6e8622963c31f56a vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\344D390F-BAB0-7891-B767-618BD5BA7797\Latest\BUSolution.dll"
sh=7759A3318DE2ABC3755EBB7F50322C6D586B5286 ft=1 fh=e3d39714b3bfb2a0 vn="Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\344D390F-BAB0-7891-B767-618BD5BA7797\Latest\IEHelper.dll"
sh=91FD0C68DC46843917C8FEA976D8DDF7B941D897 ft=1 fh=fe05ab993baef410 vn="Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\busC467\BabMaint.x"
sh=43EAA89AE51391FE6219B415ED726FB621B354FE ft=1 fh=c71c00115a62a541 vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\busC467\BUSolution.x"
sh=3CB374AC1A0ED39C2A98701908F2722472A3F853 ft=1 fh=06738372f8f49ab8 vn="Variante von Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\F5E50571-BAB0-7891-8134-27FDB15F375C\Latest\BabMaint.exe"
sh=AB1FD143BCC3ADE0758E8A7D82871C213D2FC4C9 ft=1 fh=8de5c5e0dcc9bb6f vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\F5E50571-BAB0-7891-8134-27FDB15F375C\Latest\BUSolution.dll"
sh=B56E298AA3EB2BBAEDEDEF1F751474750811B52F ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\F5E50571-BAB0-7891-8134-27FDB15F375C\Latest\delta.crx"
sh=7759A3318DE2ABC3755EBB7F50322C6D586B5286 ft=1 fh=e3d39714b3bfb2a0 vn="Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\F5E50571-BAB0-7891-8134-27FDB15F375C\Latest\IEHelper.dll"
sh=E52ACFD28024312209C5F833C4E711E01D0C31AF ft=1 fh=ee941069ae4ebe68 vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\AppData\Local\Temp\F5E50571-BAB0-7891-8134-27FDB15F375C\Latest\Setup.exe"
sh=2DCA8A4DED867F3CB1B5F672D3D221448A385BA4 ft=1 fh=8a8ff7b61e72d628 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\Documents\Downloads\FreeYouTubeToMp3Converter (2).exe"
sh=23229499A040BB3745E959F4B2EBD76B1ED3B046 ft=1 fh=8a8ff7b60e314f51 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\Documents\Downloads\FreeYouTubeToMp3Converter (3).exe"
sh=62E18632B0D5BC7324512C466150D502921DA302 ft=1 fh=bb20ca87fbc05465 vn="Win32/WinloadSDA.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Cornelia\Downloads\Die-Sims-3---Einfach-tierisch-Setup.exe"
         
Addition.txt:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Cornelia at 2015-02-04 08:05:47
Running from C:\Users\Cornelia\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton AntiVirus (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton AntiVirus (Disabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.69 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1216 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1216 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3000 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.1130.2010 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Photoshop Elements (HKLM-x32\...\Adobe Photoshop Elements 1.0) (Version: 1.0 - Adobe Systems, Inc.)
Adobe Reader 9.2 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.2.0 - Adobe Systems Incorporated)
Airport Mania First Flight (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}) (Version:  - Oberon Media)
Amazon Kindle (HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Amazon Kindle) (Version:  - Amazon)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Apple Application Support (32-Bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Backup Manager V3 (x32 Version: 3.0.0.69 - NTI Corporation) Hidden
bob internetsoftware (HKLM-x32\...\TAG) (Version: 2.0 - A1 Telekom Austria AG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.100.235.19 - Broadcom Corporation)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.4.9.3 - Broadcom Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{029A4933-3F36-4E4F-AEC3-2207AB26463D}) (Version: 14.4.8.3 - Broadcom Corporation)
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version:  - Oberon Media)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1223.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1223.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.7209 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3008 - Acer Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
DriverTuner 3.0.1.0 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.0.0.1 - LionSea SoftWare)
Dropbox (HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
Free Studio version 5.3.1 (HKLM-x32\...\Free Studio_is1) (Version:  - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.54.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.)
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version:  - Oberon Media)
Google Chrome (HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.0.82.0 - Intel)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.0.3 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MediaEspresso (x32 Version: 1.0.1210_33255 - CyberLink Corp.) Hidden
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version:  - Oberon Media)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\MyFreeCodec) (Version:  - )
MyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.11 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
Norton AntiVirus (HKLM-x32\...\NAV) (Version: 21.6.0.32 - Symantec Corporation)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.6.15 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8939 - NTI Corporation) Hidden
NVIDIA Graphics Driver 266.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.19 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Poker Pop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version:  - Oberon Media)
Reader for PC (HKLM-x32\...\{38FB32F7-5A2A-40E4-B106-4C35F75725CD}) (Version: 2.4.00.05230 - Sony Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6254 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_15 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_15 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.40.0 - SAMSUNG Electronics Co., Ltd.)
Shredder (Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version:  - Oberon Media)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.0 - Synaptics Incorporated)
Wartung Samsung ML-1660 Series (HKLM-x32\...\Samsung ML-1660 Series) (Version:  - Samsung Electronics Co., Ltd.)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3007 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-109719926-1927758322-2587551322-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

21-01-2015 21:33:00 Windows Modules Installer
31-01-2015 23:04:23 OpenOffice 4.1.1 wird installiert
01-02-2015 23:09:59 Revo Uninstaller's restore point - Bundled software uninstaller
03-02-2015 20:00:52 Configured eSobi v2

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06BA6298-290B-4817-86D4-8CD0D28C9EBE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {199D932C-0C4A-4439-B48E-220627C8FA35} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {220C245B-25BA-4C9D-BEE8-003CA43A5BD9} - System32\Tasks\{0B05C414-15BC-4BEC-9826-3E03612A7BA4} => pcalua.exe -a "C:\Users\Cornelia\Local Settings\Application Data\Bundled software uninstaller\biclient.exe" -c /initurl hxxp://bi.bisrv.com/:affid:/:sid:/:uid:? /affid uninstall /id uninstall /name "Bundled software uninstaller"
Task: {2445FE38-BD4B-4FEF-89C4-45B6EB718D72} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-06] (Google Inc.)
Task: {37410EB5-7B03-4E47-A2D3-97639690DEC5} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2010-12-23] (Acer Incorporated)
Task: {555F6ED2-2EB7-4C61-8086-9700931166FD} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {75210ACE-464B-4BB1-A5FE-798842B5A5E6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001UA => C:\Users\Cornelia\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-30] (Google Inc.)
Task: {9036EF6C-3105-4280-BEBB-A3A2967CF5C5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-31] (Adobe Systems Incorporated)
Task: {95DEAF90-B330-4F36-890C-3FF5459F612F} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2010-12-23] (CyberLink Corp.)
Task: {97584F22-C785-4C9F-9A19-108750BE6775} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2010-12-23] (CyberLink)
Task: {98829D97-1101-46B9-8431-F612446E240F} - System32\Tasks\{C34F34C0-9C41-4EC5-9BCC-E825F7BE1B90} => Chrome.exe hxxp://ui.skype.com/ui/0/6.14.59.104/de/abandoninstall?page=tsProgressBar
Task: {B4C0D583-8889-452A-BD6D-5DBD8597CE26} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2010-12-01] (Acer)
Task: {B55BD94B-FA1A-4B53-87CD-54E144EEC4A9} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {B5D864F1-76D5-4E4A-BF37-2D01A5F03AF6} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {B763D147-978F-4725-AD4B-A67135B8AC4B} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D787E221-3558-4706-8D6A-63D816B97178} - System32\Tasks\{8D77CDAC-FE8C-4581-AE68-F85B6B60BE02} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=4.1.0.179.367&amp;LastError=404
Task: {F14F0E35-8A84-4080-A884-0CFA3EBC11B7} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {F1CE618E-1B8A-4816-8F34-2A7B3AAD40B8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001Core => C:\Users\Cornelia\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-30] (Google Inc.)
Task: {FCC870A9-3B61-4E41-A96D-0C0FDE8A9462} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-06] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001Core.job => C:\Users\Cornelia\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001UA.job => C:\Users\Cornelia\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-06-22 06:48 - 2011-06-22 06:48 - 00034304 _____ () C:\Windows\System32\ssp7ml6.dll
2011-06-22 06:48 - 2011-06-22 06:48 - 00826880 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\ssp7mdu.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-06 16:46 - 2012-10-23 12:27 - 00497648 _____ () C:\Program Files (x86)\bob internetsoftware\bobinternetsoftware_Service.exe
2010-12-29 05:13 - 2010-12-17 01:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-12-05 22:12 - 2010-06-07 11:35 - 00618496 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2013-05-06 16:46 - 2012-10-23 12:27 - 00478192 _____ () C:\Program Files (x86)\bob internetsoftware\bobInternetsoftware_Launcher.exe
2011-12-05 22:12 - 2009-07-29 11:13 - 00306688 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe
2010-11-12 02:22 - 2010-11-12 02:22 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2010-11-12 02:22 - 2010-11-12 02:22 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2010-11-12 02:22 - 2010-11-12 02:22 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2010-12-23 23:46 - 2010-12-23 23:46 - 00210312 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-03 19:50 - 2015-02-03 19:50 - 00043008 _____ () c:\users\cornelia\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpaebcel.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-02-03 19:48 - 2015-02-03 19:48 - 00098816 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\win32api.pyd
2015-02-03 19:48 - 2015-02-03 19:48 - 00110080 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\pywintypes27.dll
2015-02-03 19:48 - 2015-02-03 19:48 - 00364544 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\pythoncom27.dll
2015-02-03 19:48 - 2015-02-03 19:48 - 00045568 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\_socket.pyd
2015-02-03 19:48 - 2015-02-03 19:48 - 01160704 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\_ssl.pyd
2015-02-03 19:48 - 2015-02-03 19:48 - 00320512 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\win32com.shell.shell.pyd
2015-02-03 19:48 - 2015-02-03 19:48 - 00713216 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\_hashlib.pyd
2015-02-03 19:48 - 2015-02-03 19:48 - 01175040 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\wx._core_.pyd
2015-02-03 19:48 - 2015-02-03 19:48 - 00805888 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\wx._gdi_.pyd
2015-02-03 19:48 - 2015-02-03 19:48 - 00811008 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\wx._windows_.pyd
2015-02-03 19:48 - 2015-02-03 19:48 - 01062400 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\wx._controls_.pyd
2015-02-03 19:48 - 2015-02-03 19:48 - 00735232 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\wx._misc_.pyd
2015-02-03 19:48 - 2015-02-03 19:48 - 00557056 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\pysqlite2._sqlite.pyd
2015-02-03 19:48 - 2015-02-03 19:48 - 00128512 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\_elementtree.pyd
2015-02-03 19:48 - 2015-02-03 19:48 - 00127488 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\pyexpat.pyd
2015-02-03 19:48 - 2015-02-03 19:48 - 00087552 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\_ctypes.pyd
2015-02-03 19:48 - 2015-02-03 19:48 - 00119808 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\win32file.pyd
2015-02-03 19:48 - 2015-02-03 19:48 - 00108544 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\win32security.pyd
2015-02-03 19:48 - 2015-02-03 19:48 - 00007168 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\hashobjs_ext.pyd
2015-02-03 19:48 - 2015-02-03 19:48 - 00167936 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\win32gui.pyd
2015-02-03 19:48 - 2015-02-03 19:48 - 00018432 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\win32event.pyd
2015-02-03 19:48 - 2015-02-03 19:48 - 00038912 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\win32inet.pyd
2015-02-03 19:48 - 2015-02-03 19:48 - 00011264 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\win32crypt.pyd
2015-02-03 19:48 - 2015-02-03 19:48 - 00070656 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\wx._html2.pyd
2015-02-03 19:48 - 2015-02-03 19:48 - 00027136 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\_multiprocessing.pyd
2015-02-03 19:48 - 2015-02-03 19:48 - 00035840 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\win32process.pyd
2015-02-03 19:48 - 2015-02-03 19:48 - 00686080 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\unicodedata.pyd
2015-02-03 19:48 - 2015-02-03 19:48 - 00122368 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\wx._wizard.pyd
2015-02-03 19:48 - 2015-02-03 19:48 - 00024064 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\win32pipe.pyd
2015-02-03 19:48 - 2015-02-03 19:48 - 00025600 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\win32pdh.pyd
2015-02-03 19:48 - 2015-02-03 19:48 - 00525640 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\windows._lib_cacheinvalidation.pyd
2015-02-03 19:48 - 2015-02-03 19:48 - 00010240 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\select.pyd
2015-02-03 19:48 - 2015-02-03 19:48 - 00017408 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\win32profile.pyd
2015-02-03 19:48 - 2015-02-03 19:48 - 00022528 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\win32ts.pyd
2015-02-03 19:48 - 2015-02-03 19:48 - 00078336 _____ () C:\Users\Cornelia\AppData\Local\Temp\_MEI54562\wx._animate.pyd
2014-05-23 18:13 - 2014-05-23 18:13 - 00880640 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00040264 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00239944 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00026952 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
2014-04-25 21:27 - 2014-04-25 21:27 - 00798720 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00125256 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00016200 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00024904 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00017224 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00015176 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00034632 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00018760 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00092488 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00149832 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
2014-05-23 18:15 - 2014-05-23 18:15 - 00178504 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll
2013-05-06 16:46 - 2012-10-23 12:26 - 00256512 _____ () C:\Program Files (x86)\bob internetsoftware\WtgMobileBroadband7.dll
2013-05-06 16:46 - 2012-01-25 10:38 - 01097728 _____ () C:\Program Files (x86)\bob internetsoftware\NDISAPI.dll
2014-10-30 19:17 - 2014-10-30 19:17 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ba8588c3319d63350220ec2ac3eb2c36\IsdiInterop.ni.dll
2011-11-24 17:14 - 2010-09-14 03:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-01-31 19:07 - 2015-01-27 04:44 - 01117512 _____ () C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\40.0.2214.94\libglesv2.dll
2015-01-31 19:07 - 2015-01-27 04:44 - 00211272 _____ () C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\40.0.2214.94\libegl.dll
2015-01-31 19:07 - 2015-01-27 04:44 - 09171272 _____ () C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\40.0.2214.94\pdf.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-109719926-1927758322-2587551322-500 - Administrator - Disabled)
Cornelia (S-1-5-21-109719926-1927758322-2587551322-1001 - Administrator - Enabled) => C:\Users\Cornelia
Gast (S-1-5-21-109719926-1927758322-2587551322-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-109719926-1927758322-2587551322-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-109719926-1927758322-2587551322-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/04/2015 08:02:09 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/04/2015 02:22:41 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/03/2015 10:27:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/03/2015 10:27:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/03/2015 10:27:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/03/2015 10:27:30 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/03/2015 10:26:50 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/03/2015 10:26:50 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/03/2015 09:29:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm NST.exe, Version 12.11.0.16 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: dd0

Startzeit: 01d03fe1fdff569a

Endzeit: 164

Anwendungspfad: C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe

Berichts-ID: 468b855d-abe3-11e4-8bb3-b870f4b04956

Error: (02/03/2015 08:39:15 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (02/03/2015 07:48:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/03/2015 07:47:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/02/2015 11:47:10 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (02/02/2015 11:35:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/02/2015 11:34:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/02/2015 10:03:15 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (02/02/2015 00:46:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/02/2015 00:46:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/02/2015 00:44:37 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (02/01/2015 11:36:36 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.


Microsoft Office Sessions:
=========================
Error: (02/04/2015 08:02:09 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (02/04/2015 02:22:41 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (02/03/2015 10:27:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cornelia\Desktop\esetsmartinstaller_deu.exe

Error: (02/03/2015 10:27:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cornelia\Desktop\esetsmartinstaller_deu.exe

Error: (02/03/2015 10:27:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cornelia\Desktop\esetsmartinstaller_deu.exe

Error: (02/03/2015 10:27:30 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cornelia\Desktop\esetsmartinstaller_deu.exe

Error: (02/03/2015 10:26:50 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cornelia\Downloads\esetsmartinstaller_deu.exe

Error: (02/03/2015 10:26:50 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cornelia\Downloads\esetsmartinstaller_deu.exe

Error: (02/03/2015 09:29:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: NST.exe12.11.0.16dd001d03fe1fdff569a164C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe468b855d-abe3-11e4-8bb3-b870f4b04956

Error: (02/03/2015 08:39:15 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Cornelia\Downloads\esetsmartinstaller_deu.exe


CodeIntegrity Errors:
===================================
  Date: 2013-07-17 20:55:48.783
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-17 20:55:48.630
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-17 20:55:46.310
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-17 20:55:46.157
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-17 20:55:42.867
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-17 20:55:42.718
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-17 20:55:40.460
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-17 20:55:40.310
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-17 20:55:38.055
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-17 20:55:37.906
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 64%
Total physical RAM: 3947.86 MB
Available physical RAM: 1402.47 MB
Total Pagefile: 7893.9 MB
Available Pagefile: 4668.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:224.87 GB) (Free:129.51 GB) NTFS
Drive d: (DATA) (Fixed) (Total:225.17 GB) (Free:225.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: ACEEA5BB)
Partition 1: (Not Active) - (Size=15.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=224.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=225.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
FRST.txt:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Cornelia (administrator) on CORNELIALAPTOP on 04-02-2015 08:04:04
Running from C:\Users\Cornelia\Desktop
Loaded Profiles: UpdatusUser & Cornelia (Available profiles: UpdatusUser & Cornelia & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
() C:\Program Files (x86)\bob internetsoftware\bobInternetsoftware_Service.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
() C:\Program Files (x86)\bob internetsoftware\bobInternetsoftware_Launcher.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(WebToGo Gmbh) C:\Program Files (x86)\bob internetsoftware\bobInternetsoftware.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe
(Google Inc.) C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2010-10-29] (Acer Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11619432 2010-11-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2185832 2010-11-26] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296768 2010-11-12] (NTI Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-14] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1025616 2010-12-09] (Dritek System Inc.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2010-12-10] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\ssmmgr.exe [618496 2010-06-07] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2014-05-23] (Sony Corporation)
HKLM-x32\...\Run: [TAG_bobinternetsoftware_Launcher.exe] => C:\Program Files (x86)\bob internetsoftware\bobinternetsoftware_Launcher.exe [478192 2012-10-23] ()
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-05-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-109719926-1927758322-2587551322-1000\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Run: [Google Update] => C:\Users\Cornelia\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-30] (Google Inc.)
HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Run: [GoogleChromeAutoLaunch_B25262183A7D0BB9D958785DE345946E] => C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe [843592 2015-01-27] (Google Inc.)
HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-05-23] (Samsung)
HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-05-23] (Samsung)
HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\MountPoints2: {f0a87f3c-b662-11e2-97fd-b870f4b04956} - F:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2010-12-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [192616 2010-12-12] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Cornelia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Cornelia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.6.0.32
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.6.0.32
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.6.0.32
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.6.0.32
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-109719926-1927758322-2587551322-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-21-109719926-1927758322-2587551322-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-109719926-1927758322-2587551322-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.6.0.32
HKU\S-1-5-21-109719926-1927758322-2587551322-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-109719926-1927758322-2587551322-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-109719926-1927758322-2587551322-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.6.0.32
HKU\S-1-5-21-109719926-1927758322-2587551322-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-21-109719926-1927758322-2587551322-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-109719926-1927758322-2587551322-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-109719926-1927758322-2587551322-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-109719926-1927758322-2587551322-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
Tcpip\..\Interfaces\{5EA47198-71AC-4837-9E18-C7FC3143A626}: [NameServer] 194.48.128.199 194.48.139.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-109719926-1927758322-2587551322-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-109719926-1927758322-2587551322-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Cornelia\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-109719926-1927758322-2587551322-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.3.0.12\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.3.0.12\IPSFF [2014-06-26]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.0.43\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.0.43\coFFPlgn [2015-02-03]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=C2B5CCAF7872A4D7
CHR StartupUrls: Default -> "hxxp://google.at/", "https://learn.wu.ac.at/"
CHR Profile: C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (YouTube) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]
CHR Extension: (Google-Suche) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]
CHR Extension: (Norton Identity Safe) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-31]
CHR Extension: (Google Wallet) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
CHR Extension: (Google Mail) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]
CHR HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Cornelia\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-05-06]
CHR HKU\S-1-5-21-109719926-1927758322-2587551322-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
StartMenuInternet: Google Chrome - C:\Users\Cornelia\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe [262968 2014-09-21] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe [130104 2014-07-31] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2010-11-12] (NTI Corporation)
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2014-04-25] (Sony Corporation) [File not signed]
R2 TAG_Service; C:\Program Files (x86)\bob internetsoftware\bobinternetsoftware_Service.exe [497648 2012-10-23] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.3.0.12\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1506000.020\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07060.00F\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-05-22] () [File not signed]
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.3.0.12\Definitions\IPSDefs\20150130.001\IDSvia64.sys [668888 2015-01-14] (Symantec Corporation)
R3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [120832 2011-03-04] (TCT International Mobile Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.3.0.12\Definitions\VirusDefs\20150203.018\ENG64.SYS [129752 2015-01-19] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.3.0.12\Definitions\VirusDefs\20150203.018\EX64.SYS [2137304 2015-01-19] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
S2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-07-29] (Samsung Electronics)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-03-19] (DEVGURU Co., LTD.(www.devguru.co.kr))
R0 SymDS; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-06-24] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 08:02 - 2015-02-04 08:02 - 00002338 _____ () C:\Users\Cornelia\Desktop\bedr.eset.txt
2015-02-03 20:39 - 2015-02-03 20:39 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-03 20:38 - 2015-02-03 20:38 - 02347384 _____ (ESET) C:\Users\Cornelia\Desktop\esetsmartinstaller_deu.exe
2015-02-03 19:48 - 2015-02-03 19:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\2936541D.sys
2015-02-02 21:57 - 2015-02-02 21:57 - 00001607 _____ () C:\Users\Cornelia\Desktop\Malwarebytes.txt
2015-02-01 23:42 - 2015-02-04 06:48 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-01 23:42 - 2015-02-03 19:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-01 23:42 - 2015-02-01 23:42 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-01 23:42 - 2015-02-01 23:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-01 23:42 - 2015-02-01 23:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-01 23:42 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-01 23:42 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-01 23:42 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-01 23:39 - 2015-02-01 23:40 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Cornelia\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-01 23:33 - 2015-02-01 23:33 - 00006881 _____ () C:\Users\Cornelia\Desktop\AdwCleaner[S0].txt
2015-02-01 23:15 - 2015-02-01 23:29 - 00000000 ____D () C:\AdwCleaner
2015-02-01 23:13 - 2015-02-01 23:13 - 02194432 _____ () C:\Users\Cornelia\Desktop\AdwCleaner_4.109.exe
2015-02-01 23:08 - 2015-02-01 23:08 - 00000000 ____D () C:\Users\Cornelia\Desktop\RevoUninstallerPortable
2015-02-01 23:07 - 2015-02-01 23:07 - 02785665 _____ (PortableApps.com) C:\Users\Cornelia\Desktop\RevoUninstallerPortable_1.95_Rev_2.paf.exe
2015-02-01 23:03 - 2015-02-01 23:03 - 00003440 _____ () C:\Windows\System32\Tasks\{0B05C414-15BC-4BEC-9826-3E03612A7BA4}
2015-02-01 22:47 - 2015-02-02 00:57 - 00044591 _____ () C:\Users\Cornelia\Desktop\Addition.txt
2015-02-01 22:46 - 2015-02-04 08:04 - 00027979 _____ () C:\Users\Cornelia\Desktop\FRST.txt
2015-02-01 22:46 - 2015-02-04 08:04 - 00000000 ____D () C:\FRST
2015-02-01 22:45 - 2015-02-01 22:45 - 02131456 _____ (Farbar) C:\Users\Cornelia\Desktop\frst64.exe
2015-01-31 23:10 - 2015-01-31 23:10 - 00000000 ____D () C:\Users\Cornelia\AppData\Roaming\OpenOffice
2015-01-31 23:09 - 2015-01-31 23:09 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2015-01-31 23:09 - 2015-01-31 23:09 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2015-01-31 23:08 - 2015-01-31 23:09 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2015-01-31 23:03 - 2015-01-31 23:03 - 00000000 ____D () C:\Users\Cornelia\Desktop\OpenOffice 4.1.1 (de) Installation Files
2015-01-31 22:59 - 2015-01-31 23:02 - 164858324 _____ () C:\Users\Cornelia\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de.exe
2015-01-31 19:35 - 2015-01-31 19:35 - 00001757 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-01-31 19:35 - 2015-01-31 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-31 19:34 - 2015-01-31 19:35 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-31 19:34 - 2015-01-31 19:35 - 00000000 ____D () C:\Program Files\iTunes
2015-01-31 19:34 - 2015-01-31 19:34 - 00000000 ____D () C:\Program Files\iPod
2015-01-31 19:34 - 2015-01-31 19:34 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-31 19:30 - 2015-01-31 19:30 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-01-31 19:26 - 2015-01-31 19:26 - 03533528 _____ (DVDVideoSoft Ltd. ) C:\Users\Cornelia\Downloads\FreeStudio.exe
2015-01-31 19:23 - 2015-01-31 19:24 - 03533008 _____ (DVDVideoSoft Ltd. ) C:\Users\Cornelia\Downloads\FreeYouTubeToMP3Converter (1).exe
2015-01-19 11:11 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-19 11:11 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-19 11:11 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-19 11:11 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-19 11:11 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-19 11:11 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-19 11:11 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-16 18:29 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-16 18:29 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-16 18:29 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-16 18:29 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-16 18:29 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-16 18:29 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 07:59 - 2011-12-04 00:08 - 00000000 ____D () C:\Users\Cornelia\AppData\Roaming\Skype
2015-02-04 07:41 - 2014-05-06 21:59 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-04 07:09 - 2011-11-24 17:04 - 01716075 _____ () C:\Windows\WindowsUpdate.log
2015-02-04 07:07 - 2013-02-28 17:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-04 02:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-04 00:55 - 2011-12-03 23:21 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001UA
2015-02-04 00:55 - 2011-12-03 23:21 - 00003712 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001Core
2015-02-04 00:55 - 2011-12-03 23:21 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001UA.job
2015-02-04 00:55 - 2011-12-03 23:21 - 00001080 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-109719926-1927758322-2587551322-1001Core.job
2015-02-03 22:43 - 2011-12-05 22:16 - 00000099 _____ () C:\Users\Public\LMDebug.log
2015-02-03 20:41 - 2014-05-06 21:59 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 20:07 - 2011-01-11 16:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-03 20:06 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-03 20:06 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-03 19:52 - 2014-05-06 22:01 - 00000000 ___RD () C:\Users\Cornelia\Google Drive
2015-02-03 19:52 - 2012-11-25 17:12 - 00000000 ___RD () C:\Users\Cornelia\Dropbox
2015-02-03 19:51 - 2012-11-25 17:10 - 00000000 ____D () C:\Users\Cornelia\AppData\Roaming\Dropbox
2015-02-03 19:49 - 2011-11-24 17:44 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-02-03 19:48 - 2011-12-01 21:16 - 00000000 ____D () C:\ProgramData\clear.fi
2015-02-03 19:47 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-03 19:47 - 2009-07-14 05:51 - 00090009 _____ () C:\Windows\setupact.log
2015-02-02 23:34 - 2011-11-24 17:01 - 00132320 _____ () C:\Windows\PFRO.log
2015-02-02 22:49 - 2011-01-11 16:39 - 00000000 ____D () C:\Program Files (x86)\EgisTec IPS
2015-02-02 21:56 - 2011-11-24 16:58 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2015-02-02 21:56 - 2011-11-24 16:58 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2015-02-02 21:56 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-02 00:43 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\Performance
2015-02-01 23:31 - 2009-07-14 05:45 - 00295672 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-31 23:10 - 2011-12-01 19:24 - 00068616 _____ () C:\Users\Cornelia\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-31 23:08 - 2011-12-08 13:34 - 00000000 ____D () C:\Program Files (x86)\OpenOffice.org 3
2015-01-31 23:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-31 19:34 - 2011-12-03 23:57 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-31 19:32 - 2011-12-03 23:52 - 00000000 ____D () C:\Users\Cornelia\AppData\Roaming\DVDVideoSoft
2015-01-31 19:31 - 2014-05-12 10:57 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-01-31 19:31 - 2013-04-22 14:26 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-01-31 19:31 - 2013-03-15 12:28 - 00001536 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2015-01-31 19:31 - 2013-03-15 12:28 - 00001245 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-01-31 19:31 - 2011-12-03 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-01-31 19:07 - 2013-02-28 17:29 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-31 19:07 - 2013-02-28 17:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-31 19:07 - 2013-02-28 17:29 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-31 19:07 - 2011-12-03 23:23 - 00002381 _____ () C:\Users\Cornelia\Desktop\Google Chrome.lnk
2015-01-29 22:46 - 2014-05-06 22:00 - 00002046 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-01-29 22:46 - 2014-05-06 22:00 - 00002044 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-01-29 22:46 - 2014-05-06 22:00 - 00002034 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-01-29 22:46 - 2014-05-06 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-19 10:57 - 2012-11-11 19:11 - 00000000 ____D () C:\Users\Cornelia\AppData\Local\CrashDumps
2015-01-16 20:03 - 2013-07-22 20:03 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-16 20:03 - 2011-12-04 20:44 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-12 20:05 - 2012-05-27 20:28 - 01344512 ___SH () C:\Users\Cornelia\Downloads\Thumbs.db

==================== Files in the root of some directories =======

2011-11-24 17:36 - 2011-11-24 17:39 - 0016108 _____ () C:\ProgramData\ArcadeDeluxe5.log
2011-01-11 16:25 - 2010-03-03 00:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe

Some content of TEMP:
====================
C:\Users\Cornelia\AppData\Local\Temp\amazonicon.exe
C:\Users\Cornelia\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Cornelia\AppData\Local\Temp\COMAP.EXE
C:\Users\Cornelia\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpaebcel.dll
C:\Users\Cornelia\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Cornelia\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Cornelia\AppData\Local\Temp\FreeYouTubeToMP3Converter.exe
C:\Users\Cornelia\AppData\Local\Temp\MSN7AFB.exe
C:\Users\Cornelia\AppData\Local\Temp\Quarantine.exe
C:\Users\Cornelia\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Cornelia\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Cornelia\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Cornelia\AppData\Local\Temp\sqlite3.dll
C:\Users\Cornelia\AppData\Local\Temp\tmpB3CF.exe
C:\Users\Cornelia\AppData\Local\Temp\tmpB8D8.exe
C:\Users\Cornelia\AppData\Local\Temp\uninst1.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-04 02:12

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 04.02.2015, 19:08   #14
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Positive Finds Ads - Standard

Positive Finds Ads



Hi,
Schritt 1



Bitte folgendes in die URL-Zeile von Chrome eingeben und mit ENTER bestätigen:

Code:
ATTFilter
chrome://settings/homePageOverlay
         
Code:
ATTFilter
www.delta-search.com
         
dann löschen.


Schritt 2



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
ATTFilter
CloseProcesses:
C:\Users\Cornelia\Documents\Downloads\FreeYouTubeToMp3Converter (2).exe
C:\Users\Cornelia\Documents\Downloads\FreeYouTubeToMp3Converter (3).exe
C:\Users\Cornelia\Downloads\Die-Sims-3---Einfach-tierisch-Setup.exe
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-109719926-1927758322-2587551322-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
Task: {220C245B-25BA-4C9D-BEE8-003CA43A5BD9} - System32\Tasks\{0B05C414-15BC-4BEC-9826-3E03612A7BA4} => pcalua.exe -a "C:\Users\Cornelia\Local Settings\Application Data\Bundled software uninstaller\biclient.exe" -c /initurl hxxp://bi.bisrv.com/:affid:/:sid:/:uid:? /affid uninstall /id uninstall /name "Bundled software uninstaller"
AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57
CreateRestorePoint:
EmptyTemp:
         
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.


Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Antwort

Themen zu Positive Finds Ads
abend, ads, andere, antivirus, ausgeführt, compu, computer, computern, facebook, finds, google, guten, heute, hoffe, norten, positive, positive finds, positive finds ads, problem, scan, seite, seiten, umgang, öffnen



Ähnliche Themen: Positive Finds Ads


  1. Positive Finds ads
    Plagegeister aller Art und deren Bekämpfung - 26.02.2015 (10)
  2. Positive Finds ads auf meinem PC
    Plagegeister aller Art und deren Bekämpfung - 22.02.2015 (14)
  3. Positive Finds eingefangen.
    Plagegeister aller Art und deren Bekämpfung - 20.02.2015 (15)
  4. Positive Finds ads, ABP
    Log-Analyse und Auswertung - 19.02.2015 (8)
  5. Positive finds
    Plagegeister aller Art und deren Bekämpfung - 15.02.2015 (13)
  6. Positive Finds Ads entfernen
    Plagegeister aller Art und deren Bekämpfung - 15.02.2015 (19)
  7. Positive Finds Problem
    Plagegeister aller Art und deren Bekämpfung - 13.02.2015 (13)
  8. Positive finds
    Plagegeister aller Art und deren Bekämpfung - 12.02.2015 (52)
  9. positive finds Werbung
    Plagegeister aller Art und deren Bekämpfung - 11.02.2015 (3)
  10. ads by positive finds
    Plagegeister aller Art und deren Bekämpfung - 08.02.2015 (11)
  11. Positive finds wie löschen?
    Plagegeister aller Art und deren Bekämpfung - 07.02.2015 (20)
  12. Positive finds ads Problem!
    Plagegeister aller Art und deren Bekämpfung - 07.02.2015 (9)
  13. Positive Finds - Windows 8.1
    Plagegeister aller Art und deren Bekämpfung - 05.02.2015 (15)
  14. Positive Finds
    Plagegeister aller Art und deren Bekämpfung - 04.02.2015 (13)
  15. Positive Finds ads ist hartnäckig!
    Log-Analyse und Auswertung - 03.02.2015 (1)
  16. Probleme mit Positive Finds
    Plagegeister aller Art und deren Bekämpfung - 03.02.2015 (23)
  17. Positive finds ads entfernen
    Plagegeister aller Art und deren Bekämpfung - 31.01.2015 (21)

Zum Thema Positive Finds Ads - Guten Abend Ich habe seit heute ein Problem - bei fast allen Seiten die ich öffne (komischerweise bei allen außer Google und Facebook), öffnen sich mehrere Werbungen. Nach langwieriger Recherche - Positive Finds Ads...
Archiv
Du betrachtest: Positive Finds Ads auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.