Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7: Firewall meldet Adware/Spyware

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 05.03.2015, 06:42   #1
Equimon
 
Windows 7: Firewall meldet Adware/Spyware - Standard

Windows 7: Firewall meldet Adware/Spyware



Hallo liebes TB-Team,

ich habe mir anscheinend bei den Vorbereitungen zur letzten LAN-Party einen oder mehrere Schädlinge eingefangen. Meine Freunde und ich haben Minecraft gespielt, und da einige meiner Freunde das Spiel nicht besitzen war ich so lieb, für sie nach einer temporären Lösung zu suchen. Das heißt soviel: ja, ich habe es kostenlos von einer dubiosen Quelle heruntergeladen. Ich muss dazu aber sagen, dass ich das Spiel selbst als gekaufte Version besitze und die illegalen Kopien auch wieder gelöscht wurden.
Nun, einige Tage später, meldet sich nach einem Neustart meine Firewall mit der Meldung, dass sich Malware auf meinem PC befindet. Außerdem hatte der Computer kurz vor der Meldung schon herumgesponnen, in diesem Falle äußerst oft den Klick-Soundeffekt abgespielt, als ob irgendetwas ausgeführt wird. Des Weiteren öffneten sich zwei Fehlermeldungen (die selbe), deren Inhalt ich dummerweise nicht niedergeschrieben habe.
Ich bin mir also ziemlich sicher, dass ich meinen Laptop mit irgendeinem Schädling infiziert habe, was mir MBAM und Avira auch bestätigt haben, wie ihr im Log-File sicher sehen werdet.
Ich wäre also äußerst Froh, wenn mir einer von euch helfen könnte, obwohl ich mir das Problem beim "saugen" eingefangen habe, denn normalerweise tue ich das nicht (Angst vor Konsequenzen), nur diesmal war ich halt in Eile und habe eine dumme Entscheidung getroffen.

Ich bedanke mich schon einmal im Voraus.
Mit freundlichen Grüßen,
Tim

P.S.: der letzte AVIRA Scan ist Angehängt, der war einfach zu groß...


letzter MBAM Scan:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 02.03.2015
Suchlauf-Zeit: 22:20:44
Logdatei: MWB Log.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.03.03.01
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: *****

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 387861
Verstrichene Zeit: 36 Min, 26 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Tiefer Rootkit-Suchlauf: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 4
PUP.Optional.Amonetize, C:\Users\*****\Downloads\Installer (Right Click and select extract).zip, , [d8d1f1315238bd79e549f81edb271ce4], 
Backdoor.Bot, C:\Users\*****\Downloads\Trampoline - CHIP-Installer.exe, , [4267a87a9bef90a65daadd90aa5648b8], 
PUP.Optional.AZLyrics.A, C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage, , [4a5f031f1c6e3204eb120ca01ee539c7], 
PUP.Optional.AZLyrics.A, C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal, , [e8c13ae8593161d5ca339418fc073fc1], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
defogger_disable:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:42 on 04/03/2015 (*****)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
         
FRST:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01
Ran by ***** (administrator) on HOFFI on 04-03-2015 19:49:20
Running from C:\Users\*****\Desktop\Virenscheiß
Loaded Profiles: ***** (Available profiles: *****)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(vdc) C:\vdc.exe
(Spotify Ltd) C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(AlcaTech) C:\Windows\SysWOW64\mmrtkrnl.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files\Macrium\Reflect\ReflectService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-22] (Alcor Micro Corp.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9643552 2009-12-10] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-04-23] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2773232 2013-10-17] (Synaptics Incorporated)
HKLM\...\Run: [vdc] => c:\vdc.exe [29696 2014-12-23] (vdc)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-08] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-02-01] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-24] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-24] (Egis Technology Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [Realtime Audio Engine] => "mmrtkrnl.exe" /i
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-03-26] (Apple Inc.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [85160 2009-06-17] (Elaborate Bytes AG)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-01-29] (DivX, LLC)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe [60640 2014-08-27] (Razer Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-02-17] (LogMeIn Inc.)
HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-05-06] (Google Inc.)
HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2874048 2015-02-18] (Valve Corporation)
HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\...\Run: [Spotify Web Helper] => C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-22] (Spotify Ltd)
HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\...\Run: [Google Update] => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-11] (Google Inc.)
HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\...\Run: [AudialsNotifier] => C:\Program Files (x86)\Audials\Audials 11\AudialsNotifier.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.2 HD Edition.lnk
ShortcutTarget: PHOTOfunSTUDIO 5.2 HD Edition.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-3896820611-3695378639-3730271298-1001 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE462
SearchScopes: HKU\S-1-5-21-3896820611-3695378639-3730271298-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE462
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3896820611-3695378639-3730271298-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @gametap.com/npdd,version=1.0 -> C:\Program Files (x86)\Downloader\npdd.dll (Metaboli)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3896820611-3695378639-3730271298-1001: @tools.google.com/Google Update;version=3 -> C:\Users\*****\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3896820611-3695378639-3730271298-1001: @tools.google.com/Google Update;version=9 -> C:\Users\*****\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3896820611-3695378639-3730271298-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\*****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3896820611-3695378639-3730271298-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\searchplugins\webde-suche.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\Extensions\ich@maltegoetz.de [2014-02-15]
FF Extension: Gutscheinrausch.de - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\Extensions\mail@gutscheinrausch.de [2012-01-07]
FF Extension: WEB.DE MailCheck - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\Extensions\toolbar@web.de [2015-02-25]
FF Extension: FireShot - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2015-02-25]
FF Extension: DownloadHelper - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-04]
FF Extension: Firefox Old Version Update Hotfix - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-11-04]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-11]
FF Extension: Fox!Box - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\Extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi [2012-01-07]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-03-31]
FF HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\...\Firefox\Extensions: [mail@gutscheinrausch.de] - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\extensions\mail@gutscheinrausch.de

Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2013-01-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (Adblock Plus) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-07]
CHR Extension: (Tampermonkey) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2013-12-24]
CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-06]
StartMenuInternet: Google Chrome.TS3QRDK64WXWRX6QCAFSWOMIDU - C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-02-16] (LogMeIn, Inc.)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-08] (NewTech Infosystems, Inc.) [File not signed]
S2 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [438272 2014-01-12] (PowerUp Software, LLC) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-10-28] ()
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [302200 2013-01-31] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [105448 2014-08-27] (Razer Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R0 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [75384 2009-02-03] (Protection Technology (StarForce))
R0 sfdrv01a; C:\Windows\System32\drivers\sfdrv01a.sys [77432 2009-02-03] (Protection Technology (StarForce))
S0 sfsync02; C:\Windows\System32\drivers\sfsync02.sys [22936 2006-07-10] (Protection Technology)
R0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [107384 2007-02-08] (Protection Technology (StarForce))
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-04-22] (Duplex Secure Ltd.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 ALSysIO; \??\C:\Users\TIMHOF~1\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 19:47 - 2015-03-04 19:49 - 00000000 ____D () C:\FRST
2015-03-04 19:42 - 2015-03-04 19:42 - 00000020 _____ () C:\Users\*****\defogger_reenable
2015-03-04 19:35 - 2015-03-04 19:49 - 00000000 ____D () C:\Users\*****\Desktop\Virenscheiß
2015-02-27 16:15 - 2015-02-27 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reFX
2015-02-27 16:15 - 2009-10-24 21:15 - 01332224 _____ (AD © 2009) C:\Windows\SysWOW64\SYNSOEMU.DLL
2015-02-27 06:19 - 2015-02-27 06:19 - 00000000 ____D () C:\Users\*****\Downloads\Nexus 2
2015-02-27 04:14 - 2015-02-27 04:29 - 360514983 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_153_[720p].rar
2015-02-27 04:14 - 2015-02-27 04:27 - 275835122 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_155_[720p].rar
2015-02-27 04:14 - 2015-02-27 04:26 - 290618305 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_152_[720p].rar
2015-02-27 04:14 - 2015-02-27 04:26 - 267951547 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_154_[720p].rar
2015-02-27 04:14 - 2015-02-27 04:26 - 266599149 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_151_[720p].rar
2015-02-27 03:52 - 2015-02-27 04:07 - 338345055 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_150_[720p].rar
2015-02-27 03:52 - 2015-02-27 04:06 - 345239455 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_149_[720p].rar
2015-02-27 03:52 - 2015-02-27 04:06 - 334670845 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_148_[720p].rar
2015-02-27 03:52 - 2015-02-27 04:06 - 314396727 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_147_[720p].rar
2015-02-27 03:52 - 2015-02-27 04:05 - 311973771 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_146_[720p].rar
2015-02-27 02:19 - 2015-02-27 03:06 - 3405035783 _____ () C:\Users\*****\Downloads\Nexus 2.rar
2015-02-25 01:43 - 2015-02-25 01:51 - 280644064 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_145_[720p].rar
2015-02-25 01:13 - 2015-02-25 01:31 - 327233270 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_144_[720p].rar
2015-02-25 01:13 - 2015-02-25 01:30 - 346924549 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_142_[720p].rar
2015-02-25 01:13 - 2015-02-25 01:30 - 300449228 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_143_[720p].rar
2015-02-25 01:13 - 2015-02-25 01:29 - 295086449 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_141_[720p].rar
2015-02-25 00:41 - 2015-02-25 01:07 - 333548700 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_137_HD.rar
2015-02-25 00:41 - 2015-02-25 01:03 - 335537818 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_138_[720p].rar
2015-02-25 00:41 - 2015-02-25 01:00 - 290496577 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_139_[720p].rar
2015-02-25 00:41 - 2015-02-25 01:00 - 287249494 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_140_[720p].rar
2015-02-25 00:06 - 2015-02-25 00:38 - 321143917 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_135_HD.rar
2015-02-25 00:06 - 2015-02-25 00:38 - 316575541 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_136_HD.rar
2015-02-25 00:06 - 2015-02-25 00:34 - 325195909 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_134_HD.rar
2015-02-25 00:05 - 2015-02-25 00:35 - 325361193 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_132_HD.rar
2015-02-24 22:48 - 2015-02-24 23:17 - 343571497 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_131_HD.rar
2015-02-24 22:47 - 2015-02-24 23:14 - 340215569 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_133_HD.rar
2015-02-24 22:47 - 2015-02-24 23:13 - 350739489 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_130_HD.rar
2015-02-24 22:47 - 2015-02-24 23:11 - 331224184 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_127_HD.rar
2015-02-24 22:47 - 2015-02-24 23:11 - 311996544 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_129_HD.rar
2015-02-24 22:47 - 2015-02-24 23:10 - 306867635 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_128_HD.rar
2015-02-24 21:27 - 2015-02-24 21:42 - 311307134 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_126_HD.rar
2015-02-24 21:27 - 2015-02-24 21:41 - 307125876 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_124_HD.rar
2015-02-24 21:27 - 2015-02-24 21:40 - 332383718 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_125_HD.rar
2015-02-24 12:27 - 2015-02-24 12:46 - 415497001 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_122_[720p].rar
2015-02-24 12:27 - 2015-02-24 12:46 - 410081563 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_118_[720p].rar
2015-02-24 12:27 - 2015-02-24 12:45 - 436034769 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_119_[720p].rar
2015-02-24 12:27 - 2015-02-24 12:43 - 322098367 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_121_[720p].rar
2015-02-24 12:27 - 2015-02-24 12:43 - 310951190 _____ () C:\Users\*****\Downloads\[FNFs]Fairy_Tail_123_HD.rar
2015-02-24 12:27 - 2015-02-24 12:42 - 355070536 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_120_[720p].rar
2015-02-24 12:09 - 2015-02-24 12:20 - 400366103 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_117_[720p].rar
2015-02-24 11:57 - 2015-02-24 12:08 - 363826607 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_116_[720p].rar
2015-02-20 22:15 - 2015-02-20 22:15 - 00000000 ____D () C:\Users\*****\AppData\Local\Steam
2015-02-20 22:11 - 2015-02-20 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-02-20 22:10 - 2015-02-20 22:11 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-02-20 22:08 - 2015-02-20 22:08 - 00000000 _____ () C:\Windows\SysWOW64\sho70B7.tmp
2015-02-05 04:05 - 2015-02-05 04:05 - 00000000 ____D () C:\Users\*****\Downloads\sk073Audiotorture-SonicDecapitation
2015-02-04 23:42 - 2015-02-04 23:42 - 30518667 _____ () C:\Users\*****\Downloads\sk073Audiotorture-SonicDecapitation.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 19:52 - 2014-05-08 10:46 - 01341756 _____ () C:\Windows\WindowsUpdate.log
2015-03-04 19:48 - 2014-09-10 12:16 - 00000000 ____D () C:\Users\*****\AppData\Local\LogMeIn Hamachi
2015-03-04 19:45 - 2012-04-29 05:32 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-04 19:44 - 2014-05-19 13:15 - 00028870 _____ () C:\Windows\PFRO.log
2015-03-04 19:44 - 2014-05-08 10:51 - 00020328 _____ () C:\Windows\setupact.log
2015-03-04 19:44 - 2011-12-18 13:25 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-04 19:44 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-04 19:42 - 2011-12-18 10:43 - 00000000 ____D () C:\Users\*****
2015-03-04 19:41 - 2009-07-13 20:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-04 19:41 - 2009-07-13 20:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-04 19:36 - 2014-07-21 10:51 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-03-04 19:29 - 2014-02-21 16:47 - 00119296 _____ () C:\Windows\SysWOW64\zlib.dll
2015-03-04 19:26 - 2013-01-16 14:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-04 19:26 - 2012-09-11 14:22 - 00001156 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3896820611-3695378639-3730271298-1001UA.job
2015-03-04 19:26 - 2011-12-18 13:25 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-03 22:02 - 2012-09-11 14:22 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3896820611-3695378639-3730271298-1001Core.job
2015-03-03 16:30 - 2014-05-08 19:27 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-03-02 23:01 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Branding
2015-03-02 22:20 - 2014-05-03 12:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-02 22:20 - 2014-05-03 12:57 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-02 22:20 - 2014-05-03 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-02 22:20 - 2014-05-03 12:57 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-02 22:14 - 2013-09-25 06:16 - 00000000 ____D () C:\Users\*****\AppData\Local\Deployment
2015-03-02 22:14 - 2013-09-25 06:16 - 00000000 ____D () C:\Users\*****\AppData\Local\Apps\2.0
2015-02-27 16:16 - 2012-10-14 08:03 - 00000000 ____D () C:\Program Files (x86)\VstPlugins
2015-02-27 02:11 - 2014-04-14 09:09 - 00000000 ____D () C:\Users\*****\AppData\Roaming\.minecraft
2015-02-25 02:13 - 2014-12-25 07:10 - 00000000 ____D () C:\Users\*****\Downloads\Fairy Tail
2015-02-24 11:54 - 2014-08-21 17:07 - 00003846 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1408669623
2015-02-23 23:06 - 2012-05-25 17:50 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Winamp
2015-02-23 08:04 - 2011-12-22 13:12 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2015-02-16 16:20 - 2012-06-27 09:40 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-02-04 21:57 - 2012-09-11 14:22 - 00004144 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3896820611-3695378639-3730271298-1001UA
2015-02-04 21:57 - 2012-09-11 14:22 - 00003748 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3896820611-3695378639-3730271298-1001Core
2015-02-04 21:57 - 2011-12-18 13:25 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 21:57 - 2011-12-18 13:25 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 16:26 - 2013-01-16 14:11 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 16:26 - 2012-03-31 04:21 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 16:26 - 2011-12-18 13:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 02:13 - 2011-12-26 12:54 - 00000000 ____D () C:\Users\*****\AppData\Roaming\vlc

==================== Files in the root of some directories =======

2006-12-11 09:13 - 2006-12-11 09:13 - 0097336 _____ (Un4seen Developments) C:\Users\*****\AppData\Local\bass.dll
2006-12-11 09:13 - 2006-12-11 09:13 - 0013872 _____ (Un4seen Developments) C:\Users\*****\AppData\Local\basscd.dll
2007-08-13 07:46 - 2007-08-13 07:46 - 0102912 _____ (Albert L Faber) C:\Users\*****\AppData\Local\CDRip.dll
2012-06-10 11:22 - 2012-06-10 11:28 - 0005120 _____ () C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2007-01-18 11:09 - 2007-01-18 11:09 - 0623616 _____ (Ivan Bischof ©2003 - 2005) C:\Users\*****\AppData\Local\No23 Recorder.exe
2013-08-28 13:18 - 2014-04-18 02:16 - 0001484 _____ () C:\Users\*****\AppData\Local\RecConfig.xml
2014-08-07 17:01 - 2014-08-07 17:01 - 0001495 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-04-14 12:47 - 2014-04-14 12:47 - 0007605 _____ () C:\Users\*****\AppData\Local\Resmon.ResmonCfg
2010-05-06 15:57 - 2010-01-27 06:40 - 0131472 _____ () C:\ProgramData\FullRemove.exe

Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\abelssoft.setup.exe
C:\Users\*****\AppData\Local\Temp\avgnt.exe
C:\Users\*****\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\*****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxshtgx.dll
C:\Users\*****\AppData\Local\Temp\FreemakeVideoConverterFull.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 23:32

==================== End Of Log ============================
         
Additions:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2015 01
Ran by ***** at 2015-03-04 19:56:30
Running from C:\Users\*****\Desktop\Virenscheiß
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.60 - NewTech Infosystems)
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.3.5 - Liteon)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3004 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3011 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1) (Version: 6.1.0.2 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0423.2010 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActivePerl 5.14.2 Build 1402 (HKLM-x32\...\{02BFF1A3-A0D5-4F64-8558-A22682BCDA58}) (Version: 5.14.1402 - ActiveState)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}) (Version: 1.5.17.05094 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.5.17.05094 - Alcor Micro Corp.) Hidden
Amazon Kindle (HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\...\Amazon Kindle) (Version:  - Amazon)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
AMD Catalyst Install Manager (HKLM\...\{C7A772A4-73CF-EB06-172F-75C5F6C80AAC}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arcus - Rubik's Cube Simulator 0.3.2 (HKLM-x32\...\Arcus - Rubik's Cube Simulator 0.3.2) (Version:  - Peter Szilagyi)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
Audiosurf (HKLM-x32\...\Steam App 12900) (Version:  - Dylan Fitterer)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.6 - Auslogics Software Pty Ltd)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
AWeather (HKLM-x32\...\AWeather) (Version:  - )
Backup Manager Basic (x32 Version: 2.0.0.60 - NewTech Infosystems) Hidden
Battlefield 2(TM) (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version:  - )
Beat Ball 2 (HKLM-x32\...\BeatBall2) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BrettspielWelt (HKLM-x32\...\BrettspielWelt) (Version: 1.0 - BrettspielWelt GmbH)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 12.52.03 - Broadcom Corporation)
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version:  - Oberon Media)
CCleaner (HKLM\...\CCleaner) (Version: 3.14 - Piriform)
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)
Core Temp 1.0 RC2 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Crazy Machines (HKLM-x32\...\Steam App 18420) (Version:  - Fakt Software)
Crazy Machines II (HKLM-x32\...\{112B0ED9-57F8-4883-8E6A-5BEAABDABBC1}) (Version: 1.00 - FAKT Software GmbH)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2529.50 - CyberLink Corp.)
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.24 - DivX, LLC)
Downloader (HKLM-x32\...\Downloader) (Version:  - )
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
Dropbox (HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
DzSoft Perl Editor 5.8.9 (HKLM-x32\...\dzperl_is1) (Version: 5.8.9 - DzSoft Ltd)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Express Burn (HKLM-x32\...\ExpressBurn) (Version: 4.69 - NCH Software)
EZdrummer Lite Installer (HKLM-x32\...\{E80B34EE-F3E5-4F60-AE89-FF0D717554A2}) (Version: 1.1.4 - Toontrack)
Façade (HKLM-x32\...\{24E34264-D483-477C-A9A0-4E53F69834CF}) (Version: 1.1.2 - Procedural Arts)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FLAC 1.2.1b (remove only) (HKLM-x32\...\FLAC) (Version: 1.2.1b - Xiph.org)
FlatOut (HKLM-x32\...\Steam App 6220) (Version:  - Bugbear Entertainment)
FlatOut 2 (HKLM-x32\...\Steam App 2990) (Version:  - Bugbear Entertainment)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
foobar2000 v1.2.5 (HKLM-x32\...\foobar2000) (Version: 1.2.5 - Peter Pawlowski)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Audio Converter version 5.0.28.812 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.28.812 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version:  - Oberon Media)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Garry)
GIMP 2.6.12 (HKLM\...\GIMP-2_is1) (Version: 2.6.12 - The GIMP Team)
Google Chrome (HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
GutscheinRausch.de - AddOn für Firefox (HKLM-x32\...\{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1) (Version: 2.81 - GutscheinRausch.de)
Hedgewars (HKLM-x32\...\hedgewars) (Version: 0.9.18 - Hedgewars Project)
herdProtect Anti-Malware Scanner (HKLM-x32\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
ICQ7.7 (HKLM-x32\...\{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}) (Version: 7.7 - ICQ)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Inkscape 0.48.2 (HKLM-x32\...\Inkscape) (Version: 0.48.2 - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
iTunes (HKLM\...\{CF8FFD12-602B-422D-AF1D-511B411E7632}) (Version: 10.6.1.7 - Apple Inc.)
Java 7 Update 15 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417015FF}) (Version: 7.0.150 - Oracle)
Java 7 Update 15 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217015FF}) (Version: 7.0.150 - Oracle)
Jibbin version March 2010 (HKLM-x32\...\{3252AF1C-86C7-404B-90EE-96C41C60F24F}_is1) (Version: March 2010 - Thomas Champagne)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche Studios)
Just Cause 2: Multiplayer - Dedicated Server (HKLM-x32\...\Steam App 261140) (Version:  - )
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - Avalanche Studios)
K-Lite Codec Pack 6.0.4 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.0.4 - )
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.8 - Acer Inc.)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Little Fighter (HKLM-x32\...\Little Fighter) (Version:  - )
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.319 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.319 - LogMeIn, Inc.) Hidden
Macrium Reflect Free Edition (HKLM\...\{E9220B1F-33C4-4A89-B34D-38374CFBE2CF}) (Version: 5.1.5603 - Paramount Software (UK) Ltd.)
Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios)
MAGIX Music Maker 17 Premium (HKLM-x32\...\MAGIX_MSI_mm17dlx) (Version: 17.0.0.16 - MAGIX AG)
MAGIX Music Maker 17 Premium (x32 Version: 17.0.0.16 - MAGIX AG) Hidden
MAGIX Screenshare (HKLM-x32\...\{6333C013-366F-45BD-B598-9E0B25E41605}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM-x32\...\{9C4436D2-3644-40E9-985C-D3D015F87285}) (Version: 7.0.2.6 - MAGIX AG)
Mah Jongg 2 (HKLM-x32\...\Mah Jongg 2) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
ManiaPlanet (HKLM-x32\...\ManiaPlanet_is1) (Version:  - Nadeo)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Motocross Madness 2 (HKLM-x32\...\Motocross Madness 2) (Version:  - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access 2003 Runtime (HKLM-x32\...\{901C0407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 2.0 (HKLM-x32\...\{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}) (Version: 2.0.11128.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft_VC100_CRT_x86 (HKLM-x32\...\{6FDDB201-2CA0-42BD-973F-7B2C4A61EA3F}) (Version: 1.0.0 - Microsoft)
MixPad Audiodatei-Mixer (HKLM-x32\...\MixPad) (Version:  - NCH Software)
Moebius (HKLM-x32\...\{D6903FBB-FA2E-49DE-896F-7050B8679AFC}) (Version: 3.10.0000 - Fa. Ellen Hoche)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MuseScore 1.0 MuseScore score typesetter (HKLM-x32\...\MuseScore) (Version: 1.0.0 - Werner Schweer and Others)
MyWinLocker (x32 Version: 3.1.206.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.206.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.206.0 - Egis Technology Inc.) Hidden
Native Instruments DrumMicA (HKLM-x32\...\Native Instruments DrumMicA) (Version:  - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.2.0.6361 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.4.1.1158 - Native Instruments)
No23 Recorder (HKLM-x32\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.628 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.628 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6630 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6630 - NewTech Infosystems) Hidden
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenMPT 1.22 (HKLM-x32\...\{67903736-E9BB-4664-B148-F62BCAB4FA42}_is1) (Version: 1.22.02.00 - OpenMPT Devs / Olivier Lapicque)
Opera Stable 27.0.1689.76 (HKLM-x32\...\Opera 27.0.1689.76) (Version: 27.0.1689.76 - Opera Software ASA)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
PHOTOfunSTUDIO 5.2 HD Edition (HKLM-x32\...\{0AE09EFD-8680-4B14-9643-00AB33BEC6ED}) (Version: 5.02.126 - Panasonic Corporation)
PhotoStage Diashow-Ersteller (HKLM-x32\...\PhotoStage) (Version:  - NCH Software)
Pinnacle Game Profiler (HKLM-x32\...\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}) (Version: 7.4.2 - PowerUp Software)
Portal 2 (HKLM-x32\...\Postal 2_is1) (Version:  - )
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Portal 2 Publishing Tool (HKLM-x32\...\Steam App 644) (Version:  - )
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 5.0.89.0 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6000 - Realtek Semiconductor Corp.)
reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version:  - )
RollerCoaster Tycoon 3 (HKLM-x32\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - )
RPG Maker 2000 1.05 (HKLM-x32\...\RPG Maker 2000 1.05) (Version:  - )
RTP 1.32 Add-On for RM2k (HKLM-x32\...\RTP 1.32 Add-On for RM2k) (Version:  - )
RTP for RM2K (Png, Wav, Midi, Fonts) (HKLM-x32\...\RTP for RM2K (Png, Wav, Midi, Fonts)) (Version:  - )
Shredder (Version: 2.0.5.0 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.5.0 - Egis Technology Inc.) Hidden
SILKYPIX Developer Studio 3.1 SE (HKLM-x32\...\InstallShield_{0A04086B-0B71-43C3-95EF-FDFC4C18D161}) (Version: 3 - Ichikawa Soft Laboratory)
SILKYPIX Developer Studio 3.1 SE (x32 Version: 3 - Ichikawa Soft Laboratory) Hidden
Sins of a Solar Empire (HKLM-x32\...\Sins of a Solar Empire) (Version:  - Stardock Entertainment)
Sins of a Solar Empire (x32 Version: 1.05 - Kalypso) Hidden
Ski Challenge 12 (SRF) (HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\...\sc12-CH_SF) (Version:  - )
Ski Challenge 14 (HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\...\sc14-GAMETWIST_MAIN) (Version:  - )
Skispringen 2007 (HKLM-x32\...\Skispringen 2007_0001) (Version:  - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version:  - Oberon Media)
Spotify (HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Sylenth1 v2.21 (HKLM-x32\...\Sylenth1_is1) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.19.0 - Synaptics Incorporated)
TabTrax Demo 1.9 (HKLM-x32\...\TabTrax Demo) (Version:  - )
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Tinypic 3.18 (HKLM-x32\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler)
TmUnitedForever Update 2010-03-15 (HKLM-x32\...\TmUnitedForever_is1) (Version:  - Nadeo)
Tom Clancy's H.A.W.X. (HKLM-x32\...\Steam App 21900) (Version:  - Ubisoft Bucharest Studio)
Tony Hawk's American Wasteland (HKLM-x32\...\{3293C06B-003F-4027-8380-FFD79E38167D}) (Version: 1.00.0000 - Ihr Firmenname)
Tony Hawk's Underground 2 (HKLM-x32\...\InstallShield_{EF1394D4-9FB6-4F1F-9A09-20FF3033AE14}) (Version: 1.00.0000 - Activision)
Tony Hawk's Underground 2 (x32 Version: 1.00.0000 - Activision) Hidden
TrackMania Sunrise (HKLM-x32\...\TmSunrise_is1) (Version:  - Nadeo)
TrackMania United 0.2.0.8 (HKLM-x32\...\TmUnited_is1) (Version:  - Nadeo)
Trials Evolution Gold Edition (HKLM-x32\...\Steam App 220160) (Version:  - RedLynx and Ubisoft Shanghai)
Trials Fusion (HKLM-x32\...\Uplay Install 297) (Version:  - Ubisoft)
Turbo Dismount (HKLM-x32\...\Steam App 263760) (Version:  - Secret Exit Ltd.)
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Vampires Deaf (HKLM-x32\...\{63261E19-1368-475A-8971-F9711262676B}_is1) (Version: Vampires Deaf - Brianum)
Vampires Deaf (HKLM-x32\...\{C4CC321A-A051-4EF7-B9EC-61A0887769D1}_is1) (Version: Vampires Deaf 2 - Brianum)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VideoPad Videobearbeitungs-Software (HKLM-x32\...\VideoPad) (Version:  - NCH Software)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VirtualDJ Home FREE (HKLM-x32\...\{A6AC699F-8315-40CA-8F70-E917494978AB}) (Version: 7.4 - Atomix Productions)
Visual Analyser (HKLM-x32\...\{29738AAE-CE2B-4E9E-BE52-3E4D14D3116F}) (Version: 8.30.21 - Sillanum Soft)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Walaber's Trampoline (HKLM-x32\...\{9617BEC2-A487-40E7-94FB-AC699F1B360B}) (Version: 1.1 - Walaber)
WavePad Audiobearbeitungs-Software (HKLM-x32\...\WavePad) (Version:  - NCH Software)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.01.3002 - Acer Incorporated)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.01 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Wolfenstein - Enemy Territory (HKLM-x32\...\Wolfenstein - Enemy Territory) (Version: 2.60b - ACTIVISION)
Worms Armageddon (HKLM-x32\...\Steam App 217200) (Version:  - )
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )
YGOPro DevPro Version 1.8.6 (HKLM-x32\...\{3CF2634F-3F38-4DD3-9201-CB2FE6B5FF23}_is1) (Version: 1.8.6 - YGOPro DevPro Online)
YouTube Song Downloader (HKLM-x32\...\{4281435C-AD1D-4C8A-B9C0-3961C11EF142}_is1) (Version: 10.2 - Abelssoft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3896820611-3695378639-3730271298-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3896820611-3695378639-3730271298-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3896820611-3695378639-3730271298-1001_Classes\CLSID\{DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611}\InprocServer32 -> C:\Program Files\Macrium\Reflect\RShellExt.dll (Paramount Software UK Ltd)
CustomCLSID: HKU\S-1-5-21-3896820611-3695378639-3730271298-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3896820611-3695378639-3730271298-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3896820611-3695378639-3730271298-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3896820611-3695378639-3730271298-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3896820611-3695378639-3730271298-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points  =========================

04-03-2015 00:00:01 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2014-05-04 07:44 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {043B0538-9967-490B-9E25-56D59C93E90D} - System32\Tasks\{DC158327-45C1-471E-B838-9711413DFFAA} => C:\Users\*****\Downloads\achtung-die-kurve\ZATACKA\ZATACKA.EXE
Task: {0973068E-B769-4815-A8B1-7C8C7E435F60} - System32\Tasks\{0445D3BE-D5D0-4EED-BE57-CE9BA1A68E92} => C:\Users\*****\Desktop\generally105\GeneRally.exe
Task: {0E85D301-AD42-4F71-AB70-2A8950F7E40B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {1C316CA0-D9DB-4A28-A6A4-1E7CC9076AD5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {1F7A2DD9-8BAC-4015-B4E9-F0D05758128C} - System32\Tasks\{B9BC6E84-3E4C-453C-A143-7A6B1A49E14E} => C:\Program Files (x86)\Frets on Fire\FretsOnFire.exe
Task: {35CDDFEE-CAA7-4742-9AC6-F535C2033F77} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe
Task: {36DDD6E0-10BB-4E30-B785-26A1C4EADA4C} - System32\Tasks\{1F933AC0-65A2-4537-A3C4-3469A5C87FC2} => pcalua.exe -a "C:\Users\*****\Downloads\rm2k_fp.exe" -d "C:\Users\*****\Downloads"
Task: {4235E7D9-5D0F-4A92-A56A-BD5AC596C3A6} - System32\Tasks\{B4477AC7-E5FE-4B6F-8169-BFA1CEE88241} => C:\Program Files (x86)\Moebius\moebius.exe
Task: {49124818-28C5-4010-B541-7C192573BB36} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {4F528264-1CEC-47C1-B828-0C33B1CFD2CC} - System32\Tasks\{55B51A6F-DA64-47EE-8C5D-96E8F1DA865B} => C:\Program Files (x86)\Microsoft Games\Motocross Madness 2\MCM2.EXE [2006-11-16] (Rainbow Multimedia Group, Inc)
Task: {5206A8B7-2A68-4141-A810-039D7E58EB5D} - System32\Tasks\{9911BC94-1F60-4CBC-A115-361134DBED46} => C:\Program Files (x86)\Microsoft Games\Motocross Madness 2\MCM2.EXE [2006-11-16] (Rainbow Multimedia Group, Inc)
Task: {5947A212-A369-4F02-8D87-705ED97D0BBA} - System32\Tasks\{D5932309-D764-4A00-87F4-951A698519F5} => pcalua.exe -a "C:\Users\*****\Desktop\RM2k\RM2K_105E.exe" -d "C:\Users\*****\Desktop\RM2k"
Task: {5B408A0E-1D16-453D-9414-381EA5AAF734} - System32\Tasks\{ACB41C13-2A8C-4173-871A-0A0F0C716744} => C:\Users\*****\Desktop\generally105\GeneRally.exe
Task: {63CB06A6-BC77-4E5A-A23B-271EC1061701} - System32\Tasks\{EA8AF799-CDFE-4EC4-ABC9-C9AA6DF54B01} => C:\Program Files (x86)\Microsoft Games\Motocross Madness 2\MCM2.EXE [2006-11-16] (Rainbow Multimedia Group, Inc)
Task: {6D560047-9F30-4F99-8667-899E849236BC} - System32\Tasks\{C74FE53C-63BB-4A72-ADD4-52A495EF8A23} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/abandoninstall?page=tsProgressBar
Task: {6F47EF89-2FA3-4BEE-A18C-5F609C4D48A3} - System32\Tasks\{2D958B9D-8092-404C-965D-8E2CDF3ECDA4} => C:\Program Files (x86)\Frets on Fire\FretsOnFire.exe
Task: {73AD8B1D-BAE3-4AE1-A2A8-7B06C7FC127F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3896820611-3695378639-3730271298-1001UA => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-11] (Google Inc.)
Task: {77E01A35-CA59-46EF-B914-98641531CF32} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {9432FEC4-3634-4C20-A0A4-EF8C661DF7DB} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {956BFC75-60E8-4184-9CD4-6869808F3595} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {9902D88E-A47A-41D5-A728-122196F2B87A} - System32\Tasks\{1229CBB2-2EF0-4CA9-8689-AEB79D92E940} => C:\Program Files (x86)\Frets on Fire\FretsOnFire.exe
Task: {A0861D30-55A6-49BF-B9C2-A162DC1FD8B1} - System32\Tasks\{43D7636D-E610-448C-BFB8-98611F72583F} => C:\Program Files (x86)\Frets on Fire\FretsOnFire.exe
Task: {A7EA5D55-659E-4B81-8F31-CDFF27F46410} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {C89D62DF-9125-4724-B461-52CCD4206BDA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C8B37C67-0C9A-4CF9-BAEB-78DBB9C5B2B8} - System32\Tasks\Opera scheduled Autoupdate 1408669623 => C:\Program Files (x86)\Opera\launcher.exe [2015-02-23] (Opera Software)
Task: {CA301857-F9B6-43EB-8F17-2C99D0556D88} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3896820611-3695378639-3730271298-1001Core => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-11] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3896820611-3695378639-3730271298-1001Core.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3896820611-3695378639-3730271298-1001UA.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2011-12-29 13:35 - 2011-05-28 13:05 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2011-12-25 15:38 - 2011-10-26 08:41 - 00126464 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2013-02-12 18:37 - 2013-02-12 18:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2012-01-20 12:25 - 2013-10-28 17:33 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-01-31 04:42 - 2013-01-31 04:42 - 00302200 _____ () C:\Program Files\Macrium\Reflect\ReflectService.exe
2010-03-08 16:18 - 2010-03-08 16:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2011-12-18 15:19 - 2009-05-20 14:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2011-09-26 22:23 - 2011-09-26 22:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-26 22:22 - 2011-09-26 22:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-12 18:38 - 2013-02-12 18:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2010-03-08 16:13 - 2010-03-08 16:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2015-02-20 06:05 - 2015-02-17 14:44 - 01117512 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-20 06:05 - 2015-02-17 14:44 - 00211272 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-20 06:05 - 2015-02-17 14:44 - 09171272 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\40.0.2214.115\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\ProgramData\Temp:E18B7D31

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\*****\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 64.59.144.91 - 64.59.150.137

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3896820611-3695378639-3730271298-500 - Administrator - Disabled)
Gast (S-1-5-21-3896820611-3695378639-3730271298-501 - Limited - Disabled)
***** (S-1-5-21-3896820611-3695378639-3730271298-1001 - Administrator - Enabled) => C:\Users\*****

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/04/2015 07:26:54 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.

Error: (03/04/2015 01:43:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6052

Error: (03/04/2015 01:43:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6052

Error: (03/04/2015 01:43:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/04/2015 01:43:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5054

Error: (03/04/2015 01:43:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5054

Error: (03/04/2015 01:43:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/04/2015 01:43:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4056

Error: (03/04/2015 01:43:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4056

Error: (03/04/2015 01:43:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (03/04/2015 07:46:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
sfsync02

Error: (03/04/2015 07:46:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PinnacleUpdate Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/04/2015 07:46:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (03/04/2015 07:46:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht.

Error: (03/04/2015 07:45:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (03/04/2015 07:45:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Apple Mobile Device erreicht.

Error: (03/04/2015 07:43:59 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber sfsync02.sys konnte nicht geladen werden.

Error: (03/04/2015 07:30:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
sfsync02

Error: (03/04/2015 07:30:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PinnacleUpdate Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/04/2015 07:29:10 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎04.‎03.‎2015 um 19:27:38 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-05-04 08:41:18.868
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-04 08:41:18.774
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-19 10:16:40.788
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-19 10:16:40.714
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-19 10:03:06.064
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-19 10:03:05.939
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-19 09:57:17.093
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-19 09:57:16.999
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz
Percentage of memory in use: 69%
Total physical RAM: 3956.5 MB
Available physical RAM: 1217.46 MB
Total Pagefile: 7911.18 MB
Available Pagefile: 4873.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Fäsdbladde) (Fixed) (Total:452.48 GB) (Free:32.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 00410040)
Partition 1: (Not Active) - (Size=13.2 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
GMER:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-04 21:12:24
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465.76GB
Running: ykg8h4f1.exe; Driver: C:\Users\TIMHOF~1\AppData\Local\Temp\axddipob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 448                                                                                            fffff800033f5000 45 bytes [00, 10, 00, 00, 00, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 495                                                                                            fffff800033f502f 23 bytes [00, 00, 10, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe[2468] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69   0000000075831465 2 bytes [83, 75]
.text     C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe[2468] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155  00000000758314bb 2 bytes [83, 75]
.text     ...                                                                                                                                                           * 2
.text     C:\Windows\SysWOW64\mmrtkrnl.exe[2664] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 322                                                                       0000000074da1a22 2 bytes [DA, 74]
.text     C:\Windows\SysWOW64\mmrtkrnl.exe[2664] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 496                                                                       0000000074da1ad0 2 bytes [DA, 74]
.text     C:\Windows\SysWOW64\mmrtkrnl.exe[2664] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 552                                                                       0000000074da1b08 2 bytes [DA, 74]
.text     C:\Windows\SysWOW64\mmrtkrnl.exe[2664] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 730                                                                       0000000074da1bba 2 bytes [DA, 74]
.text     C:\Windows\SysWOW64\mmrtkrnl.exe[2664] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 762                                                                       0000000074da1bda 2 bytes [DA, 74]
.text     C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[3460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                 0000000075831465 2 bytes [83, 75]
.text     C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[3460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                00000000758314bb 2 bytes [83, 75]
.text     ...                                                                                                                                                           * 2
.text     C:\Windows\SysWOW64\PnkBstrA.exe[3556] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                       0000000074da1a22 2 bytes [DA, 74]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[3556] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                       0000000074da1ad0 2 bytes [DA, 74]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[3556] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                       0000000074da1b08 2 bytes [DA, 74]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[3556] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                       0000000074da1bba 2 bytes [DA, 74]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[3556] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                       0000000074da1bda 2 bytes [DA, 74]
?         C:\Windows\system32\mssprxy.dll [4548] entry point in ".rdata" section                                                                                        000000006afd71e6
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69          0000000075831465 2 bytes [83, 75]
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155         00000000758314bb 2 bytes [83, 75]
.text     ...                                                                                                                                                           * 2
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  0000000075831465 2 bytes [83, 75]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                 00000000758314bb 2 bytes [83, 75]
.text     ...                                                                                                                                                           * 2

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                              
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                           0x00 0x00 0x00 0x00 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                           0
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                        0x8C 0xCF 0xEB 0xC6 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5996D1D2-A695-4DD0-ACEA-1EBC3DE4AE3C}@LeaseObtainedTime                                   1425528587
Reg       HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5996D1D2-A695-4DD0-ACEA-1EBC3DE4AE3C}@T1                                                  1425528714
Reg       HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5996D1D2-A695-4DD0-ACEA-1EBC3DE4AE3C}@T2                                                  1425528810
Reg       HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5996D1D2-A695-4DD0-ACEA-1EBC3DE4AE3C}@LeaseTerminatesTime                                 1425528842
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                          
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                               0x00 0x00 0x00 0x00 ...
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                               0
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                            0x8C 0xCF 0xEB 0xC6 ...

---- EOF - GMER 2.1 ----
         
Angehängte Dateien
Dateityp: log AVSCAN-20150302-230813-ABB82728.LOG (66,9 KB, 97x aufgerufen)

Alt 05.03.2015, 07:29   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Firewall meldet Adware/Spyware - Standard

Windows 7: Firewall meldet Adware/Spyware



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________

Alt 06.03.2015, 09:45   #3
Equimon
 
Windows 7: Firewall meldet Adware/Spyware - Standard

Windows 7: Firewall meldet Adware/Spyware



Vielen Dank für die schnelle Antwort.
Hat alles unproblematisch funktioniert. Nur Avira hat mal kurz gemeckert, obwohl es abgeschaltet war. Irgendetwas mit Registry-Einträgen, und dass sie blockiert werden. ComboFix hat aber nicht gemeckert.

Hier das ComboFix Logfile:
Code:
ATTFilter
ComboFix 15-03-01.01 - ***** 06.03.2015   0:01.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3956.2281 [GMT -8:00]
ausgeführt von:: c:\users\*****\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-02-06 bis 2015-03-06  ))))))))))))))))))))))))))))))
.
.
2015-03-06 08:20 . 2015-03-06 08:20	--------	d-----w-	c:\users\Public\AppData\Local\temp
2015-03-06 08:20 . 2015-03-06 08:20	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-03-05 13:33 . 2015-03-05 13:33	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{59ABA26E-5399-44A5-AA29-A9ECF6E5E9CA}\offreg.dll
2015-03-05 13:25 . 2015-01-29 09:07	11910896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{59ABA26E-5399-44A5-AA29-A9ECF6E5E9CA}\mpengine.dll
2015-03-05 03:47 . 2015-03-05 03:59	--------	d-----w-	C:\FRST
2015-02-28 00:15 . 2009-10-25 05:15	1332224	----a-w-	c:\windows\SysWow64\SYNSOEMU.DLL
2015-02-21 06:15 . 2015-02-21 06:15	--------	d-----w-	c:\users\*****\AppData\Local\Steam
2015-02-21 06:10 . 2015-02-21 06:11	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
2015-02-21 06:08 . 2015-02-21 06:08	0	----a-w-	c:\windows\SysWow64\sho70B7.tmp
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-05 03:29 . 2014-02-22 00:47	119296	----a-w-	c:\windows\SysWow64\zlib.dll
2015-03-03 06:20 . 2014-05-03 20:57	129752	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-17 00:20 . 2012-06-27 17:40	33856	---ha-w-	c:\windows\system32\hamachi.sys
2015-02-05 00:26 . 2012-03-31 12:21	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-05 00:26 . 2011-12-18 21:36	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-31 04:47 . 2014-11-24 08:07	113365784	----a-w-	c:\windows\system32\MRT.exe
2015-01-17 05:48 . 2015-01-17 05:48	0	----a-w-	c:\windows\SysWow64\sho73D8.tmp
2014-12-24 06:29 . 2014-12-24 06:29	29696	----a-w-	C:\vdc.exe
2014-12-23 08:41 . 2011-12-18 21:39	298120	------w-	c:\windows\system32\MpSigStub.exe
2014-12-23 06:59 . 2014-12-23 06:59	0	----a-w-	c:\windows\SysWow64\sho8F07.tmp
2014-12-19 03:06 . 2015-01-14 00:46	210432	----a-w-	c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 00:41	141312	----a-w-	c:\windows\system32\drivers\mrxdav.sys
2014-12-13 05:09 . 2014-12-23 07:48	144384	----a-w-	c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-23 07:48	115712	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-12-12 05:35 . 2015-01-14 00:57	5553592	----a-w-	c:\windows\system32\ntoskrnl.exe
2014-12-12 05:31 . 2015-01-14 00:57	503808	----a-w-	c:\windows\system32\srcore.dll
2014-12-12 05:31 . 2015-01-14 00:57	50176	----a-w-	c:\windows\system32\srclient.dll
2014-12-12 05:31 . 2015-01-14 00:57	296960	----a-w-	c:\windows\system32\rstrui.exe
2014-12-12 05:11 . 2015-01-14 00:57	3971512	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2014-12-12 05:11 . 2015-01-14 00:57	3916728	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2014-12-12 05:07 . 2015-01-14 00:57	43008	----a-w-	c:\windows\SysWow64\srclient.dll
2014-12-11 17:47 . 2015-01-14 00:42	52736	----a-w-	c:\windows\system32\TSWbPrxy.exe
2014-12-09 10:57 . 2014-12-09 10:57	194048	----a-w-	c:\windows\SysWow64\elshyph.dll
2014-12-09 10:57 . 2014-12-09 10:57	71680	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-12-09 10:57 . 2014-12-09 10:57	645120	----a-w-	c:\windows\SysWow64\jsIntl.dll
2014-12-09 10:57 . 2014-12-09 10:57	235008	----a-w-	c:\windows\system32\elshyph.dll
2014-12-09 10:57 . 2014-12-09 10:57	182272	----a-w-	c:\windows\SysWow64\msls31.dll
2014-12-09 10:57 . 2014-12-09 10:57	62464	----a-w-	c:\windows\SysWow64\tdc.ocx
2014-12-09 10:57 . 2014-12-09 10:57	337408	----a-w-	c:\windows\SysWow64\html.iec
2014-12-09 10:57 . 2014-12-09 10:57	24576	----a-w-	c:\windows\SysWow64\licmgr10.dll
2014-12-09 10:57 . 2014-12-09 10:57	74240	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2014-12-09 10:57 . 2014-12-09 10:57	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2014-12-09 10:57 . 2014-12-09 10:57	36352	----a-w-	c:\windows\SysWow64\imgutil.dll
2014-12-09 10:57 . 2014-12-09 10:57	151552	----a-w-	c:\windows\SysWow64\iexpress.exe
2014-12-09 10:57 . 2014-12-09 10:57	139264	----a-w-	c:\windows\SysWow64\wextract.exe
2014-12-09 10:57 . 2014-12-09 10:57	13312	----a-w-	c:\windows\SysWow64\mshta.exe
2014-12-09 10:57 . 2014-12-09 10:57	111616	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2014-12-09 10:57 . 2014-12-09 10:57	942592	----a-w-	c:\windows\system32\jsIntl.dll
2014-12-09 10:57 . 2014-12-09 10:57	90112	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2014-12-09 10:57 . 2014-12-09 10:57	86016	----a-w-	c:\windows\SysWow64\iesysprep.dll
2014-12-09 10:57 . 2014-12-09 10:57	86016	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2014-12-09 10:57 . 2014-12-09 10:57	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2014-12-09 10:57 . 2014-12-09 10:57	247808	----a-w-	c:\windows\system32\msls31.dll
2014-12-09 10:57 . 2014-12-09 10:57	13312	----a-w-	c:\windows\system32\msfeedssync.exe
2014-12-09 10:57 . 2014-12-09 10:57	131072	----a-w-	c:\windows\system32\IEAdvpack.dll
2014-12-09 10:57 . 2014-12-09 10:57	81408	----a-w-	c:\windows\system32\icardie.dll
2014-12-09 10:57 . 2014-12-09 10:57	77312	----a-w-	c:\windows\system32\tdc.ocx
2014-12-09 10:57 . 2014-12-09 10:57	616104	----a-w-	c:\windows\system32\ieapfltr.dat
2014-12-09 10:57 . 2014-12-09 10:57	48640	----a-w-	c:\windows\system32\mshtmler.dll
2014-12-09 10:57 . 2014-12-09 10:57	413696	----a-w-	c:\windows\system32\html.iec
2014-12-09 10:57 . 2014-12-09 10:57	235520	----a-w-	c:\windows\system32\url.dll
2014-12-09 10:57 . 2014-12-09 10:57	105984	----a-w-	c:\windows\system32\iesysprep.dll
2014-12-09 10:57 . 2014-12-09 10:57	774144	----a-w-	c:\windows\system32\jscript.dll
2014-12-09 10:57 . 2014-12-09 10:57	62464	----a-w-	c:\windows\system32\pngfilt.dll
2014-12-09 10:57 . 2014-12-09 10:57	48128	----a-w-	c:\windows\system32\imgutil.dll
2014-12-09 10:57 . 2014-12-09 10:57	30208	----a-w-	c:\windows\system32\licmgr10.dll
2014-12-09 10:57 . 2014-12-09 10:57	243200	----a-w-	c:\windows\system32\webcheck.dll
2014-12-09 10:57 . 2014-12-09 10:57	167424	----a-w-	c:\windows\system32\iexpress.exe
2014-12-09 10:57 . 2014-12-09 10:57	147968	----a-w-	c:\windows\system32\occache.dll
2014-12-09 10:57 . 2014-12-09 10:57	143872	----a-w-	c:\windows\system32\wextract.exe
2014-12-09 10:57 . 2014-12-09 10:57	13824	----a-w-	c:\windows\system32\mshta.exe
2014-12-09 10:57 . 2014-12-09 10:57	135680	----a-w-	c:\windows\system32\iepeers.dll
2014-12-09 10:57 . 2014-12-09 10:57	101376	----a-w-	c:\windows\system32\inseng.dll
2014-12-09 10:53 . 2014-12-09 10:53	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-12-09 10:53 . 2014-12-09 10:53	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-12-09 10:53 . 2014-12-09 10:53	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-12-09 10:53 . 2014-12-09 10:53	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-12-09 10:53 . 2014-12-09 10:53	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-12-09 10:53 . 2014-12-09 10:53	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-12-09 10:53 . 2014-12-09 10:53	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-12-09 10:53 . 2014-12-09 10:53	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-12-09 10:53 . 2014-12-09 10:53	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-12-09 10:53 . 2014-12-09 10:53	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-12-09 10:53 . 2014-12-09 10:53	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-12-09 10:53 . 2014-12-09 10:53	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-12-09 10:53 . 2014-12-09 10:53	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-12-09 10:53 . 2014-12-09 10:53	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-12-09 10:53 . 2014-12-09 10:53	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-12-09 10:53 . 2014-12-09 10:53	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-12-09 10:53 . 2014-12-09 10:53	1158144	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2014-12-09 10:53 . 2014-12-09 10:53	10752	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-12-09 10:53 . 2014-12-09 10:53	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-12-09 10:53 . 2014-12-09 10:53	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2014-12-09 10:53 . 2014-12-09 10:53	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2014-12-09 10:53 . 2014-12-09 10:53	363008	----a-w-	c:\windows\system32\dxgi.dll
2014-12-09 10:53 . 2014-12-09 10:53	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2014-12-09 10:53 . 2014-12-09 10:53	220160	----a-w-	c:\windows\SysWow64\d3d10core.dll
2014-12-09 10:53 . 2014-12-09 10:53	207872	----a-w-	c:\windows\SysWow64\WindowsCodecsExt.dll
2014-12-09 10:53 . 2014-12-09 10:53	1682432	----a-w-	c:\windows\system32\XpsPrint.dll
2014-12-09 10:53 . 2014-12-09 10:53	1643520	----a-w-	c:\windows\system32\DWrite.dll
2014-12-09 10:53 . 2014-12-09 10:53	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2014-12-09 10:53 . 2014-12-09 10:53	1247744	----a-w-	c:\windows\SysWow64\DWrite.dll
2014-12-09 10:53 . 2014-12-09 10:53	1175552	----a-w-	c:\windows\system32\FntCache.dll
2014-12-09 10:53 . 2014-12-09 10:53	1080832	----a-w-	c:\windows\SysWow64\d3d10.dll
2014-12-09 10:53 . 2014-12-09 10:53	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2014-12-09 10:53 . 2014-12-09 10:53	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2014-12-09 10:53 . 2014-12-09 10:53	333312	----a-w-	c:\windows\system32\d3d10_1core.dll
2014-12-09 10:53 . 2014-12-09 10:53	296960	----a-w-	c:\windows\system32\d3d10core.dll
2014-12-09 10:53 . 2014-12-09 10:53	293376	----a-w-	c:\windows\SysWow64\dxgi.dll
2014-12-09 10:53 . 2014-12-09 10:53	245248	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:03	120176	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-06 39408]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2015-02-18 2874048]
"Spotify Web Helper"="c:\users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-08-22 1245752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-02-01 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2009-12-25 201512]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2009-12-25 401192]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-04-08 908368]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Realtime Audio Engine"="mmrtkrnl.exe" [2011-02-25 46592]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-16 702768]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]
"RazerCortex"="c:\program files (x86)\Razer\Razer Cortex\RazerCortex.exe" [2014-08-28 60640]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2015-02-18 3978600]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO 5.2 HD Edition.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe -e "c:\program files (x86)\Panasonic\PHOTOfunSTUDIO 5.2 HD\PHOTOfunSTUDIO.exe" [2012-4-16 172544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ALSysIO;ALSysIO;c:\users\TIMHOF~1\AppData\Local\Temp\ALSysIO64.sys;c:\users\TIMHOF~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys;c:\windows\SYSNATIVE\drivers\sfdrv01a.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe;c:\program files\Macrium\Reflect\ReflectService.exe [x]
S2 RzKLService;RzKLService;c:\program files (x86)\Razer\Razer Cortex\RzKLService.exe;c:\program files (x86)\Razer\Razer Cortex\RzKLService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - axddipob
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 00:26]
.
2015-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-18 08:35]
.
2015-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-18 08:35]
.
2015-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3896820611-3695378639-3730271298-1001Core.job
- c:\users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-11 22:22]
.
2015-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3896820611-3695378639-3730271298-1001UA.job
- c:\users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-11 22:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:06	137584	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-02-01 349552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-11 9643552]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-04-23 861216]
"vdc"="c:\vdc.exe" [2014-12-24 29696]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
FF - ProfilePath - c:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\
FF - ExtSQL: !HIDDEN! 2012-01-07 14:49; mail@gutscheinrausch.de; c:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\extensions\mail@gutscheinrausch.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AudialsNotifier - c:\program files (x86)\Audials\Audials 11\AudialsNotifier.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-ExpressBurn - c:\program files (x86)\NCH Software\ExpressBurn\expressburn.exe
AddRemove-Fraps - c:\programme(x86)\Fraps\uninstall.exe
AddRemove-MixPad - c:\program files (x86)\NCH Software\MixPad\uninst.exe
AddRemove-PhotoStage - c:\program files (x86)\NCH Software\PhotoStage\photostage.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-VideoPad - c:\program files (x86)\NCH Software\VideoPad\uninst.exe
AddRemove-WavePad - c:\program files (x86)\NCH Software\WavePad\wavepad.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3896820611-3695378639-3730271298-1001\Software\SecuROM\License information*]
"datasecu"=hex:5b,52,22,57,44,40,eb,ba,b3,27,01,d1,fa,11,fd,9d,b9,63,76,1a,8f,
   21,f9,c0,9f,09,77,c9,b8,85,ee,c6,20,5c,c9,46,97,5d,b6,07,62,64,de,37,79,b2,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"v5Licence0"="15-1TFT-TU52-HYX3-TAEG-TFSK-WZHBYB9"
"Activated"="Y"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-03-06  00:37:36
ComboFix-quarantined-files.txt  2015-03-06 08:37
.
Vor Suchlauf: 21 Verzeichnis(se), 59.298.062.336 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 60.122.533.888 Bytes frei
.
- - End Of File - - 0D90B231BD51BC3172ED9ABAA032AF8E
         
__________________

Alt 06.03.2015, 16:21   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Firewall meldet Adware/Spyware - Standard

Windows 7: Firewall meldet Adware/Spyware



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.03.2015, 07:41   #5
Equimon
 
Windows 7: Firewall meldet Adware/Spyware - Standard

Windows 7: Firewall meldet Adware/Spyware



Hey, sorry, hat etwas länger gedauert, war ziemlich beschäftigt...
Hat aber alles sauber funktioniert.

Okay, los geht's:

MBAM:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 07.03.2015
Suchlauf-Zeit: 03:43:36
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.03.07.02
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: *****

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 387528
Verstrichene Zeit: 1 Std, 18 Min, 22 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
AdwCleaner:
Code:
ATTFilter
# AdwCleaner v4.111 - Bericht erstellt 07/03/2015 um 22:10:42
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-02-18.3 [Lokal]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : ***** - HOFFI
# Gestarted von : C:\Users\*****\Downloads\AdwCleaner_4.111.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : YahooAUService

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Yahoo! Companion
Ordner Gelöscht : C:\Users\*****\AppData\Local\CrashRpt
Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
Datei Gelöscht : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage

***** [ Geplante Tasks ] *****

Task Gelöscht : Go for FilesUpdate

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v28.0 (de)


-\\ Google Chrome v

[C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}

-\\ Opera v27.0.1689.76

[C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}

*************************

AdwCleaner[R0].txt - [5115 Bytes] - [12/08/2014 06:39:28]
AdwCleaner[R1].txt - [2234 Bytes] - [07/03/2015 22:07:57]
AdwCleaner[S0].txt - [4546 Bytes] - [12/08/2014 06:41:17]
AdwCleaner[S1].txt - [2258 Bytes] - [07/03/2015 22:10:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2317  Bytes] ##########
         
JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Home Premium x64
Ran by ***** on 07.03.2015 at 22:20:20.43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\584u8j0f.default\extensions\toolbar@web.de
Emptied folder: C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\584u8j0f.default\minidumps [11 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.03.2015 at 22:25:55.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Und hier die FRST Logs...

FRST:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2015 01
Ran by ***** (administrator) on HOFFI on 07-03-2015 22:30:06
Running from C:\Users\*****\Desktop\Virenscheiß
Loaded Profiles: ***** (Available profiles: *****)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files\Macrium\Reflect\ReflectService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(vdc) C:\vdc.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Spotify Ltd) C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(AlcaTech) C:\Windows\SysWOW64\mmrtkrnl.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\main.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-22] (Alcor Micro Corp.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9643552 2009-12-10] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-04-23] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2773232 2013-10-17] (Synaptics Incorporated)
HKLM\...\Run: [vdc] => c:\vdc.exe [29696 2014-12-23] (vdc)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-08] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-02-01] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-24] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-24] (Egis Technology Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [Realtime Audio Engine] => "mmrtkrnl.exe" /i
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-03-26] (Apple Inc.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [85160 2009-06-17] (Elaborate Bytes AG)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-01-29] (DivX, LLC)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe [60640 2014-08-27] (Razer Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-02-17] (LogMeIn Inc.)
HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-05-06] (Google Inc.)
HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2874048 2015-02-18] (Valve Corporation)
HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\...\Run: [Spotify Web Helper] => C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-22] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.2 HD Edition.lnk
ShortcutTarget: PHOTOfunSTUDIO 5.2 HD Edition.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3896820611-3695378639-3730271298-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE462
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-02-28] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-02-28] (Oracle Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-02-06] (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-02-28] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-02-28] (Oracle Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2009-03-13] (Yahoo! Inc)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-3896820611-3695378639-3730271298-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 64.59.144.91 64.59.150.137

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\system32\npDeployJava1.dll [2013-02-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-02-28] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2013-02-06] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @gametap.com/npdd,version=1.0 -> C:\Program Files (x86)\Downloader\npdd.dll [2012-07-20] (Metaboli)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-02-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-02-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3896820611-3695378639-3730271298-1001: @tools.google.com/Google Update;version=3 -> C:\Users\*****\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-3896820611-3695378639-3730271298-1001: @tools.google.com/Google Update;version=9 -> C:\Users\*****\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-3896820611-3695378639-3730271298-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\*****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-09-15] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3896820611-3695378639-3730271298-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-09-11] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011-12-09] (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\searchplugins\englische-ergebnisse.xml [2014-04-28]
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\searchplugins\gmx-suche.xml [2014-04-28]
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\searchplugins\lastminute.xml [2014-04-28]
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\searchplugins\webde-suche.xml [2014-04-28]
FF Extension: ProxTube - Unblock YouTube - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\Extensions\ich@maltegoetz.de [2014-02-15]
FF Extension: Gutscheinrausch.de - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\Extensions\mail@gutscheinrausch.de [2012-01-07]
FF Extension: FireShot - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2015-02-25]
FF Extension: DownloadHelper - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-04]
FF Extension: Firefox Old Version Update Hotfix - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-11-04]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-11]
FF Extension: Fox!Box - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\Extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi [2012-01-07]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-03-31]
FF HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\...\Firefox\Extensions: [mail@gutscheinrausch.de] - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\extensions\mail@gutscheinrausch.de
FF Extension: No Name - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\extensions\toolbar@web.de [Not Found]

Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2013-01-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (Adblock Plus) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-07]
CHR Extension: (Tampermonkey) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2013-12-24]
CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-06]
StartMenuInternet: Google Chrome.TS3QRDK64WXWRX6QCAFSWOMIDU - C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-02-16] (LogMeIn, Inc.)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-08] (NewTech Infosystems, Inc.) [File not signed]
S2 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [438272 2014-01-12] (PowerUp Software, LLC) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-10-28] ()
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [302200 2013-01-31] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [105448 2014-08-27] (Razer Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R0 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [75384 2009-02-03] (Protection Technology (StarForce))
R0 sfdrv01a; C:\Windows\System32\drivers\sfdrv01a.sys [77432 2009-02-03] (Protection Technology (StarForce))
S0 sfsync02; C:\Windows\System32\drivers\sfsync02.sys [22936 2006-07-10] (Protection Technology)
R0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [107384 2007-02-08] (Protection Technology (StarForce))
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-04-22] (Duplex Secure Ltd.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 ALSysIO; \??\C:\Users\TIMHOF~1\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 22:06 - 2015-03-07 22:07 - 02126848 _____ () C:\Users\*****\Downloads\AdwCleaner_4.111.exe
2015-03-07 03:34 - 2015-03-07 03:37 - 01388333 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2015-03-05 23:58 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-05 23:58 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-05 23:58 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-05 23:58 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-05 23:58 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-05 23:58 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-05 23:58 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-05 23:58 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-05 23:57 - 2015-03-06 00:38 - 00000000 ____D () C:\Qoobox
2015-03-05 23:49 - 2015-03-05 23:50 - 05612482 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2015-03-04 22:36 - 2015-03-04 22:36 - 00000000 _____ () C:\Users\*****\Desktop\Neues Textdokument (2).txt
2015-03-04 19:47 - 2015-03-07 22:30 - 00000000 ____D () C:\FRST
2015-03-04 19:42 - 2015-03-04 19:42 - 00000020 _____ () C:\Users\*****\defogger_reenable
2015-03-04 19:35 - 2015-03-07 22:30 - 00000000 ____D () C:\Users\*****\Desktop\Virenscheiß
2015-02-27 16:15 - 2015-02-27 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reFX
2015-02-27 16:15 - 2009-10-24 21:15 - 01332224 _____ (AD © 2009) C:\Windows\SysWOW64\SYNSOEMU.DLL
2015-02-27 06:19 - 2015-02-27 06:19 - 00000000 ____D () C:\Users\*****\Downloads\Nexus 2
2015-02-27 04:14 - 2015-02-27 04:29 - 360514983 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_153_[720p].rar
2015-02-27 04:14 - 2015-02-27 04:27 - 275835122 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_155_[720p].rar
2015-02-27 04:14 - 2015-02-27 04:26 - 290618305 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_152_[720p].rar
2015-02-27 04:14 - 2015-02-27 04:26 - 267951547 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_154_[720p].rar
2015-02-27 04:14 - 2015-02-27 04:26 - 266599149 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_151_[720p].rar
2015-02-27 03:52 - 2015-02-27 04:07 - 338345055 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_150_[720p].rar
2015-02-27 03:52 - 2015-02-27 04:06 - 345239455 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_149_[720p].rar
2015-02-27 03:52 - 2015-02-27 04:06 - 334670845 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_148_[720p].rar
2015-02-27 03:52 - 2015-02-27 04:06 - 314396727 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_147_[720p].rar
2015-02-27 03:52 - 2015-02-27 04:05 - 311973771 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_146_[720p].rar
2015-02-27 02:19 - 2015-02-27 03:06 - 3405035783 _____ () C:\Users\*****\Downloads\Nexus 2.rar
2015-02-25 01:43 - 2015-02-25 01:51 - 280644064 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_145_[720p].rar
2015-02-25 01:13 - 2015-02-25 01:31 - 327233270 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_144_[720p].rar
2015-02-25 01:13 - 2015-02-25 01:30 - 346924549 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_142_[720p].rar
2015-02-25 01:13 - 2015-02-25 01:30 - 300449228 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_143_[720p].rar
2015-02-25 01:13 - 2015-02-25 01:29 - 295086449 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_141_[720p].rar
2015-02-25 00:41 - 2015-02-25 01:07 - 333548700 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_137_HD.rar
2015-02-25 00:41 - 2015-02-25 01:03 - 335537818 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_138_[720p].rar
2015-02-25 00:41 - 2015-02-25 01:00 - 290496577 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_139_[720p].rar
2015-02-25 00:41 - 2015-02-25 01:00 - 287249494 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_140_[720p].rar
2015-02-25 00:06 - 2015-02-25 00:38 - 321143917 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_135_HD.rar
2015-02-25 00:06 - 2015-02-25 00:38 - 316575541 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_136_HD.rar
2015-02-25 00:06 - 2015-02-25 00:34 - 325195909 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_134_HD.rar
2015-02-25 00:05 - 2015-02-25 00:35 - 325361193 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_132_HD.rar
2015-02-24 22:48 - 2015-02-24 23:17 - 343571497 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_131_HD.rar
2015-02-24 22:47 - 2015-02-24 23:14 - 340215569 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_133_HD.rar
2015-02-24 22:47 - 2015-02-24 23:13 - 350739489 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_130_HD.rar
2015-02-24 22:47 - 2015-02-24 23:11 - 331224184 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_127_HD.rar
2015-02-24 22:47 - 2015-02-24 23:11 - 311996544 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_129_HD.rar
2015-02-24 22:47 - 2015-02-24 23:10 - 306867635 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_128_HD.rar
2015-02-24 21:27 - 2015-02-24 21:42 - 311307134 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_126_HD.rar
2015-02-24 21:27 - 2015-02-24 21:41 - 307125876 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_124_HD.rar
2015-02-24 21:27 - 2015-02-24 21:40 - 332383718 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_125_HD.rar
2015-02-24 12:27 - 2015-02-24 12:46 - 415497001 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_122_[720p].rar
2015-02-24 12:27 - 2015-02-24 12:46 - 410081563 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_118_[720p].rar
2015-02-24 12:27 - 2015-02-24 12:45 - 436034769 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_119_[720p].rar
2015-02-24 12:27 - 2015-02-24 12:43 - 322098367 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_121_[720p].rar
2015-02-24 12:27 - 2015-02-24 12:43 - 310951190 _____ () C:\Users\*****\Downloads\[FNFs]Fairy_Tail_123_HD.rar
2015-02-24 12:27 - 2015-02-24 12:42 - 355070536 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_120_[720p].rar
2015-02-24 12:09 - 2015-02-24 12:20 - 400366103 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_117_[720p].rar
2015-02-24 11:57 - 2015-02-24 12:08 - 363826607 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_116_[720p].rar
2015-02-20 22:15 - 2015-02-20 22:15 - 00000000 ____D () C:\Users\*****\AppData\Local\Steam
2015-02-20 22:11 - 2015-02-20 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-02-20 22:10 - 2015-02-20 22:11 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-02-20 22:08 - 2015-02-20 22:08 - 00000000 _____ () C:\Windows\SysWOW64\sho70B7.tmp
2015-02-05 04:05 - 2015-02-05 04:05 - 00000000 ____D () C:\Users\*****\Downloads\sk073Audiotorture-SonicDecapitation

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 22:26 - 2013-01-16 14:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-07 22:23 - 2009-07-13 20:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-07 22:23 - 2009-07-13 20:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-07 22:22 - 2014-05-08 10:46 - 01527232 _____ () C:\Windows\WindowsUpdate.log
2015-03-07 22:18 - 2014-05-08 19:27 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-03-07 22:15 - 2014-08-12 06:39 - 00000000 ____D () C:\AdwCleaner
2015-03-07 22:14 - 2014-09-10 12:16 - 00000000 ____D () C:\Users\*****\AppData\Local\LogMeIn Hamachi
2015-03-07 22:13 - 2014-02-21 16:47 - 00119296 _____ () C:\Windows\SysWOW64\zlib.dll
2015-03-07 22:13 - 2012-04-29 05:32 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-07 22:13 - 2011-12-18 13:25 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-07 22:12 - 2014-05-19 13:15 - 00029674 _____ () C:\Windows\PFRO.log
2015-03-07 22:12 - 2014-05-08 10:51 - 00020384 _____ () C:\Windows\setupact.log
2015-03-07 22:12 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-07 22:02 - 2012-09-11 14:22 - 00001156 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3896820611-3695378639-3730271298-1001UA.job
2015-03-07 22:02 - 2012-09-11 14:22 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3896820611-3695378639-3730271298-1001Core.job
2015-03-07 22:02 - 2011-12-18 13:25 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-07 03:43 - 2014-05-03 12:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-06 00:21 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-05 23:56 - 2014-05-04 07:23 - 00000000 ____D () C:\Windows\erdnt
2015-03-04 19:42 - 2011-12-18 10:43 - 00000000 ____D () C:\Users\*****
2015-03-04 19:36 - 2014-07-21 10:51 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-03-04 19:28 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Branding
2015-03-02 22:20 - 2014-05-03 12:57 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-02 22:20 - 2014-05-03 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-02 22:20 - 2014-05-03 12:57 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-02 22:14 - 2013-09-25 06:16 - 00000000 ____D () C:\Users\*****\AppData\Local\Deployment
2015-03-02 22:14 - 2013-09-25 06:16 - 00000000 ____D () C:\Users\*****\AppData\Local\Apps\2.0
2015-02-27 16:16 - 2012-10-14 08:03 - 00000000 ____D () C:\Program Files (x86)\VstPlugins
2015-02-27 02:11 - 2014-04-14 09:09 - 00000000 ____D () C:\Users\*****\AppData\Roaming\.minecraft
2015-02-25 02:13 - 2014-12-25 07:10 - 00000000 ____D () C:\Users\*****\Downloads\Fairy Tail
2015-02-24 11:54 - 2014-08-21 17:07 - 00003846 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1408669623
2015-02-24 03:17 - 2011-12-18 13:39 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-23 23:06 - 2012-05-25 17:50 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Winamp
2015-02-23 08:04 - 2011-12-22 13:12 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2015-02-16 16:20 - 2012-06-27 09:40 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys

==================== Files in the root of some directories =======

2006-12-11 09:13 - 2006-12-11 09:13 - 0097336 _____ (Un4seen Developments) C:\Users\*****\AppData\Local\bass.dll
2006-12-11 09:13 - 2006-12-11 09:13 - 0013872 _____ (Un4seen Developments) C:\Users\*****\AppData\Local\basscd.dll
2007-08-13 07:46 - 2007-08-13 07:46 - 0102912 _____ (Albert L Faber) C:\Users\*****\AppData\Local\CDRip.dll
2012-06-10 11:22 - 2012-06-10 11:28 - 0005120 _____ () C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2007-01-18 11:09 - 2007-01-18 11:09 - 0623616 _____ (Ivan Bischof ©2003 - 2005) C:\Users\*****\AppData\Local\No23 Recorder.exe
2013-08-28 13:18 - 2014-04-18 02:16 - 0001484 _____ () C:\Users\*****\AppData\Local\RecConfig.xml
2014-08-07 17:01 - 2014-08-07 17:01 - 0001495 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-04-14 12:47 - 2014-04-14 12:47 - 0007605 _____ () C:\Users\*****\AppData\Local\Resmon.ResmonCfg
2010-05-06 15:57 - 2010-01-27 06:40 - 0131472 _____ () C:\ProgramData\FullRemove.exe

Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\avgnt.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-05 01:28

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2015 01
Ran by ***** (administrator) on HOFFI on 07-03-2015 22:30:06
Running from C:\Users\*****\Desktop\Virenscheiß
Loaded Profiles: ***** (Available profiles: *****)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files\Macrium\Reflect\ReflectService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(vdc) C:\vdc.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Spotify Ltd) C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(AlcaTech) C:\Windows\SysWOW64\mmrtkrnl.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\main.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-22] (Alcor Micro Corp.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9643552 2009-12-10] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-04-23] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2773232 2013-10-17] (Synaptics Incorporated)
HKLM\...\Run: [vdc] => c:\vdc.exe [29696 2014-12-23] (vdc)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-08] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-02-01] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-24] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-24] (Egis Technology Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [Realtime Audio Engine] => "mmrtkrnl.exe" /i
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-03-26] (Apple Inc.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [85160 2009-06-17] (Elaborate Bytes AG)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-01-29] (DivX, LLC)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe [60640 2014-08-27] (Razer Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-02-17] (LogMeIn Inc.)
HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-05-06] (Google Inc.)
HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2874048 2015-02-18] (Valve Corporation)
HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\...\Run: [Spotify Web Helper] => C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-22] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.2 HD Edition.lnk
ShortcutTarget: PHOTOfunSTUDIO 5.2 HD Edition.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3896820611-3695378639-3730271298-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE462
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-02-28] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-02-28] (Oracle Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-02-06] (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-02-28] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-02-28] (Oracle Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2009-03-13] (Yahoo! Inc)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-3896820611-3695378639-3730271298-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 64.59.144.91 64.59.150.137

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\system32\npDeployJava1.dll [2013-02-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-02-28] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2013-02-06] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @gametap.com/npdd,version=1.0 -> C:\Program Files (x86)\Downloader\npdd.dll [2012-07-20] (Metaboli)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-02-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-02-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3896820611-3695378639-3730271298-1001: @tools.google.com/Google Update;version=3 -> C:\Users\*****\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-3896820611-3695378639-3730271298-1001: @tools.google.com/Google Update;version=9 -> C:\Users\*****\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-3896820611-3695378639-3730271298-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\*****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-09-15] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3896820611-3695378639-3730271298-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-09-11] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011-12-09] (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\searchplugins\englische-ergebnisse.xml [2014-04-28]
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\searchplugins\gmx-suche.xml [2014-04-28]
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\searchplugins\lastminute.xml [2014-04-28]
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\searchplugins\webde-suche.xml [2014-04-28]
FF Extension: ProxTube - Unblock YouTube - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\Extensions\ich@maltegoetz.de [2014-02-15]
FF Extension: Gutscheinrausch.de - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\Extensions\mail@gutscheinrausch.de [2012-01-07]
FF Extension: FireShot - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2015-02-25]
FF Extension: DownloadHelper - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-04]
FF Extension: Firefox Old Version Update Hotfix - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-11-04]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-11]
FF Extension: Fox!Box - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\Extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi [2012-01-07]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-03-31]
FF HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\...\Firefox\Extensions: [mail@gutscheinrausch.de] - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\extensions\mail@gutscheinrausch.de
FF Extension: No Name - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\extensions\toolbar@web.de [Not Found]

Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2013-01-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (Adblock Plus) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-07]
CHR Extension: (Tampermonkey) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2013-12-24]
CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-06]
StartMenuInternet: Google Chrome.TS3QRDK64WXWRX6QCAFSWOMIDU - C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-02-16] (LogMeIn, Inc.)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-08] (NewTech Infosystems, Inc.) [File not signed]
S2 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [438272 2014-01-12] (PowerUp Software, LLC) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-10-28] ()
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [302200 2013-01-31] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [105448 2014-08-27] (Razer Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R0 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [75384 2009-02-03] (Protection Technology (StarForce))
R0 sfdrv01a; C:\Windows\System32\drivers\sfdrv01a.sys [77432 2009-02-03] (Protection Technology (StarForce))
S0 sfsync02; C:\Windows\System32\drivers\sfsync02.sys [22936 2006-07-10] (Protection Technology)
R0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [107384 2007-02-08] (Protection Technology (StarForce))
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-04-22] (Duplex Secure Ltd.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 ALSysIO; \??\C:\Users\TIMHOF~1\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 22:06 - 2015-03-07 22:07 - 02126848 _____ () C:\Users\*****\Downloads\AdwCleaner_4.111.exe
2015-03-07 03:34 - 2015-03-07 03:37 - 01388333 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2015-03-05 23:58 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-05 23:58 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-05 23:58 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-05 23:58 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-05 23:58 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-05 23:58 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-05 23:58 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-05 23:58 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-05 23:57 - 2015-03-06 00:38 - 00000000 ____D () C:\Qoobox
2015-03-05 23:49 - 2015-03-05 23:50 - 05612482 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2015-03-04 22:36 - 2015-03-04 22:36 - 00000000 _____ () C:\Users\*****\Desktop\Neues Textdokument (2).txt
2015-03-04 19:47 - 2015-03-07 22:30 - 00000000 ____D () C:\FRST
2015-03-04 19:42 - 2015-03-04 19:42 - 00000020 _____ () C:\Users\*****\defogger_reenable
2015-03-04 19:35 - 2015-03-07 22:30 - 00000000 ____D () C:\Users\*****\Desktop\Virenscheiß
2015-02-27 16:15 - 2015-02-27 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reFX
2015-02-27 16:15 - 2009-10-24 21:15 - 01332224 _____ (AD © 2009) C:\Windows\SysWOW64\SYNSOEMU.DLL
2015-02-27 06:19 - 2015-02-27 06:19 - 00000000 ____D () C:\Users\*****\Downloads\Nexus 2
2015-02-27 04:14 - 2015-02-27 04:29 - 360514983 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_153_[720p].rar
2015-02-27 04:14 - 2015-02-27 04:27 - 275835122 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_155_[720p].rar
2015-02-27 04:14 - 2015-02-27 04:26 - 290618305 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_152_[720p].rar
2015-02-27 04:14 - 2015-02-27 04:26 - 267951547 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_154_[720p].rar
2015-02-27 04:14 - 2015-02-27 04:26 - 266599149 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_151_[720p].rar
2015-02-27 03:52 - 2015-02-27 04:07 - 338345055 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_150_[720p].rar
2015-02-27 03:52 - 2015-02-27 04:06 - 345239455 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_149_[720p].rar
2015-02-27 03:52 - 2015-02-27 04:06 - 334670845 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_148_[720p].rar
2015-02-27 03:52 - 2015-02-27 04:06 - 314396727 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_147_[720p].rar
2015-02-27 03:52 - 2015-02-27 04:05 - 311973771 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_146_[720p].rar
2015-02-27 02:19 - 2015-02-27 03:06 - 3405035783 _____ () C:\Users\*****\Downloads\Nexus 2.rar
2015-02-25 01:43 - 2015-02-25 01:51 - 280644064 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_145_[720p].rar
2015-02-25 01:13 - 2015-02-25 01:31 - 327233270 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_144_[720p].rar
2015-02-25 01:13 - 2015-02-25 01:30 - 346924549 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_142_[720p].rar
2015-02-25 01:13 - 2015-02-25 01:30 - 300449228 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_143_[720p].rar
2015-02-25 01:13 - 2015-02-25 01:29 - 295086449 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_141_[720p].rar
2015-02-25 00:41 - 2015-02-25 01:07 - 333548700 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_137_HD.rar
2015-02-25 00:41 - 2015-02-25 01:03 - 335537818 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_138_[720p].rar
2015-02-25 00:41 - 2015-02-25 01:00 - 290496577 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_139_[720p].rar
2015-02-25 00:41 - 2015-02-25 01:00 - 287249494 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_140_[720p].rar
2015-02-25 00:06 - 2015-02-25 00:38 - 321143917 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_135_HD.rar
2015-02-25 00:06 - 2015-02-25 00:38 - 316575541 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_136_HD.rar
2015-02-25 00:06 - 2015-02-25 00:34 - 325195909 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_134_HD.rar
2015-02-25 00:05 - 2015-02-25 00:35 - 325361193 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_132_HD.rar
2015-02-24 22:48 - 2015-02-24 23:17 - 343571497 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_131_HD.rar
2015-02-24 22:47 - 2015-02-24 23:14 - 340215569 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_133_HD.rar
2015-02-24 22:47 - 2015-02-24 23:13 - 350739489 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_130_HD.rar
2015-02-24 22:47 - 2015-02-24 23:11 - 331224184 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_127_HD.rar
2015-02-24 22:47 - 2015-02-24 23:11 - 311996544 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_129_HD.rar
2015-02-24 22:47 - 2015-02-24 23:10 - 306867635 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_128_HD.rar
2015-02-24 21:27 - 2015-02-24 21:42 - 311307134 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_126_HD.rar
2015-02-24 21:27 - 2015-02-24 21:41 - 307125876 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_124_HD.rar
2015-02-24 21:27 - 2015-02-24 21:40 - 332383718 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_125_HD.rar
2015-02-24 12:27 - 2015-02-24 12:46 - 415497001 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_122_[720p].rar
2015-02-24 12:27 - 2015-02-24 12:46 - 410081563 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_118_[720p].rar
2015-02-24 12:27 - 2015-02-24 12:45 - 436034769 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_119_[720p].rar
2015-02-24 12:27 - 2015-02-24 12:43 - 322098367 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_121_[720p].rar
2015-02-24 12:27 - 2015-02-24 12:43 - 310951190 _____ () C:\Users\*****\Downloads\[FNFs]Fairy_Tail_123_HD.rar
2015-02-24 12:27 - 2015-02-24 12:42 - 355070536 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_120_[720p].rar
2015-02-24 12:09 - 2015-02-24 12:20 - 400366103 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_117_[720p].rar
2015-02-24 11:57 - 2015-02-24 12:08 - 363826607 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_116_[720p].rar
2015-02-20 22:15 - 2015-02-20 22:15 - 00000000 ____D () C:\Users\*****\AppData\Local\Steam
2015-02-20 22:11 - 2015-02-20 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-02-20 22:10 - 2015-02-20 22:11 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-02-20 22:08 - 2015-02-20 22:08 - 00000000 _____ () C:\Windows\SysWOW64\sho70B7.tmp
2015-02-05 04:05 - 2015-02-05 04:05 - 00000000 ____D () C:\Users\*****\Downloads\sk073Audiotorture-SonicDecapitation

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 22:26 - 2013-01-16 14:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-07 22:23 - 2009-07-13 20:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-07 22:23 - 2009-07-13 20:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-07 22:22 - 2014-05-08 10:46 - 01527232 _____ () C:\Windows\WindowsUpdate.log
2015-03-07 22:18 - 2014-05-08 19:27 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-03-07 22:15 - 2014-08-12 06:39 - 00000000 ____D () C:\AdwCleaner
2015-03-07 22:14 - 2014-09-10 12:16 - 00000000 ____D () C:\Users\*****\AppData\Local\LogMeIn Hamachi
2015-03-07 22:13 - 2014-02-21 16:47 - 00119296 _____ () C:\Windows\SysWOW64\zlib.dll
2015-03-07 22:13 - 2012-04-29 05:32 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-07 22:13 - 2011-12-18 13:25 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-07 22:12 - 2014-05-19 13:15 - 00029674 _____ () C:\Windows\PFRO.log
2015-03-07 22:12 - 2014-05-08 10:51 - 00020384 _____ () C:\Windows\setupact.log
2015-03-07 22:12 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-07 22:02 - 2012-09-11 14:22 - 00001156 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3896820611-3695378639-3730271298-1001UA.job
2015-03-07 22:02 - 2012-09-11 14:22 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3896820611-3695378639-3730271298-1001Core.job
2015-03-07 22:02 - 2011-12-18 13:25 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-07 03:43 - 2014-05-03 12:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-06 00:21 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-05 23:56 - 2014-05-04 07:23 - 00000000 ____D () C:\Windows\erdnt
2015-03-04 19:42 - 2011-12-18 10:43 - 00000000 ____D () C:\Users\*****
2015-03-04 19:36 - 2014-07-21 10:51 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-03-04 19:28 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Branding
2015-03-02 22:20 - 2014-05-03 12:57 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-02 22:20 - 2014-05-03 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-02 22:20 - 2014-05-03 12:57 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-02 22:14 - 2013-09-25 06:16 - 00000000 ____D () C:\Users\*****\AppData\Local\Deployment
2015-03-02 22:14 - 2013-09-25 06:16 - 00000000 ____D () C:\Users\*****\AppData\Local\Apps\2.0
2015-02-27 16:16 - 2012-10-14 08:03 - 00000000 ____D () C:\Program Files (x86)\VstPlugins
2015-02-27 02:11 - 2014-04-14 09:09 - 00000000 ____D () C:\Users\*****\AppData\Roaming\.minecraft
2015-02-25 02:13 - 2014-12-25 07:10 - 00000000 ____D () C:\Users\*****\Downloads\Fairy Tail
2015-02-24 11:54 - 2014-08-21 17:07 - 00003846 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1408669623
2015-02-24 03:17 - 2011-12-18 13:39 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-23 23:06 - 2012-05-25 17:50 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Winamp
2015-02-23 08:04 - 2011-12-22 13:12 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2015-02-16 16:20 - 2012-06-27 09:40 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys

==================== Files in the root of some directories =======

2006-12-11 09:13 - 2006-12-11 09:13 - 0097336 _____ (Un4seen Developments) C:\Users\*****\AppData\Local\bass.dll
2006-12-11 09:13 - 2006-12-11 09:13 - 0013872 _____ (Un4seen Developments) C:\Users\*****\AppData\Local\basscd.dll
2007-08-13 07:46 - 2007-08-13 07:46 - 0102912 _____ (Albert L Faber) C:\Users\*****\AppData\Local\CDRip.dll
2012-06-10 11:22 - 2012-06-10 11:28 - 0005120 _____ () C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2007-01-18 11:09 - 2007-01-18 11:09 - 0623616 _____ (Ivan Bischof ©2003 - 2005) C:\Users\*****\AppData\Local\No23 Recorder.exe
2013-08-28 13:18 - 2014-04-18 02:16 - 0001484 _____ () C:\Users\*****\AppData\Local\RecConfig.xml
2014-08-07 17:01 - 2014-08-07 17:01 - 0001495 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-04-14 12:47 - 2014-04-14 12:47 - 0007605 _____ () C:\Users\*****\AppData\Local\Resmon.ResmonCfg
2010-05-06 15:57 - 2010-01-27 06:40 - 0131472 _____ () C:\ProgramData\FullRemove.exe

Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\avgnt.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-05 01:28

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Okay, das sollte alles gewesen.


Alt 08.03.2015, 15:53   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Firewall meldet Adware/Spyware - Standard

Windows 7: Firewall meldet Adware/Spyware




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> Windows 7: Firewall meldet Adware/Spyware

Alt 09.03.2015, 12:10   #7
Equimon
 
Windows 7: Firewall meldet Adware/Spyware - Standard

Windows 7: Firewall meldet Adware/Spyware



Hey,
Security Check gibt mir die Meldung "Unsupported Operating System" enn ich es ausführe, alles andere passt soweit.

ESET:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=15150b3d4165244398c70d7e72ae679b
# engine=22815
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-09 10:38:39
# local_time=2015-03-09 03:38:39 (-0800, Pacific Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 0 169528097 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 177440969 0 0
# scanned=533118
# found=13
# cleaned=0
# scan_time=15446
sh=532A232C336AB1E5D65E829DFA191A71B96E2CC6 ft=1 fh=c71c001152b88659 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\HpUI.exe.vir"
sh=12EBF6FC8AD543662053CA101C2D5DA175137EB2 ft=1 fh=c71c00119e5c1a87 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader32.exe.vir"
sh=8F0ABE23DDA3F9DC04497B1A4F455AF8CE9D45B8 ft=1 fh=787e176d56997de7 vn="Win64/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader64.exe.vir"
sh=E9BEAFD5EF09360852ECDCC4312188064742E51A ft=1 fh=c71c0011421e8e27 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe.vir"
sh=E3C659B9CAA4B5CFF2906CA02EB3F178906A2416 ft=1 fh=c71c00117f5fd915 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll32.dll.vir"
sh=8B488C388E304F78CA88312A651D07494469D292 ft=1 fh=8013085d4e45f122 vn="Win64/Thinknice.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll64.dll.vir"
sh=99F97AD369E8621AB4D17DF53E80E60FEE99C727 ft=1 fh=42567613b862d846 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\TIMHOF~1\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=D4B66D63BDB5B1E3B008FCEC0339D4EFEF9ACBC3 ft=1 fh=b8d78b984d4f7d1a vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=ABFE68645B341BF0DEBAAD2833CCA4EA64748238 ft=1 fh=c838719628674f0d vn="Variante von Win64/BrowseFox.AD evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys.vir"
sh=16C0AABDA781E793A412F313CF74614BF5A5A598 ft=1 fh=e03a054ae78bd9f3 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\Downloads\dffsetup-d3drm.exe"
sh=FBBE31F08E493A8B0702FE72F3ABA6DF996E20C6 ft=1 fh=1055b3d0ea15ac02 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\Downloads\PDFCreator-1_7_2_setup.exe"
sh=1447092BA29779C726829611180994E17718C412 ft=1 fh=23f22b72eb3a5b90 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\Downloads\PDFCreator-1_7_2_setup_offline.exe"
sh=C3937102B74AAE33C7725020F68D998A99CD044B ft=1 fh=6e4c94e4e7dedc70 vn="Win32/Somoto.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\Downloads\setup Project64 2.1.exe"
         
FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2015 03
Ran by ***** (administrator) on HOFFI on 09-03-2015 03:59:15
Running from C:\Users\*****\Desktop
Loaded Profiles: ***** (Available profiles: *****)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files\Macrium\Reflect\ReflectService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(vdc) C:\vdc.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Spotify Ltd) C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(AlcaTech) C:\Windows\SysWOW64\mmrtkrnl.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\main.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-22] (Alcor Micro Corp.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9643552 2009-12-10] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-04-23] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2773232 2013-10-17] (Synaptics Incorporated)
HKLM\...\Run: [vdc] => c:\vdc.exe [29696 2014-12-23] (vdc)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-08] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-02-01] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-24] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-24] (Egis Technology Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [Realtime Audio Engine] => "mmrtkrnl.exe" /i
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-03-26] (Apple Inc.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [85160 2009-06-17] (Elaborate Bytes AG)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-01-29] (DivX, LLC)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe [60640 2014-08-28] (Razer Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-02-17] (LogMeIn Inc.)
HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-05-06] (Google Inc.)
HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2874048 2015-02-18] (Valve Corporation)
HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\...\Run: [Spotify Web Helper] => C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-22] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.2 HD Edition.lnk
ShortcutTarget: PHOTOfunSTUDIO 5.2 HD Edition.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3896820611-3695378639-3730271298-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE462
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-02-28] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-02-28] (Oracle Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-02-06] (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-02-28] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-02-28] (Oracle Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2009-03-13] (Yahoo! Inc)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-3896820611-3695378639-3730271298-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\system32\npDeployJava1.dll [2013-02-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-02-28] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2013-02-06] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @gametap.com/npdd,version=1.0 -> C:\Program Files (x86)\Downloader\npdd.dll [2012-07-20] (Metaboli)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-02-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-02-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3896820611-3695378639-3730271298-1001: @tools.google.com/Google Update;version=3 -> C:\Users\*****\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-3896820611-3695378639-3730271298-1001: @tools.google.com/Google Update;version=9 -> C:\Users\*****\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-3896820611-3695378639-3730271298-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\*****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-09-15] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3896820611-3695378639-3730271298-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-09-11] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011-12-09] (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\searchplugins\englische-ergebnisse.xml [2014-04-28]
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\searchplugins\gmx-suche.xml [2014-04-28]
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\searchplugins\lastminute.xml [2014-04-28]
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\searchplugins\webde-suche.xml [2014-04-28]
FF Extension: ProxTube - Unblock YouTube - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\Extensions\ich@maltegoetz.de [2014-02-15]
FF Extension: Gutscheinrausch.de - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\Extensions\mail@gutscheinrausch.de [2012-01-07]
FF Extension: FireShot - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2015-02-25]
FF Extension: DownloadHelper - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-04]
FF Extension: Firefox Old Version Update Hotfix - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-11-04]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-11]
FF Extension: Fox!Box - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\Extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi [2012-01-07]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-03-31]
FF HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\...\Firefox\Extensions: [mail@gutscheinrausch.de] - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\extensions\mail@gutscheinrausch.de
FF Extension: No Name - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\584u8j0f.default\extensions\toolbar@web.de [Not Found]

Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2013-01-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (Adblock Plus) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-07]
CHR Extension: (Tampermonkey) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2013-12-24]
CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-06]
StartMenuInternet: Google Chrome.TS3QRDK64WXWRX6QCAFSWOMIDU - C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-02-16] (LogMeIn, Inc.)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-08] (NewTech Infosystems, Inc.) [File not signed]
S2 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [438272 2014-01-12] (PowerUp Software, LLC) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-10-28] ()
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [302200 2013-01-31] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [105448 2014-08-28] (Razer Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R0 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [75384 2009-02-03] (Protection Technology (StarForce))
R0 sfdrv01a; C:\Windows\System32\drivers\sfdrv01a.sys [77432 2009-02-03] (Protection Technology (StarForce))
S0 sfsync02; C:\Windows\System32\drivers\sfsync02.sys [22936 2006-07-10] (Protection Technology)
R0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [107384 2007-02-08] (Protection Technology (StarForce))
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-04-22] (Duplex Secure Ltd.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 ALSysIO; \??\C:\Users\TIMHOF~1\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-09 03:59 - 2015-03-09 04:00 - 00030072 _____ () C:\Users\*****\Desktop\FRST.txt
2015-03-09 03:59 - 2015-03-09 03:59 - 00000000 ____D () C:\Users\*****\Desktop\FRST-OlderVersion
2015-03-09 03:56 - 2015-03-09 03:56 - 00852604 _____ () C:\Users\*****\Desktop\SecurityCheck.exe
2015-03-08 23:13 - 2015-03-08 23:13 - 02347384 _____ (ESET) C:\Users\*****\Downloads\esetsmartinstaller_deu.exe
2015-03-08 23:13 - 2015-03-08 23:13 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-07 23:06 - 2015-03-07 23:07 - 02126848 _____ () C:\Users\*****\Downloads\AdwCleaner_4.111.exe
2015-03-07 04:34 - 2015-03-07 04:37 - 01388333 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2015-03-06 00:58 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-06 00:58 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-06 00:58 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-06 00:58 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-06 00:58 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-06 00:58 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-06 00:58 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-06 00:58 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-06 00:57 - 2015-03-06 01:38 - 00000000 ____D () C:\Qoobox
2015-03-06 00:49 - 2015-03-06 00:50 - 05612482 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2015-03-04 23:36 - 2015-03-04 23:36 - 00000000 _____ () C:\Users\*****\Desktop\Neues Textdokument (2).txt
2015-03-04 20:47 - 2015-03-09 03:59 - 00000000 ____D () C:\FRST
2015-03-04 20:42 - 2015-03-04 20:42 - 00000020 _____ () C:\Users\*****\defogger_reenable
2015-03-04 20:36 - 2015-03-09 03:59 - 02095104 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2015-03-04 20:35 - 2015-03-09 03:59 - 00000000 ____D () C:\Users\*****\Desktop\Virenscheiß
2015-02-27 17:15 - 2015-02-27 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reFX
2015-02-27 17:15 - 2009-10-24 22:15 - 01332224 _____ (AD © 2009) C:\Windows\SysWOW64\SYNSOEMU.DLL
2015-02-27 07:19 - 2015-02-27 07:19 - 00000000 ____D () C:\Users\*****\Downloads\Nexus 2
2015-02-27 05:14 - 2015-02-27 05:29 - 360514983 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_153_[720p].rar
2015-02-27 05:14 - 2015-02-27 05:27 - 275835122 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_155_[720p].rar
2015-02-27 05:14 - 2015-02-27 05:26 - 290618305 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_152_[720p].rar
2015-02-27 05:14 - 2015-02-27 05:26 - 267951547 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_154_[720p].rar
2015-02-27 05:14 - 2015-02-27 05:26 - 266599149 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_151_[720p].rar
2015-02-27 04:52 - 2015-02-27 05:07 - 338345055 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_150_[720p].rar
2015-02-27 04:52 - 2015-02-27 05:06 - 345239455 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_149_[720p].rar
2015-02-27 04:52 - 2015-02-27 05:06 - 334670845 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_148_[720p].rar
2015-02-27 04:52 - 2015-02-27 05:06 - 314396727 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_147_[720p].rar
2015-02-27 04:52 - 2015-02-27 05:05 - 311973771 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_146_[720p].rar
2015-02-27 03:19 - 2015-02-27 04:06 - 3405035783 _____ () C:\Users\*****\Downloads\Nexus 2.rar
2015-02-25 02:43 - 2015-02-25 02:51 - 280644064 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_145_[720p].rar
2015-02-25 02:13 - 2015-02-25 02:31 - 327233270 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_144_[720p].rar
2015-02-25 02:13 - 2015-02-25 02:30 - 346924549 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_142_[720p].rar
2015-02-25 02:13 - 2015-02-25 02:30 - 300449228 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_143_[720p].rar
2015-02-25 02:13 - 2015-02-25 02:29 - 295086449 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_141_[720p].rar
2015-02-25 01:41 - 2015-02-25 02:07 - 333548700 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_137_HD.rar
2015-02-25 01:41 - 2015-02-25 02:03 - 335537818 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_138_[720p].rar
2015-02-25 01:41 - 2015-02-25 02:00 - 290496577 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_139_[720p].rar
2015-02-25 01:41 - 2015-02-25 02:00 - 287249494 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_140_[720p].rar
2015-02-25 01:06 - 2015-02-25 01:38 - 321143917 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_135_HD.rar
2015-02-25 01:06 - 2015-02-25 01:38 - 316575541 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_136_HD.rar
2015-02-25 01:06 - 2015-02-25 01:34 - 325195909 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_134_HD.rar
2015-02-25 01:05 - 2015-02-25 01:35 - 325361193 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_132_HD.rar
2015-02-24 23:48 - 2015-02-25 00:17 - 343571497 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_131_HD.rar
2015-02-24 23:47 - 2015-02-25 00:14 - 340215569 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_133_HD.rar
2015-02-24 23:47 - 2015-02-25 00:13 - 350739489 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_130_HD.rar
2015-02-24 23:47 - 2015-02-25 00:11 - 331224184 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_127_HD.rar
2015-02-24 23:47 - 2015-02-25 00:11 - 311996544 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_129_HD.rar
2015-02-24 23:47 - 2015-02-25 00:10 - 306867635 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_128_HD.rar
2015-02-24 22:27 - 2015-02-24 22:42 - 311307134 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_126_HD.rar
2015-02-24 22:27 - 2015-02-24 22:41 - 307125876 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_124_HD.rar
2015-02-24 22:27 - 2015-02-24 22:40 - 332383718 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_125_HD.rar
2015-02-24 13:27 - 2015-02-24 13:46 - 415497001 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_122_[720p].rar
2015-02-24 13:27 - 2015-02-24 13:46 - 410081563 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_118_[720p].rar
2015-02-24 13:27 - 2015-02-24 13:45 - 436034769 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_119_[720p].rar
2015-02-24 13:27 - 2015-02-24 13:43 - 322098367 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_121_[720p].rar
2015-02-24 13:27 - 2015-02-24 13:43 - 310951190 _____ () C:\Users\*****\Downloads\[FNFs]Fairy_Tail_123_HD.rar
2015-02-24 13:27 - 2015-02-24 13:42 - 355070536 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_120_[720p].rar
2015-02-24 13:09 - 2015-02-24 13:20 - 400366103 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_117_[720p].rar
2015-02-24 12:57 - 2015-02-24 13:08 - 363826607 _____ () C:\Users\*****\Downloads\[BNFs]Fairy_Tail_116_[720p].rar
2015-02-20 23:15 - 2015-02-20 23:15 - 00000000 ____D () C:\Users\*****\AppData\Local\Steam
2015-02-20 23:11 - 2015-02-20 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-02-20 23:10 - 2015-02-20 23:11 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-02-20 23:08 - 2015-02-20 23:08 - 00000000 _____ () C:\Windows\SysWOW64\sho70B7.tmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-09 03:27 - 2013-01-16 15:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-09 03:14 - 2014-05-08 11:46 - 01558001 _____ () C:\Windows\WindowsUpdate.log
2015-03-09 03:02 - 2012-09-11 15:22 - 00001156 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3896820611-3695378639-3730271298-1001UA.job
2015-03-09 03:02 - 2011-12-18 14:25 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-08 23:24 - 2012-09-11 15:22 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3896820611-3695378639-3730271298-1001Core.job
2015-03-08 23:16 - 2011-12-18 14:25 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-08 23:14 - 2009-07-13 21:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-08 23:14 - 2009-07-13 21:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-07 23:18 - 2014-05-08 20:27 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-03-07 23:15 - 2014-08-12 07:39 - 00000000 ____D () C:\AdwCleaner
2015-03-07 23:14 - 2014-09-10 13:16 - 00000000 ____D () C:\Users\*****\AppData\Local\LogMeIn Hamachi
2015-03-07 23:13 - 2014-02-21 17:47 - 00119296 _____ () C:\Windows\SysWOW64\zlib.dll
2015-03-07 23:13 - 2012-04-29 06:32 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-07 23:12 - 2014-05-19 14:15 - 00029674 _____ () C:\Windows\PFRO.log
2015-03-07 23:12 - 2014-05-08 11:51 - 00020384 _____ () C:\Windows\setupact.log
2015-03-07 23:12 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-07 04:43 - 2014-05-03 13:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-06 01:21 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-06 00:56 - 2014-05-04 08:23 - 00000000 ____D () C:\Windows\erdnt
2015-03-04 20:42 - 2011-12-18 11:43 - 00000000 ____D () C:\Users\*****
2015-03-04 20:36 - 2014-07-21 11:51 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-03-04 20:28 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Branding
2015-03-02 23:20 - 2014-05-03 13:57 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-02 23:20 - 2014-05-03 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-02 23:20 - 2014-05-03 13:57 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-02 23:14 - 2013-09-25 07:16 - 00000000 ____D () C:\Users\*****\AppData\Local\Deployment
2015-03-02 23:14 - 2013-09-25 07:16 - 00000000 ____D () C:\Users\*****\AppData\Local\Apps\2.0
2015-02-27 17:16 - 2012-10-14 09:03 - 00000000 ____D () C:\Program Files (x86)\VstPlugins
2015-02-27 03:11 - 2014-04-14 10:09 - 00000000 ____D () C:\Users\*****\AppData\Roaming\.minecraft
2015-02-25 03:13 - 2014-12-25 08:10 - 00000000 ____D () C:\Users\*****\Downloads\Fairy Tail
2015-02-24 12:54 - 2014-08-21 18:07 - 00003846 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1408669623
2015-02-24 04:17 - 2011-12-18 14:39 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-24 00:06 - 2012-05-25 18:50 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Winamp
2015-02-23 09:04 - 2011-12-22 14:12 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2015-02-16 17:20 - 2012-06-27 10:40 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys

==================== Files in the root of some directories =======

2006-12-11 10:13 - 2006-12-11 10:13 - 0097336 _____ (Un4seen Developments) C:\Users\*****\AppData\Local\bass.dll
2006-12-11 10:13 - 2006-12-11 10:13 - 0013872 _____ (Un4seen Developments) C:\Users\*****\AppData\Local\basscd.dll
2007-08-13 08:46 - 2007-08-13 08:46 - 0102912 _____ (Albert L Faber) C:\Users\*****\AppData\Local\CDRip.dll
2012-06-10 12:22 - 2012-06-10 12:28 - 0005120 _____ () C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2007-01-18 12:09 - 2007-01-18 12:09 - 0623616 _____ (Ivan Bischof ©2003 - 2005) C:\Users\*****\AppData\Local\No23 Recorder.exe
2013-08-28 14:18 - 2014-04-18 03:16 - 0001484 _____ () C:\Users\*****\AppData\Local\RecConfig.xml
2014-08-07 18:01 - 2014-08-07 18:01 - 0001495 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-04-14 13:47 - 2014-04-14 13:47 - 0007605 _____ () C:\Users\*****\AppData\Local\Resmon.ResmonCfg
2010-05-06 16:57 - 2010-01-27 07:40 - 0131472 _____ () C:\ProgramData\FullRemove.exe

Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\avgnt.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-05 02:28

==================== End Of Log ============================
         
--- --- ---


Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2015 03
Ran by ***** at 2015-03-09 04:00:37
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.60 - NewTech Infosystems)
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.3.5 - Liteon)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3004 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3011 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1) (Version: 6.1.0.2 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0423.2010 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActivePerl 5.14.2 Build 1402 (HKLM-x32\...\{02BFF1A3-A0D5-4F64-8558-A22682BCDA58}) (Version: 5.14.1402 - ActiveState)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}) (Version: 1.5.17.05094 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.5.17.05094 - Alcor Micro Corp.) Hidden
Amazon Kindle (HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\...\Amazon Kindle) (Version:  - Amazon)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
AMD Catalyst Install Manager (HKLM\...\{C7A772A4-73CF-EB06-172F-75C5F6C80AAC}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arcus - Rubik's Cube Simulator 0.3.2 (HKLM-x32\...\Arcus - Rubik's Cube Simulator 0.3.2) (Version:  - Peter Szilagyi)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
Audiosurf (HKLM-x32\...\Steam App 12900) (Version:  - Dylan Fitterer)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.6 - Auslogics Software Pty Ltd)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
AWeather (HKLM-x32\...\AWeather) (Version:  - )
Backup Manager Basic (x32 Version: 2.0.0.60 - NewTech Infosystems) Hidden
Battlefield 2(TM) (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version:  - )
Beat Ball 2 (HKLM-x32\...\BeatBall2) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BrettspielWelt (HKLM-x32\...\BrettspielWelt) (Version: 1.0 - BrettspielWelt GmbH)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 12.52.03 - Broadcom Corporation)
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version:  - Oberon Media)
CCleaner (HKLM\...\CCleaner) (Version: 3.14 - Piriform)
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)
Core Temp 1.0 RC2 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Crazy Machines (HKLM-x32\...\Steam App 18420) (Version:  - Fakt Software)
Crazy Machines II (HKLM-x32\...\{112B0ED9-57F8-4883-8E6A-5BEAABDABBC1}) (Version: 1.00 - FAKT Software GmbH)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2529.50 - CyberLink Corp.)
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.24 - DivX, LLC)
Downloader (HKLM-x32\...\Downloader) (Version:  - )
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
Dropbox (HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
DzSoft Perl Editor 5.8.9 (HKLM-x32\...\dzperl_is1) (Version: 5.8.9 - DzSoft Ltd)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Express Burn (HKLM-x32\...\ExpressBurn) (Version: 4.69 - NCH Software)
EZdrummer Lite Installer (HKLM-x32\...\{E80B34EE-F3E5-4F60-AE89-FF0D717554A2}) (Version: 1.1.4 - Toontrack)
Façade (HKLM-x32\...\{24E34264-D483-477C-A9A0-4E53F69834CF}) (Version: 1.1.2 - Procedural Arts)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FLAC 1.2.1b (remove only) (HKLM-x32\...\FLAC) (Version: 1.2.1b - Xiph.org)
FlatOut (HKLM-x32\...\Steam App 6220) (Version:  - Bugbear Entertainment)
FlatOut 2 (HKLM-x32\...\Steam App 2990) (Version:  - Bugbear Entertainment)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
foobar2000 v1.2.5 (HKLM-x32\...\foobar2000) (Version: 1.2.5 - Peter Pawlowski)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Audio Converter version 5.0.28.812 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.28.812 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version:  - Oberon Media)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Garry)
GIMP 2.6.12 (HKLM\...\GIMP-2_is1) (Version: 2.6.12 - The GIMP Team)
Google Chrome (HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
GutscheinRausch.de - AddOn für Firefox (HKLM-x32\...\{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1) (Version: 2.81 - GutscheinRausch.de)
Hedgewars (HKLM-x32\...\hedgewars) (Version: 0.9.18 - Hedgewars Project)
herdProtect Anti-Malware Scanner (HKLM-x32\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
ICQ7.7 (HKLM-x32\...\{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}) (Version: 7.7 - ICQ)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Inkscape 0.48.2 (HKLM-x32\...\Inkscape) (Version: 0.48.2 - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
iTunes (HKLM\...\{CF8FFD12-602B-422D-AF1D-511B411E7632}) (Version: 10.6.1.7 - Apple Inc.)
Java 7 Update 15 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417015FF}) (Version: 7.0.150 - Oracle)
Java 7 Update 15 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217015FF}) (Version: 7.0.150 - Oracle)
Jibbin version March 2010 (HKLM-x32\...\{3252AF1C-86C7-404B-90EE-96C41C60F24F}_is1) (Version: March 2010 - Thomas Champagne)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche Studios)
Just Cause 2: Multiplayer - Dedicated Server (HKLM-x32\...\Steam App 261140) (Version:  - )
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - Avalanche Studios)
K-Lite Codec Pack 6.0.4 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.0.4 - )
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.8 - Acer Inc.)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Little Fighter (HKLM-x32\...\Little Fighter) (Version:  - )
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.319 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.319 - LogMeIn, Inc.) Hidden
Macrium Reflect Free Edition (HKLM\...\{E9220B1F-33C4-4A89-B34D-38374CFBE2CF}) (Version: 5.1.5603 - Paramount Software (UK) Ltd.)
Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios)
MAGIX Music Maker 17 Premium (HKLM-x32\...\MAGIX_MSI_mm17dlx) (Version: 17.0.0.16 - MAGIX AG)
MAGIX Music Maker 17 Premium (x32 Version: 17.0.0.16 - MAGIX AG) Hidden
MAGIX Screenshare (HKLM-x32\...\{6333C013-366F-45BD-B598-9E0B25E41605}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM-x32\...\{9C4436D2-3644-40E9-985C-D3D015F87285}) (Version: 7.0.2.6 - MAGIX AG)
Mah Jongg 2 (HKLM-x32\...\Mah Jongg 2) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
ManiaPlanet (HKLM-x32\...\ManiaPlanet_is1) (Version:  - Nadeo)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Motocross Madness 2 (HKLM-x32\...\Motocross Madness 2) (Version:  - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access 2003 Runtime (HKLM-x32\...\{901C0407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 2.0 (HKLM-x32\...\{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}) (Version: 2.0.11128.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft_VC100_CRT_x86 (HKLM-x32\...\{6FDDB201-2CA0-42BD-973F-7B2C4A61EA3F}) (Version: 1.0.0 - Microsoft)
MixPad Audiodatei-Mixer (HKLM-x32\...\MixPad) (Version:  - NCH Software)
Moebius (HKLM-x32\...\{D6903FBB-FA2E-49DE-896F-7050B8679AFC}) (Version: 3.10.0000 - Fa. Ellen Hoche)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MuseScore 1.0 MuseScore score typesetter (HKLM-x32\...\MuseScore) (Version: 1.0.0 - Werner Schweer and Others)
MyWinLocker (x32 Version: 3.1.206.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.206.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.206.0 - Egis Technology Inc.) Hidden
Native Instruments DrumMicA (HKLM-x32\...\Native Instruments DrumMicA) (Version:  - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.2.0.6361 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.4.1.1158 - Native Instruments)
No23 Recorder (HKLM-x32\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.628 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.628 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6630 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6630 - NewTech Infosystems) Hidden
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenMPT 1.22 (HKLM-x32\...\{67903736-E9BB-4664-B148-F62BCAB4FA42}_is1) (Version: 1.22.02.00 - OpenMPT Devs / Olivier Lapicque)
Opera Stable 27.0.1689.76 (HKLM-x32\...\Opera 27.0.1689.76) (Version: 27.0.1689.76 - Opera Software ASA)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
PHOTOfunSTUDIO 5.2 HD Edition (HKLM-x32\...\{0AE09EFD-8680-4B14-9643-00AB33BEC6ED}) (Version: 5.02.126 - Panasonic Corporation)
PhotoStage Diashow-Ersteller (HKLM-x32\...\PhotoStage) (Version:  - NCH Software)
Pinnacle Game Profiler (HKLM-x32\...\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}) (Version: 7.4.2 - PowerUp Software)
Portal 2 (HKLM-x32\...\Postal 2_is1) (Version:  - )
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Portal 2 Publishing Tool (HKLM-x32\...\Steam App 644) (Version:  - )
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 5.0.89.0 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6000 - Realtek Semiconductor Corp.)
reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version:  - )
RollerCoaster Tycoon 3 (HKLM-x32\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - )
RPG Maker 2000 1.05 (HKLM-x32\...\RPG Maker 2000 1.05) (Version:  - )
RTP 1.32 Add-On for RM2k (HKLM-x32\...\RTP 1.32 Add-On for RM2k) (Version:  - )
RTP for RM2K (Png, Wav, Midi, Fonts) (HKLM-x32\...\RTP for RM2K (Png, Wav, Midi, Fonts)) (Version:  - )
Shredder (Version: 2.0.5.0 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.5.0 - Egis Technology Inc.) Hidden
SILKYPIX Developer Studio 3.1 SE (HKLM-x32\...\InstallShield_{0A04086B-0B71-43C3-95EF-FDFC4C18D161}) (Version: 3 - Ichikawa Soft Laboratory)
SILKYPIX Developer Studio 3.1 SE (x32 Version: 3 - Ichikawa Soft Laboratory) Hidden
Sins of a Solar Empire (HKLM-x32\...\Sins of a Solar Empire) (Version:  - Stardock Entertainment)
Sins of a Solar Empire (x32 Version: 1.05 - Kalypso) Hidden
Ski Challenge 12 (SRF) (HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\...\sc12-CH_SF) (Version:  - )
Ski Challenge 14 (HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\...\sc14-GAMETWIST_MAIN) (Version:  - )
Skispringen 2007 (HKLM-x32\...\Skispringen 2007_0001) (Version:  - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version:  - Oberon Media)
Spotify (HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Sylenth1 v2.21 (HKLM-x32\...\Sylenth1_is1) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.19.0 - Synaptics Incorporated)
TabTrax Demo 1.9 (HKLM-x32\...\TabTrax Demo) (Version:  - )
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Tinypic 3.18 (HKLM-x32\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler)
TmUnitedForever Update 2010-03-15 (HKLM-x32\...\TmUnitedForever_is1) (Version:  - Nadeo)
Tom Clancy's H.A.W.X. (HKLM-x32\...\Steam App 21900) (Version:  - Ubisoft Bucharest Studio)
Tony Hawk's American Wasteland (HKLM-x32\...\{3293C06B-003F-4027-8380-FFD79E38167D}) (Version: 1.00.0000 - Ihr Firmenname)
Tony Hawk's Underground 2 (HKLM-x32\...\InstallShield_{EF1394D4-9FB6-4F1F-9A09-20FF3033AE14}) (Version: 1.00.0000 - Activision)
Tony Hawk's Underground 2 (x32 Version: 1.00.0000 - Activision) Hidden
TrackMania Sunrise (HKLM-x32\...\TmSunrise_is1) (Version:  - Nadeo)
TrackMania United 0.2.0.8 (HKLM-x32\...\TmUnited_is1) (Version:  - Nadeo)
Trials Evolution Gold Edition (HKLM-x32\...\Steam App 220160) (Version:  - RedLynx and Ubisoft Shanghai)
Trials Fusion (HKLM-x32\...\Uplay Install 297) (Version:  - Ubisoft)
Turbo Dismount (HKLM-x32\...\Steam App 263760) (Version:  - Secret Exit Ltd.)
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Vampires Deaf (HKLM-x32\...\{63261E19-1368-475A-8971-F9711262676B}_is1) (Version: Vampires Deaf - Brianum)
Vampires Deaf (HKLM-x32\...\{C4CC321A-A051-4EF7-B9EC-61A0887769D1}_is1) (Version: Vampires Deaf 2 - Brianum)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VideoPad Videobearbeitungs-Software (HKLM-x32\...\VideoPad) (Version:  - NCH Software)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VirtualDJ Home FREE (HKLM-x32\...\{A6AC699F-8315-40CA-8F70-E917494978AB}) (Version: 7.4 - Atomix Productions)
Visual Analyser (HKLM-x32\...\{29738AAE-CE2B-4E9E-BE52-3E4D14D3116F}) (Version: 8.30.21 - Sillanum Soft)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Walaber's Trampoline (HKLM-x32\...\{9617BEC2-A487-40E7-94FB-AC699F1B360B}) (Version: 1.1 - Walaber)
WavePad Audiobearbeitungs-Software (HKLM-x32\...\WavePad) (Version:  - NCH Software)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.01.3002 - Acer Incorporated)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.01 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Wolfenstein - Enemy Territory (HKLM-x32\...\Wolfenstein - Enemy Territory) (Version: 2.60b - ACTIVISION)
Worms Armageddon (HKLM-x32\...\Steam App 217200) (Version:  - )
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
YGOPro DevPro Version 1.8.6 (HKLM-x32\...\{3CF2634F-3F38-4DD3-9201-CB2FE6B5FF23}_is1) (Version: 1.8.6 - YGOPro DevPro Online)
YouTube Song Downloader (HKLM-x32\...\{4281435C-AD1D-4C8A-B9C0-3961C11EF142}_is1) (Version: 10.2 - Abelssoft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3896820611-3695378639-3730271298-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3896820611-3695378639-3730271298-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3896820611-3695378639-3730271298-1001_Classes\CLSID\{DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611}\InprocServer32 -> C:\Program Files\Macrium\Reflect\RShellExt.dll (Paramount Software UK Ltd)
CustomCLSID: HKU\S-1-5-21-3896820611-3695378639-3730271298-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3896820611-3695378639-3730271298-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3896820611-3695378639-3730271298-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3896820611-3695378639-3730271298-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3896820611-3695378639-3730271298-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2015-03-06 01:20 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {043B0538-9967-490B-9E25-56D59C93E90D} - System32\Tasks\{DC158327-45C1-471E-B838-9711413DFFAA} => C:\Users\*****\Downloads\achtung-die-kurve\ZATACKA\ZATACKA.EXE
Task: {0973068E-B769-4815-A8B1-7C8C7E435F60} - System32\Tasks\{0445D3BE-D5D0-4EED-BE57-CE9BA1A68E92} => C:\Users\*****\Desktop\generally105\GeneRally.exe
Task: {0E85D301-AD42-4F71-AB70-2A8950F7E40B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {1C316CA0-D9DB-4A28-A6A4-1E7CC9076AD5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {1F7A2DD9-8BAC-4015-B4E9-F0D05758128C} - System32\Tasks\{B9BC6E84-3E4C-453C-A143-7A6B1A49E14E} => C:\Program Files (x86)\Frets on Fire\FretsOnFire.exe
Task: {35CDDFEE-CAA7-4742-9AC6-F535C2033F77} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe
Task: {36DDD6E0-10BB-4E30-B785-26A1C4EADA4C} - System32\Tasks\{1F933AC0-65A2-4537-A3C4-3469A5C87FC2} => pcalua.exe -a "C:\Users\*****\Downloads\rm2k_fp.exe" -d "C:\Users\*****\Downloads"
Task: {4235E7D9-5D0F-4A92-A56A-BD5AC596C3A6} - System32\Tasks\{B4477AC7-E5FE-4B6F-8169-BFA1CEE88241} => C:\Program Files (x86)\Moebius\moebius.exe
Task: {49124818-28C5-4010-B541-7C192573BB36} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {4F528264-1CEC-47C1-B828-0C33B1CFD2CC} - System32\Tasks\{55B51A6F-DA64-47EE-8C5D-96E8F1DA865B} => C:\Program Files (x86)\Microsoft Games\Motocross Madness 2\MCM2.EXE [2006-11-16] (Rainbow Multimedia Group, Inc)
Task: {5206A8B7-2A68-4141-A810-039D7E58EB5D} - System32\Tasks\{9911BC94-1F60-4CBC-A115-361134DBED46} => C:\Program Files (x86)\Microsoft Games\Motocross Madness 2\MCM2.EXE [2006-11-16] (Rainbow Multimedia Group, Inc)
Task: {5947A212-A369-4F02-8D87-705ED97D0BBA} - System32\Tasks\{D5932309-D764-4A00-87F4-951A698519F5} => pcalua.exe -a "C:\Users\*****\Desktop\RM2k\RM2K_105E.exe" -d "C:\Users\*****\Desktop\RM2k"
Task: {5B408A0E-1D16-453D-9414-381EA5AAF734} - System32\Tasks\{ACB41C13-2A8C-4173-871A-0A0F0C716744} => C:\Users\*****\Desktop\generally105\GeneRally.exe
Task: {63CB06A6-BC77-4E5A-A23B-271EC1061701} - System32\Tasks\{EA8AF799-CDFE-4EC4-ABC9-C9AA6DF54B01} => C:\Program Files (x86)\Microsoft Games\Motocross Madness 2\MCM2.EXE [2006-11-16] (Rainbow Multimedia Group, Inc)
Task: {6D560047-9F30-4F99-8667-899E849236BC} - System32\Tasks\{C74FE53C-63BB-4A72-ADD4-52A495EF8A23} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/abandoninstall?page=tsProgressBar
Task: {6F47EF89-2FA3-4BEE-A18C-5F609C4D48A3} - System32\Tasks\{2D958B9D-8092-404C-965D-8E2CDF3ECDA4} => C:\Program Files (x86)\Frets on Fire\FretsOnFire.exe
Task: {73AD8B1D-BAE3-4AE1-A2A8-7B06C7FC127F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3896820611-3695378639-3730271298-1001UA => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-11] (Google Inc.)
Task: {77E01A35-CA59-46EF-B914-98641531CF32} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {9432FEC4-3634-4C20-A0A4-EF8C661DF7DB} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {9902D88E-A47A-41D5-A728-122196F2B87A} - System32\Tasks\{1229CBB2-2EF0-4CA9-8689-AEB79D92E940} => C:\Program Files (x86)\Frets on Fire\FretsOnFire.exe
Task: {A0861D30-55A6-49BF-B9C2-A162DC1FD8B1} - System32\Tasks\{43D7636D-E610-448C-BFB8-98611F72583F} => C:\Program Files (x86)\Frets on Fire\FretsOnFire.exe
Task: {A7EA5D55-659E-4B81-8F31-CDFF27F46410} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {C89D62DF-9125-4724-B461-52CCD4206BDA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C8B37C67-0C9A-4CF9-BAEB-78DBB9C5B2B8} - System32\Tasks\Opera scheduled Autoupdate 1408669623 => C:\Program Files (x86)\Opera\launcher.exe [2015-02-23] (Opera Software)
Task: {CA301857-F9B6-43EB-8F17-2C99D0556D88} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3896820611-3695378639-3730271298-1001Core => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-11] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3896820611-3695378639-3730271298-1001Core.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3896820611-3695378639-3730271298-1001UA.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2012-01-20 13:25 - 2013-10-28 18:33 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-01-31 05:42 - 2013-01-31 05:42 - 00302200 _____ () C:\Program Files\Macrium\Reflect\ReflectService.exe
2013-02-12 19:37 - 2013-02-12 19:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2011-12-29 14:35 - 2011-05-28 14:05 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2011-12-25 16:38 - 2011-10-26 09:41 - 00126464 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2011-12-25 16:38 - 2011-10-26 09:41 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2011-09-26 23:23 - 2011-09-26 23:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-26 23:22 - 2011-09-26 23:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-08 17:18 - 2010-03-08 17:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-03-08 17:13 - 2010-03-08 17:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2014-09-15 14:08 - 2012-11-20 07:13 - 00264192 _____ () C:\Program Files (x86)\Razer\Razer Cortex\D3DX8Wrapper.dll
2013-03-12 09:10 - 2014-11-11 11:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-20 22:01 - 2014-12-01 17:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-20 22:01 - 2014-12-01 17:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-20 22:01 - 2014-12-01 17:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-05-26 18:36 - 2015-02-18 16:51 - 02360000 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-28 19:28 - 2014-12-01 14:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-28 19:28 - 2014-12-01 14:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-28 19:28 - 2014-12-01 14:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-28 19:28 - 2014-12-01 14:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-28 19:28 - 2014-12-01 14:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2012-04-29 06:33 - 2015-02-18 16:51 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2011-12-18 16:19 - 2009-05-20 15:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2013-02-12 19:38 - 2013-02-12 19:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2012-04-29 06:33 - 2015-01-27 18:30 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-02-20 07:05 - 2015-02-17 15:44 - 01117512 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-20 07:05 - 2015-02-17 15:44 - 00211272 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-20 07:05 - 2015-02-17 15:44 - 09171272 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\40.0.2214.115\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\ProgramData\Temp:E18B7D31

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3896820611-3695378639-3730271298-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\*****\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 64.59.144.91 - 64.59.150.137

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3896820611-3695378639-3730271298-500 - Administrator - Disabled)
Gast (S-1-5-21-3896820611-3695378639-3730271298-501 - Limited - Disabled)
***** (S-1-5-21-3896820611-3695378639-3730271298-1001 - Administrator - Enabled) => C:\Users\*****

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/09/2015 03:55:32 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/08/2015 11:14:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/08/2015 11:14:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (03/08/2015 11:27:39 PM) (Source: volsnap) (EventID: 14) (User: )
Description: Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers auf Volume "C:" abgebrochen.

Error: (03/08/2015 11:09:40 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-03-06 00:16:56.854
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-06 00:16:56.683
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-06 00:16:56.511
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-06 00:16:56.355
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-04 08:41:18.868
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-04 08:41:18.774
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-19 10:16:40.788
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-19 10:16:40.714
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-19 10:03:06.064
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-19 10:03:05.939
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz
Percentage of memory in use: 60%
Total physical RAM: 3956.5 MB
Available physical RAM: 1555.89 MB
Total Pagefile: 7911.18 MB
Available Pagefile: 4760.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Fäsdbladde) (Fixed) (Total:452.48 GB) (Free:57.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 00410040)
Partition 1: (Not Active) - (Size=13.2 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 09.03.2015, 18:56   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Firewall meldet Adware/Spyware - Standard

Windows 7: Firewall meldet Adware/Spyware



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\*****\Downloads\dffsetup-d3drm.exe

C:\Users\*****\Downloads\PDFCreator-1_7_2_setup.exe

C:\Users\*****\Downloads\PDFCreator-1_7_2_setup_offline.exe

C:\Users\*****\Downloads\setup Project64 2.1.exe
HKLM\...\Run: [vdc] => c:\vdc.exe [29696 2014-12-23] (vdc)
c:\vdc.exe
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.


Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.03.2015, 05:10   #9
Equimon
 
Windows 7: Firewall meldet Adware/Spyware - Standard

Windows 7: Firewall meldet Adware/Spyware



Hey, echt vielen Dank für die schnelle und gute Hilfe.
Meine Firewall gibt ruhe und ich fühle mich wieder einigermaßen Abgesichert. Adware ist aber auch echt ne Last, die sich auch mit sichersten Surfmethoden leider nicht immer vermeiden lässt.
In diesem Fall war ich natürlich selbst schuld, aber manchmal handelt man leider unbedacht, und dann passiert halt so ein Mist.
Also nochmal, Danke vielmals!

Und hier noch die Finale Fixlog.txt:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-03-2015 03
Ran by ***** at 2015-03-09 20:16:49 Run:1
Running from C:\Users\*****\Desktop
Loaded Profiles: ***** (Available profiles: *****)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\*****\Downloads\dffsetup-d3drm.exe

C:\Users\*****\Downloads\PDFCreator-1_7_2_setup.exe

C:\Users\*****\Downloads\PDFCreator-1_7_2_setup_offline.exe

C:\Users\*****\Downloads\setup Project64 2.1.exe
HKLM\...\Run: [vdc] => c:\vdc.exe [29696 2014-12-23] (vdc)
c:\vdc.exe
Emptytemp:

*****************

C:\Users\*****\Downloads\dffsetup-d3drm.exe => Moved successfully.
C:\Users\*****\Downloads\PDFCreator-1_7_2_setup.exe => Moved successfully.
C:\Users\*****\Downloads\PDFCreator-1_7_2_setup_offline.exe => Moved successfully.
C:\Users\*****\Downloads\setup Project64 2.1.exe => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\vdc => value deleted successfully.
c:\vdc.exe => Moved successfully.
EmptyTemp: => Removed 734.1 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 20:17:53 ====
         

Alt 11.03.2015, 18:08   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Firewall meldet Adware/Spyware - Standard

Windows 7: Firewall meldet Adware/Spyware



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 7: Firewall meldet Adware/Spyware
antivir, antivirus, avira, bonjour, browser, combofix, computer, desktop, device driver, downloader, dvdvideosoft ltd., excel, failed, flash player, google, home, homepage, launch, malware, popup, problem, realtek, registry, required, scan, security, svchost.exe, teredo, vista, windows



Ähnliche Themen: Windows 7: Firewall meldet Adware/Spyware


  1. Windows 7: Avira meldet immer wieder ADWARE/Adware.Gen4 bzw. .Gen7, zudem taucht Optimizer Pro immer wieder auf
    Log-Analyse und Auswertung - 14.12.2014 (9)
  2. Win7/Avira meldet ADWARE/Adware.Gen7
    Log-Analyse und Auswertung - 24.11.2014 (8)
  3. Windows 7: ADWARE/CrossRider.Gen4, ADWARE/EoRezo.Gen4 und ADWARE/MPlug 6.14 durch AntiVir gefunden
    Log-Analyse und Auswertung - 22.10.2014 (4)
  4. Windows 7: fbdownoader im Browser, Infektion mit Gen:Adware.Heur.lu8@Yfys1Lli., unbekannte Netzwerke in Firewall
    Log-Analyse und Auswertung - 16.10.2014 (13)
  5. eBay-Fake eMail mit ZIP Anhang gespeichert, Windows 7- Avira: Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen
    Log-Analyse und Auswertung - 29.08.2014 (17)
  6. Windows 8.1: Avira meldet Fund "TR/BProtector.Gen2" und Adware
    Log-Analyse und Auswertung - 23.06.2014 (15)
  7. Windows Vista: Avira Antivir meldet erst ADWARE/bProtect.D einige Tage später TR/Fakeadb.A
    Log-Analyse und Auswertung - 26.10.2013 (17)
  8. Windows XP: Avira meldet Adware, Maleware, Programme
    Log-Analyse und Auswertung - 07.10.2013 (19)
  9. Windows Server 2008R2 - Firewall Zugriff verweigert und Gefunden Adware.Adon und InstallCore.D
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (16)
  10. Windows Wartungscenter meldet: McAfee und Firewall deaktiviert
    Plagegeister aller Art und deren Bekämpfung - 02.06.2011 (2)
  11. Spyware/Adware
    Log-Analyse und Auswertung - 15.07.2007 (2)
  12. eScan meldet Spyware/Adware
    Plagegeister aller Art und deren Bekämpfung - 02.07.2007 (5)
  13. Fund:savenow adware+ ezula Spyware/adware
    Log-Analyse und Auswertung - 17.05.2007 (1)
  14. eScan meldet Adware/Spyware...
    Plagegeister aller Art und deren Bekämpfung - 22.04.2007 (7)
  15. 180Solutions Spyware/, VX2 Spyware/Adware, VB and VBA Program Settings Spyware/Adware
    Log-Analyse und Auswertung - 12.07.2006 (10)
  16. Spyware/Adware?
    Log-Analyse und Auswertung - 10.04.2006 (10)
  17. Firewall meldet Angriff
    Plagegeister aller Art und deren Bekämpfung - 30.05.2005 (3)

Zum Thema Windows 7: Firewall meldet Adware/Spyware - Hallo liebes TB-Team, ich habe mir anscheinend bei den Vorbereitungen zur letzten LAN-Party einen oder mehrere Schädlinge eingefangen. Meine Freunde und ich haben Minecraft gespielt, und da einige meiner Freunde - Windows 7: Firewall meldet Adware/Spyware...
Archiv
Du betrachtest: Windows 7: Firewall meldet Adware/Spyware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.