Trojaner-Board - Win7 friert manchmal ein, oder hat Bluescreen beim Start

Hallo Schrauber!

MBR drin heisst, dass da was in den Masterbootrecord geschrieben wurde, was nicht rein gehört? Die anderen von Dir genannten Programme scheinen jedenfalls einiges gefunden zu haben, hier also die logs:

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 17.03.15

Suchlauf-Zeit: 21:27:58

Logdatei: mbam.txt

Administrator: Ja
 

Version: 2.00.4.1028

Malware Datenbank: v2015.03.17.07

Rootkit Datenbank: v2015.02.25.01

Lizenz: Premium

Malware Schutz: Aktiviert

Bösartiger Webseiten Schutz: Aktiviert

Selbstschutz: Deaktiviert
 

Betriebssystem: Windows 7 Service Pack 1

CPU: x86

Dateisystem: NTFS

Benutzer: Wolf
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 309069

Verstrichene Zeit: 7 Min, 29 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Aktiviert

Tiefer Rootkit-Suchlauf: Aktiviert

Heuristik: Aktiviert

PUP: Warnen

PUM: Aktiviert
 

Prozesse: 0

(Keine schädliche Elemente erkannt)
 

Module: 0

(Keine schädliche Elemente erkannt)
 

Registrierungsschlüssel: 0

(Keine schädliche Elemente erkannt)
 

Registrierungswerte: 0

(Keine schädliche Elemente erkannt)
 

Registrierungsdaten: 0

(Keine schädliche Elemente erkannt)
 

Ordner: 0

(Keine schädliche Elemente erkannt)
 

Dateien: 2

Trojan.Packed, C:\Program Files\Kill DropBox.exe, In Quarantäne, [3079a1819af01a1ca3883da8c23fba46], 

Trojan.Packed, C:\Program Files\Kill Onedrive.exe, In Quarantäne, [d8d1061c0585999d49e25d8888796799], 
 

Physische Sektoren: 0

(Keine schädliche Elemente erkannt)
 
 

(end)

AdwCleaner Logfile:

Code:

# AdwCleaner v4.112 - Bericht erstellt 17/03/2015 um 21:46:48

# Aktualisiert 09/03/2015 von Xplode

# Datenbank : 2015-03-15.1 [Server]

# Betriebssystem : Windows 7 Ultimate Service Pack 1 (x86)

# Benutzername : Wolf - WOLF-PC

# Gestarted von : C:\Users\Wolf\Desktop\AdwCleaner_4.112.exe

# Option : Suchlauf
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Datei Gefunden : C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\11-suche.xml

Datei Gefunden : C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\user.js

Datei Gefunden : C:\Windows\system32\RegistryHelperLM.ocx

Ordner Gefunden : C:\ProgramData\Registry Helper
 

***** [ Geplante Tasks ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gefunden : HKCU\Software\Conduit

Schlüssel Gefunden : HKCU\Software\eSupport.com

Schlüssel Gefunden : HKCU\Software\OCS

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}

Schlüssel Gefunden : HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar

Schlüssel Gefunden : HKLM\SOFTWARE\hdcode

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7

Schlüssel Gefunden : HKLM\SOFTWARE\Registry Helper

Schlüssel Gefunden : HKLM\SOFTWARE\Solvusoft

Schlüssel Gefunden : HKLM\SOFTWARE\Uniblue

Schlüssel Gefunden : HKLM\SOFTWARE\winzipersvc
 

***** [ Internetbrowser ] *****
 

-\\ Internet Explorer v0.0.0.0
 
 

-\\ Mozilla Firefox v36.0.1 (x86 de)
 

[pzx2deug.default] - Zeile Gefunden : user_pref("extensions.hide_caption.plus.look.tab_marginTop_delta", -25);

[pzx2deug.default] - Zeile Gefunden : user_pref("extensions.hide_caption.plus.look.tab_marginTop_delta_nomax", -10);

[pzx2deug.default] - Zeile Gefunden : user_pref("extensions.smarterwiki.search_surfcanyon", false);

*************************
 

AdwCleaner[R3].txt - [3275 Bytes] - [17/03/2015 21:46:48]
 

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [3334 Bytes] ##########

--- --- ---
AdwCleaner Logfile:

Code:

# AdwCleaner v4.112 - Bericht erstellt 17/03/2015 um 21:50:40

# Aktualisiert 09/03/2015 von Xplode

# Datenbank : 2015-03-15.1 [Server]

# Betriebssystem : Windows 7 Ultimate Service Pack 1 (x86)

# Benutzername : Wolf - WOLF-PC

# Gestarted von : C:\Users\Wolf\Desktop\AdwCleaner_4.112.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\Registry Helper

Datei Gelöscht : C:\Windows\system32\RegistryHelperLM.ocx

Datei Gelöscht : C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\11-suche.xml

Datei Gelöscht : C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\user.js
 

***** [ Geplante Tasks ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}

Schlüssel Gelöscht : HKCU\Software\Conduit

Schlüssel Gelöscht : HKCU\Software\eSupport.com

Schlüssel Gelöscht : HKCU\Software\OCS

Schlüssel Gelöscht : HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar

Schlüssel Gelöscht : HKLM\SOFTWARE\hdcode

Schlüssel Gelöscht : HKLM\SOFTWARE\Registry Helper

Schlüssel Gelöscht : HKLM\SOFTWARE\Solvusoft

Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue

Schlüssel Gelöscht : HKLM\SOFTWARE\winzipersvc

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
 

***** [ Internetbrowser ] *****
 

-\\ Internet Explorer v0.0.0.0
 
 

-\\ Mozilla Firefox v36.0.1 (x86 de)
 

[pzx2deug.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.hide_caption.plus.look.tab_marginTop_delta", -25);

[pzx2deug.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.hide_caption.plus.look.tab_marginTop_delta_nomax", -10);

[pzx2deug.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.smarterwiki.search_surfcanyon", false);
 

*************************
 

AdwCleaner[R3].txt - [3413 Bytes] - [17/03/2015 21:46:48]

AdwCleaner[S2].txt - [3362 Bytes] - [17/03/2015 21:50:40]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3421  Bytes] ##########

[/CODE]
--- --- ---

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.5 (03.17.2015:1)

OS: Windows 7 Ultimate x86

Ran by Wolf on Di 17.03.15 at 21:54:41,82

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 

Successfully deleted: [File] "C:\Windows\wininit.ini"
 
 
 

~~~ Folders
 
 
 

~~~ FireFox
 

Successfully deleted the following from C:\Users\Wolf\AppData\Roaming\mozilla\firefox\profiles\pzx2deug.default\prefs.js
 

user_pref("extensions.hide_caption.plus.look.tab_marginTop_delta", 0);

user_pref("extensions.hide_caption.plus.look.tab_marginTop_delta_nomax", 0);

Emptied folder: C:\Users\Wolf\AppData\Roaming\mozilla\firefox\profiles\pzx2deug.default\minidumps [208 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Di 17.03.15 at 21:56:09,43

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015

Ran by Wolf (administrator) on WOLF-PC on 17-03-2015 22:36:25

Running from C:\Users\Wolf\Desktop

Loaded Profiles: Wolf (Available profiles: Wolf)

Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)

Internet Explorer Version 9 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

() C:\Program Files\Allway Sync\Bin\SyncService.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe

(NirSoft) C:\Program Files\NirSoft\Volumouse\volumouse.exe

() C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe

() C:\Program Files\MiserWare\Granola Personal\GranolaManager.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [150208 2014-04-20] (IvoSoft)

HKLM Group Policy restriction on software: C:\Program Files\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION

HKLM\...\Policies\Explorer: [NoStrCmpLogical] 1

HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1

HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1

HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Run: [$Volumouse$] => C:\Program Files\NirSoft\Volumouse\volumouse.exe [33280 2009-08-05] (NirSoft)

HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Run: [Allway Sync] => C:\Program Files\Allway Sync\Bin\syncappw.exe [94416 2014-06-26] ()

HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Run: [Granola] => C:\Program Files\MiserWare\Granola Personal\granola.exe [887016 2012-02-21] ()

HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Run: [OneDrive] => C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281248 2015-03-13] (Microsoft Corporation)

HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Run: [StrokeIt] => C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe [26248 2010-01-03] ()

HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Policies\Explorer: [NoInternetOpenWith] 1

HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Policies\Explorer: [TaskbarNoNotificatio] 0

HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Policies\Explorer: [NoSMMyPictures] 0

HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\MountPoints2: N - N:\LaunchU3.exe

HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\MountPoints2: {69c69ae8-c7c7-11e4-ab6a-00218503c947} - H:\setup.exe

Startup: C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bird.lnk

ShortcutTarget: bird.lnk -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)

Startup: C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox - Verknüpfung.lnk

ShortcutTarget: firefox - Verknüpfung.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

SSODL: EldosMountNotificator-cbfs4 - {E36EB56C-F497-4482-B6E7-BCB93F2B6FDA} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)

ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files\Acronis\TrueImageHome\tishell.dll ()

ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files\Acronis\TrueImageHome\tishell.dll ()

ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files\Acronis\TrueImageHome\tishell.dll ()

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {7036EE8C-E7B0-4C46-96E7-08B06DC6E484} => C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)

ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

BootExecute: autocheck autochk * auto_reactivate C:\bootwiz\asrm.binauto_reactivate \\?\Volume{3d717c7d-d894-11df-8146-806e6f6e6963}\bootwiz\asrm.bin
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-2588859782-1139336777-623044890-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

HKU\S-1-5-21-2588859782-1139336777-623044890-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKU\S-1-5-21-2588859782-1139336777-623044890-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com

URLSearchHook: [S-1-5-21-2588859782-1139336777-623044890-1001] ATTENTION ==> Default URLSearchHook is missing.

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-2588859782-1139336777-623044890-1001 -> {652FDCC2-5EFA-4C64-9F36-12CDDF3A85E1} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}

SearchScopes: HKU\S-1-5-21-2588859782-1139336777-623044890-1001 -> {866E654D-5075-4625-A45A-23EDDCAA7E3C} URL = hxxp://www.google.de/search?q={searchTerms}

BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)

Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)

Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - C:\Program Files\Common Files\BinarySense\hlAPP.dll [2008-02-15] (BinarySense, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default

FF Homepage: hxxp://www.ighome.com/

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-14] ()

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)

FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2013-10-28] (DivX, LLC)

FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF XView\PDF Viewer\npPDFXCviewNPPlugin.dll [2000-01-01] (Tracker Software Products Ltd.)

FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-25] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-08-25] (Oracle Corporation)

FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)

FF Plugin HKU\S-1-5-21-2588859782-1139336777-623044890-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF XView\PDF Viewer\npPDFXCviewNPPlugin.dll [2000-01-01] (Tracker Software Products Ltd.)

FF Plugin HKU\S-1-5-21-2588859782-1139336777-623044890-1001: @sun.com/npsopluginmi;version=1.0 -> D:\Lexika\Portable Open Office\OpenOfficePortable\App\openoffice\program No File

FF Plugin HKU\S-1-5-21-2588859782-1139336777-623044890-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll No File

FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\englische-ergebnisse.xml [2014-10-19]

FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\gmx-suche.xml [2014-10-19]

FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\google-images.xml [2014-10-14]

FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\google-maps.xml [2014-10-14]

FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\lastminute.xml [2014-10-19]

FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\webde-suche.xml [2014-10-19]

FF Extension: MouseControl - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\MouseControl@neocodex.us [2015-01-07]

FF Extension: Disconnect - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\2.0@disconnect.me.xpi [2015-01-07]

FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\elemhidehelper@adblockplus.org.xpi [2015-01-07]

FF Extension: Ghostery - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\firefox@ghostery.com.xpi [2015-01-07]

FF Extension: Hide Caption Titlebar Plus - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\hidecaptionplus-dp@dummy.addons.mozilla.org.xpi [2015-01-07]

FF Extension: OmniSidebar - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\osb@quicksaver.xpi [2015-01-07]

FF Extension: The Fox, Only Better - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\thefoxonlybetter@quicksaver.xpi [2015-01-07]

FF Extension: Yet Another Smooth Scrolling - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\yetanothersmoothscrolling@kataho.xpi [2015-01-07]

FF Extension: X-notifier - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2015-01-07]

FF Extension: NoScript - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-07]

FF Extension: Password Exporter - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2015-01-07]

FF Extension: Fasterfox - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2015-01-07]

FF Extension: Adblock Plus - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-07]

FF Extension: Tab Mix Plus - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-01-07]

FF HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Firefox\Extensions: [{b9aa91db-385d-4c69-8a2f-96790aa9405b}] - c:\program files\copernic\desktopsearch4\firefoxconnector
 

Chrome: 

=======

CHR HKU\S-1-5-21-2588859782-1139336777-623044890-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cnnbdaahphjgdgfhliignpepgnbnfomp] - c:\program files\copernic\desktopsearch4\ChromeConnector\ChromeConnector.crx [Not Found]
 

========================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

S3 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [778000 2013-07-18] (Acronis)

S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3906552 2014-08-08] (Acronis)

R2 BotkindSyncService; C:\Program Files\Allway Sync\Bin\SyncService.exe [182784 2014-06-24] () [File not signed]

R2 Granola PM Manager; C:\Program Files\MiserWare\Granola Personal\GranolaManager.exe [449264 2012-02-21] ()

S4 HDDlife HDD Access service; C:\Program Files\Common Files\BinarySense\hldasvc.exe [845640 2012-03-05] (BinarySense, Inc.)

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

S4 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7152200 2014-02-04] (Acronis)

S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

S2 PEVSystemStart; "C:\ComboFix\pev.3XE" EXEC /i "C:\ComboFix\HIDEC.3XE" "C:\ComboFix\SWREG.3XE" ACL "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep" /RESET /Q
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)

S1 ATITool; C:\Windows\System32\DRIVERS\ATITool.sys [24064 2006-11-10] () [File not signed]

R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [299408 2012-06-07] (EldoS Corporation)

R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [323392 2013-11-15] (EldoS Corporation)

S3 DrvAgent32; C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2011-06-23] (Phoenix Technologies) [File not signed]

R3 dtultrascsibus; C:\Windows\System32\DRIVERS\dtultrascsibus.sys [25104 2015-03-11] (Disc Soft Ltd)

R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)

S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28560 2009-06-17] (Logitech, Inc.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-17] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)

R3 RTL2832UBDA; C:\Windows\System32\drivers\RTL2832UBDA.sys [93344 2009-10-26] (REALTEK SEMICONDUCTOR Corp.)

R3 RTL2832UUSB; C:\Windows\System32\Drivers\RTL2832UUSB.sys [32800 2009-10-26] (REALTEK SEMICONDUCTOR Corp.)

R3 RTL2832U_IRHID; C:\Windows\System32\DRIVERS\RTL2832U_IRHID.sys [31872 2009-10-05] (Realtek)

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [329384 2015-03-11] (Duplex Secure Ltd.)

S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2012-01-05] (AnchorFree Inc)

S3 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [889888 2014-08-08] (Acronis International GmbH)

R0 tib; C:\Windows\System32\DRIVERS\tib.sys [736192 2014-08-08] (Acronis International GmbH)

R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [143648 2014-08-08] (Acronis International GmbH)

R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [116000 2014-08-08] (Acronis International GmbH)

R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [85280 2014-08-08] (Acronis International GmbH)

R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [15936 2013-11-15] (EldoS Corporation)

S3 catchme; \??\C:\Users\Wolf\AppData\Local\Temp\catchme.sys [X]

S1 MpKsl2b051bfa; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7FF52F72-A29D-476F-90E8-21A28475066F}\MpKsl2b051bfa.sys [X]

S1 MpKsl71523a7c; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E11A820F-A7A5-419D-BF81-F92B3426B9D5}\MpKsl71523a7c.sys [X]

S1 MpKslc317aad9; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ACFA39A4-1875-4AF4-A097-68286B4E215E}\MpKslc317aad9.sys [X]

S1 MpKslec0276e2; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{50430688-CBE9-4D47-BA50-448FDD58657A}\MpKslec0276e2.sys [X]

S3 MSI_MSIBIOS_010507; \??\C:\Program Files\MSI\Live Update 5\msibios32_100507.sys [X]

S3 NTIOLib_1_0_4; \??\C:\Program Files\MSI\Live Update 5\NTIOLib.sys [X]

S3 SANDRA; \??\E:\SiSoftware Sandra Lite 2015.SP1\WNt600x86\Sandra.sys [X]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]

S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

U3 a20780r3; No ImagePath
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-03-17 22:36 - 2015-03-17 22:36 - 00019797 _____ () C:\Users\Wolf\Desktop\FRST.txt

2015-03-17 22:36 - 2015-03-17 22:35 - 01135104 _____ (Farbar) C:\Users\Wolf\Desktop\FRST.exe

2015-03-17 22:30 - 2015-03-16 14:20 - 01618512 _____ () C:\Users\Wolf\Desktop\EasyBCD_2.2b182.exe

2015-03-17 22:23 - 2015-03-08 12:12 - 00000052 _____ () C:\Program Files\Kill Onedrive.bat

2015-03-17 22:23 - 2013-05-01 11:28 - 00000029 _____ () C:\Program Files\Kill DropBox.bat

2015-03-17 21:56 - 2015-03-17 22:36 - 00000000 ____D () C:\FRST

2015-03-17 21:46 - 2015-03-17 21:50 - 00000000 ____D () C:\AdwCleaner

2015-03-17 21:37 - 2015-03-17 21:51 - 00001136 _____ () C:\Windows\PFRO.log

2015-03-17 21:27 - 2015-03-17 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-03-17 21:27 - 2015-03-17 21:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2015-03-17 21:27 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-03-17 21:27 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-03-17 14:50 - 2015-03-17 14:50 - 00000000 ___RD () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\GUL

2015-03-17 11:55 - 2015-03-17 11:55 - 00000808 _____ () C:\Users\Wolf\Downloads\WDR.xspf

2015-03-16 18:15 - 2015-03-16 18:15 - 01665395 _____ () C:\Program Files\procexp1204.zip

2015-03-16 18:14 - 2015-03-16 18:14 - 01997800 _____ () C:\Program Files\2009Decoder.zip

2015-03-16 14:21 - 2015-03-16 14:21 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EasyBCD

2015-03-16 14:21 - 2015-03-16 14:21 - 00000000 ____D () C:\Program Files\EasyBCD

2015-03-16 14:05 - 2015-03-16 14:05 - 00000000 ____D () C:\Program Files\DAEMON Tools

2015-03-15 19:04 - 2015-03-17 21:51 - 00000392 _____ () C:\Windows\setupact.log

2015-03-15 19:04 - 2015-03-15 19:04 - 00000000 _____ () C:\Windows\setuperr.log

2015-03-15 17:50 - 2015-03-15 17:50 - 00001699 _____ () C:\Users\Wolf\Desktop\start TV u. clock nach n sec - Verknüpfung.lnk

2015-03-14 20:20 - 2015-03-14 20:20 - 17549488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe

2015-03-12 01:34 - 2015-03-12 01:34 - 00000000 ____D () C:\Program Files\Recuva

2015-03-11 22:21 - 2015-03-11 22:21 - 00000000 ____D () C:\Program Files\Tweaking.com

2015-03-11 09:22 - 2015-03-11 09:22 - 00025104 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtultrascsibus.sys

2015-03-11 09:21 - 2015-03-15 01:22 - 00000000 ____D () C:\Program Files\DAEMON Tools Ultra

2015-03-10 15:14 - 2015-03-10 15:14 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-WOLF-PC-Windows-7-Ultimate-(32-bit).dat

2015-03-10 15:14 - 2015-03-10 15:14 - 00000000 ____D () C:\RegBackup

2015-03-09 19:19 - 2015-03-09 19:19 - 00000000 ____D () C:\Program Files\VirtualCloneDrive

2015-03-09 19:13 - 2015-03-09 19:13 - 00000000 ____D () C:\Program Files\Elaborate Bytes

2015-03-09 19:05 - 2015-03-09 19:05 - 00000000 ____D () C:\Users\Wolf\AppData\Local\Disc_Soft_Ltd

2015-03-09 19:01 - 2015-03-09 19:05 - 00000000 ____D () C:\Users\Public\Documents\Daemon Tools Images

2015-03-09 18:50 - 2015-03-11 09:24 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\DAEMON Tools Ultra

2015-03-09 18:49 - 2015-03-09 18:49 - 00000000 ____D () C:\ProgramData\DAEMON Tools Ultra

2015-03-09 18:20 - 2015-03-09 18:22 - 00140160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sptddrv1.sys

2015-03-09 16:40 - 2015-03-09 16:40 - 00000000 ____D () C:\Qoobox

2015-03-09 01:07 - 2015-03-07 16:02 - 00001108 _____ () C:\0 Desktop.lnk

2015-03-09 01:07 - 2015-03-06 20:05 - 00001239 _____ () C:\Batch für Prozessbeendigung.lnk

2015-03-09 01:07 - 2015-03-06 13:08 - 00000779 _____ () C:\Betriebs.lnk

2015-03-09 01:07 - 2014-12-24 13:18 - 00000801 _____ () C:\z Portable.lnk

2015-03-09 01:07 - 2014-11-04 17:45 - 00000810 _____ () C:\GrundProgsg.lnk

2015-03-07 16:13 - 2015-03-07 16:26 - 00000000 ____D () C:\ProgramData\RogueKiller

2015-03-07 16:13 - 2015-03-07 16:13 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2015-03-06 22:35 - 2009-10-26 10:43 - 00093344 _____ (REALTEK SEMICONDUCTOR Corp.) C:\Windows\system32\Drivers\RTL2832UBDA.sys

2015-03-06 22:35 - 2009-10-26 10:43 - 00032800 _____ (REALTEK SEMICONDUCTOR Corp.) C:\Windows\system32\Drivers\RTL2832UUSB.sys

2015-03-06 22:35 - 2009-10-05 20:20 - 00031872 _____ (Realtek) C:\Windows\system32\Drivers\RTL2832U_IRHID.sys

2015-03-06 22:34 - 2015-03-06 22:34 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\InstallShield

2015-03-06 22:34 - 2009-10-16 11:36 - 00139356 _____ (Realtek) C:\Windows\system32\RTKDABSOURCE.dll

2015-03-06 22:34 - 2009-10-15 16:22 - 00348239 ____T (Realtek) C:\Windows\system32\RTKFM.dll

2015-03-06 22:34 - 2009-10-15 16:16 - 04690000 _____ (Realtek) C:\Windows\system32\RTKDAB.dll

2015-03-06 22:34 - 2009-10-15 15:03 - 00053248 _____ () C:\Windows\system32\RTKDABMWare.dll

2015-03-06 22:34 - 2009-10-15 11:21 - 00135294 _____ (Realtek) C:\Windows\system32\RTKFMSOURCE.dll

2015-03-06 22:34 - 2009-09-11 14:15 - 00114688 ____T (Realtek) C:\Windows\system32\RTL283XACCESS.dll

2015-03-06 22:34 - 2009-09-11 11:44 - 00073832 _____ () C:\Windows\system32\SuperFrameSplitter.dll

2015-03-06 17:06 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2015-03-06 17:06 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2015-03-06 17:06 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-03-06 17:06 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-03-06 17:06 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-03-06 17:06 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2015-03-06 17:06 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2015-03-06 17:06 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2015-03-06 17:05 - 2015-03-06 17:05 - 00000000 ____D () C:\Windows\erdnt

2015-03-06 12:20 - 2015-03-17 22:00 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-03-06 12:20 - 2015-03-06 12:35 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2015-03-06 12:19 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-03-05 21:44 - 2015-03-05 21:51 - 00000066 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\msinfo32 .txt

2015-03-05 13:49 - 2015-03-05 13:49 - 00000020 _____ () C:\Users\Wolf\defogger_reenable

2015-03-04 23:45 - 2015-03-04 23:45 - 00000155 _____ () C:\Users\Wolf\Desktop\philosophisch.txt

2015-03-03 00:12 - 2015-03-03 00:12 - 00000405 _____ () C:\Users\Wolf\Desktop\Spect.lnk

2015-03-02 17:59 - 2015-03-03 10:14 - 00373825 _____ () C:\Users\Wolf\Desktop\2015-02-09, Hanna.rar

2015-03-02 14:56 - 2015-03-02 14:56 - 00000249 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\c't Gully.com.URL

2015-03-02 14:52 - 2015-03-17 14:03 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\vlc

2015-03-02 13:36 - 2015-03-02 13:37 - 00013303 _____ () C:\Users\Wolf\Desktop\2015-02-22, Nicole.rar

2015-03-02 12:27 - 2015-03-06 14:49 - 00155358 _____ () C:\Users\Wolf\Desktop\2015-02-10, Roland.rar

2015-02-28 18:03 - 2011-07-05 00:16 - 00125440 _____ (Nenad Hrg SoftwareOK) C:\Users\Wolf\Desktop\D.Ko.exe

2015-02-28 18:01 - 2015-02-28 15:51 - 00000194 _____ () C:\Users\Wolf\Desktop\S2).bat

2015-02-28 16:33 - 2015-02-28 16:33 - 00000124 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\CONVERT - Zamzar.URL

2015-02-28 15:41 - 2015-02-28 15:51 - 00000194 _____ () C:\Users\Wolf\Desktop\Sta.bat

2015-02-28 11:06 - 2015-02-28 11:07 - 00000197 _____ () C:\Windows\system32\2015-02-28-10-06-48.079-AvastVBoxSVC.exe-2264.log

2015-02-27 12:27 - 2015-03-12 23:53 - 00169836 _____ () C:\Users\Wolf\Desktop\2015 Andere.rar

2015-02-27 11:53 - 2015-02-27 11:53 - 00000197 _____ () C:\Windows\system32\2015-02-27-10-53-22.041-AvastVBoxSVC.exe-3256.log

2015-02-26 22:12 - 2015-02-26 22:13 - 00000197 _____ () C:\Windows\system32\2015-02-26-21-12-30.010-AvastVBoxSVC.exe-3204.log

2015-02-26 16:39 - 2015-03-02 12:28 - 00030714 _____ () C:\Users\Wolf\Desktop\2015-02-25, Lital.rar

2015-02-26 11:04 - 2015-02-26 11:04 - 00000197 _____ () C:\Windows\system32\2015-02-26-10-04-12.025-AvastVBoxSVC.exe-2676.log

2015-02-25 22:30 - 2015-02-25 22:30 - 00000000 ____D () C:\Program Files\AquaSnap

2015-02-25 09:21 - 2015-02-25 09:21 - 00000197 _____ () C:\Windows\system32\2015-02-25-08-21-54.091-AvastVBoxSVC.exe-2588.log

2015-02-24 09:43 - 2015-02-24 09:43 - 00000264 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Spektrum.URL

2015-02-24 09:43 - 2015-02-24 09:43 - 00000250 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Der Spiegel.URL

2015-02-24 09:21 - 2015-02-24 09:21 - 00000197 _____ () C:\Windows\system32\2015-02-24-08-21-43.058-AvastVBoxSVC.exe-3656.log

2015-02-22 11:10 - 2015-02-22 11:10 - 00000197 _____ () C:\Windows\system32\2015-02-22-10-10-26.046-AvastVBoxSVC.exe-2916.log

2015-02-21 23:36 - 2015-02-21 23:36 - 00000197 _____ () C:\Windows\system32\2015-02-21-22-36-30.071-AvastVBoxSVC.exe-2656.log

2015-02-21 10:25 - 2015-02-21 10:25 - 00000197 _____ () C:\Windows\system32\2015-02-21-09-25-05.014-AvastVBoxSVC.exe-2956.log

2015-02-19 10:47 - 2015-02-19 10:47 - 00000197 _____ () C:\Windows\system32\2015-02-19-09-47-22.052-AvastVBoxSVC.exe-2524.log

2015-02-18 15:57 - 2015-02-10 16:47 - 00000119 _____ () C:\Users\Wolf\Desktop\Mo 14 Anwalt.txt

2015-02-18 10:03 - 2015-02-18 10:03 - 00000197 _____ () C:\Windows\system32\2015-02-18-09-03-05.091-AvastVBoxSVC.exe-2572.log

2015-02-17 11:39 - 2015-02-17 11:39 - 00000197 _____ () C:\Windows\system32\2015-02-17-10-39-42.032-AvastVBoxSVC.exe-3016.log
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-03-17 22:28 - 2014-04-22 00:36 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\ClassicShell

2015-03-17 21:56 - 2010-02-09 20:56 - 01611396 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-03-17 21:56 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-03-17 21:56 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-03-17 21:51 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-03-17 21:36 - 2012-09-25 12:18 - 00000000 ___HD () C:\Users\Wolf\Documents\PhraseExpress

2015-03-17 20:23 - 2015-02-09 12:34 - 06814674 _____ () C:\Users\Wolf\Desktop\2015-02-09, Inge.rar

2015-03-17 18:51 - 2012-08-27 21:09 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Skype

2015-03-16 22:23 - 2014-11-08 11:00 - 00001724 _____ () C:\Users\Wolf\Desktop\DesktopOK.ini

2015-03-16 18:24 - 2014-09-11 23:49 - 00159943 _____ () C:\Windows\WindowsUpdate.log

2015-03-16 15:45 - 2013-05-17 16:49 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BURN ISO VIRTUAL-DRIVE

2015-03-16 15:44 - 2012-08-25 12:04 - 00000000 ___RD () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Schreib-Lese

2015-03-15 18:56 - 2015-02-09 12:33 - 07407012 _____ () C:\Users\Wolf\Desktop\39-2015 Gesamt.rar

2015-03-15 17:56 - 2010-10-15 22:08 - 00000000 ____D () C:\Windows\pss

2015-03-15 15:03 - 2013-06-02 20:07 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SysExplor MenuEdit

2015-03-14 20:20 - 2012-04-25 10:56 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2015-03-14 20:20 - 2011-05-16 10:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2015-03-14 20:04 - 2014-08-13 11:30 - 00000000 ____D () C:\Users\Wolf\AppData\Local\Adobe

2015-03-14 18:02 - 2010-10-15 21:48 - 00000000 ___RD () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wartung & TroubleShoot

2015-03-13 07:46 - 2014-09-25 10:37 - 00002176 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk

2015-03-11 22:54 - 2012-09-27 19:49 - 00000000 ____D () C:\Users\Public\Documents\PhraseExpress

2015-03-11 20:45 - 2014-05-01 23:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2015-03-11 09:11 - 2010-10-15 22:42 - 00329384 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys

2015-03-11 08:40 - 2014-04-16 11:37 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Dropbox

2015-03-10 18:40 - 2010-10-15 21:09 - 00067296 _____ () C:\Users\Wolf\AppData\Local\GDIPFONTCACHEV1.DAT

2015-03-10 18:40 - 2009-07-14 05:33 - 00307424 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-03-10 17:24 - 2009-07-14 03:04 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_359

2015-03-10 11:43 - 2013-05-12 00:01 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\USB Tools & Convert

2015-03-09 18:19 - 2014-11-12 18:09 - 00000026 _____ () C:\Users\Wolf\AppData\Local\isoworkshop.ini

2015-03-09 04:09 - 2014-12-25 11:51 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird

2015-03-09 04:09 - 2013-12-12 02:42 - 00000000 ____D () C:\Users\Wolf\AppData\Local\CrashDumps

2015-03-09 04:09 - 2010-12-15 01:05 - 00000000 ____D () C:\Windows\Minidump

2015-03-09 04:09 - 2010-10-16 04:39 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\uTorrent

2015-03-07 12:11 - 2010-10-28 21:46 - 00007628 _____ () C:\Users\Wolf\AppData\Local\resmon.resmoncfg

2015-03-06 23:15 - 2011-10-04 00:18 - 00000000 ___RD () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoTV-Kram

2015-03-06 22:34 - 2010-10-15 22:05 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information

2015-03-06 22:34 - 2010-10-15 22:05 - 00000000 ____D () C:\Program Files\Realtek

2015-03-06 22:27 - 2010-10-15 22:07 - 00000000 ____D () C:\Program Files\Common Files\ArcSoft

2015-03-06 22:20 - 2010-10-15 21:55 - 00000000 ____D () C:\Program Files\WinRAR

2015-03-06 17:06 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Public

2015-03-06 12:21 - 2013-08-22 22:33 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-03-05 22:06 - 2013-09-28 01:24 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDD Wächter u Reperatur

2015-03-05 21:11 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET

2015-03-05 13:49 - 2010-10-15 21:48 - 00000000 ____D () C:\Users\Wolf

2015-03-04 18:07 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Public\Libraries

2015-03-04 16:34 - 2010-10-15 21:06 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Mozilla

2015-03-02 23:55 - 2014-11-08 11:00 - 09733919 _____ () C:\Users\Wolf\Desktop\0 Parmenides.rar

2015-03-02 16:14 - 2011-06-16 02:26 - 00000000 ____D () C:\Program Files\Wise Registry Cleaner

2015-03-02 13:35 - 2015-02-09 12:34 - 00300287 _____ () C:\Users\Wolf\Desktop\2015-02-09, Lena.rar

2015-03-01 00:25 - 2011-07-20 15:34 - 00000000 ____D () C:\ProgramData\AVAST Software

2015-02-16 00:05 - 2013-07-10 00:19 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Ditto
 

==================== Files in the root of some directories =======
 

2015-03-16 18:14 - 2015-03-16 18:14 - 1997800 _____ () C:\Program Files\2009Decoder.zip

2014-08-11 20:25 - 2014-08-11 20:36 - 0000084 _____ () C:\Program Files\ACRONISDDIENST STARTET.vbs

2010-10-27 16:33 - 1998-09-25 14:37 - 0006054 _____ () C:\Program Files\agb.rtf

2011-12-02 23:09 - 2009-04-02 16:47 - 0648064 _____ (Sysinternals - www.sysinternals.com) C:\Program Files\autoruns.exe

2010-10-27 16:33 - 2010-10-27 16:33 - 0002204 _____ () C:\Program Files\DeIsL1.isu

2011-11-19 01:55 - 2011-11-19 01:56 - 0001685 _____ () C:\Program Files\DeIsL2.isu

2010-10-27 16:33 - 2000-02-13 15:33 - 0017395 _____ () C:\Program Files\digibib.cnt

2010-10-27 16:33 - 2000-02-13 15:33 - 0752400 _____ () C:\Program Files\DIGIBIB.HLP

2010-10-27 16:33 - 2010-10-27 16:34 - 0004981 _____ () C:\Program Files\digibib.ini

2010-10-27 16:33 - 2000-02-13 22:41 - 1733120 _____ () C:\Program Files\Digibib2.exe

2011-08-08 17:59 - 2011-05-25 08:25 - 0007878 _____ () C:\Program Files\EULA.txt

2013-07-16 01:09 - 2013-07-16 01:00 - 0005892 _____ () C:\Program Files\Ghost für  Remoce Torrent.gms

2011-11-19 01:55 - 1997-01-04 12:23 - 0246272 _____ () C:\Program Files\Gmouse.exe

2011-11-19 01:55 - 1997-01-04 12:20 - 0006909 _____ () C:\Program Files\GMOUSE.HLP

2010-10-20 17:17 - 2010-10-20 17:17 - 0890208 _____ (techPowerUp (www.techpowerup.com)) C:\Program Files\GPU-Z.0.4.7.exe

2013-06-07 23:22 - 2013-06-07 23:23 - 0023080 _____ () C:\Program Files\Kill BoxCryptor.exe

2013-08-01 09:56 - 2013-08-01 09:59 - 0000048 _____ () C:\Program Files\Kill DesktopOK.bat

2015-03-17 22:23 - 2013-05-01 11:28 - 0000029 _____ () C:\Program Files\Kill DropBox.bat

2014-04-18 02:32 - 2014-04-17 18:22 - 0023083 _____ () C:\Program Files\Kill HddGuard.exe

2015-03-17 22:23 - 2015-03-08 12:12 - 0000052 _____ () C:\Program Files\Kill Onedrive.bat

2014-08-01 12:57 - 2014-07-30 14:23 - 0000028 _____ () C:\Program Files\Kill unsecapp.bat

2011-08-08 17:59 - 2011-05-25 08:25 - 0015511 _____ () C:\Program Files\license.txt

2010-10-27 16:33 - 1998-03-08 22:51 - 0001663 _____ () C:\Program Files\lizenz.txt

2010-10-27 16:33 - 1998-09-27 14:09 - 0000352 _____ () C:\Program Files\makros.txt

2011-12-05 08:47 - 2011-11-30 21:06 - 0033792 _____ (Nenad Hrg (SoftwareOK.com)) C:\Program Files\OneLoupe.exe

2011-05-16 10:10 - 2011-05-10 22:45 - 0172032 _____ (Jorgen Bosman) C:\Program Files\poweroff_deutsch.exe

2015-03-16 18:15 - 2015-03-16 18:15 - 1665395 _____ () C:\Program Files\procexp1204.zip

2011-08-08 17:59 - 2011-05-25 08:25 - 0002773 _____ () C:\Program Files\Setup.cfg

2010-11-06 05:08 - 2010-10-12 16:46 - 0364544 _____ (© onlinetvrecorder.com) C:\Program Files\Updater.exe

2010-10-27 16:33 - 1999-12-14 17:48 - 0003489 _____ () C:\Program Files\www.txt

2010-10-27 16:33 - 1996-02-07 08:07 - 0024576 _____ (Stirling) C:\Program Files\_ISREG32.DLL

2012-08-25 21:54 - 2012-08-25 21:55 - 0000564 _____ () C:\Users\Wolf\AppData\Roaming\pcwSIcon.ini

2014-07-15 16:11 - 2014-07-16 12:35 - 0007741 _____ () C:\Users\Wolf\AppData\Roaming\PStrip.bak

2011-07-26 23:42 - 2014-07-15 16:17 - 0007764 _____ () C:\Users\Wolf\AppData\Roaming\PStrip.bk!

2014-07-16 12:35 - 2014-07-15 16:11 - 0007555 _____ () C:\Users\Wolf\AppData\Roaming\PStrip.bko

2011-07-26 23:37 - 2014-07-16 12:40 - 0008353 _____ () C:\Users\Wolf\AppData\Roaming\PStrip.ini

2010-11-22 18:48 - 2010-11-22 18:48 - 0000036 _____ () C:\Users\Wolf\AppData\Local\housecall.guid.cache

2014-11-12 18:09 - 2015-03-09 18:19 - 0000026 _____ () C:\Users\Wolf\AppData\Local\isoworkshop.ini

2010-10-28 21:46 - 2015-03-07 12:11 - 0007628 _____ () C:\Users\Wolf\AppData\Local\resmon.resmoncfg

2012-12-01 17:46 - 2012-12-01 17:47 - 0017408 _____ () C:\Users\Wolf\AppData\Local\WebpageIcons.db

2010-10-25 20:52 - 2010-10-25 20:53 - 0000367 _____ () C:\ProgramData\hpzinstall.log

2011-04-28 13:54 - 2011-04-28 13:54 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
 

Some content of TEMP:

====================

C:\Users\Wolf\AppData\Local\Temp\Quarantine.exe

C:\Users\Wolf\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Wolf\AppData\Local\Temp\sqlite3.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-03-06 02:04
 

==================== End Of Log ============================

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015

Ran by Wolf at 2015-03-17 22:36:54

Running from C:\Users\Wolf\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

µTorrent (HKLM\...\uTorrent) (Version: 2.0.3 - )

AC3Filter 1.63b (HKLM\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)

Acronis True Image 2014 (HKLM\...\{3ECDD663-5AF8-489B-9E3C-561F33A271BD}Visible) (Version: 17.0.6673 - Acronis)

Acronis True Image 2014 (Version: 17.0.6673 - Acronis) Hidden

Adobe Digital Editions 4.0 (HKLM\...\Adobe Digital Editions 4.0) (Version: 4.0 - Adobe Systems Incorporated)

Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)

Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)

Allway Sync version 14.2.1 (HKLM\...\Allway Sync_is1) (Version:  - Botkind Inc)

AquaSnap 1.12.1 (HKLM\...\{60CECC09-6E7B-4392-AA49-A6CBE1E2786C}) (Version: 1.12.1 - hxxp://www.nurgo-software.com?utm_source=AquaSnap&utm_medium=application&utm_campaign=continuous)

ArcSoft TotalMedia 3.5 (HKLM\...\{74292F90-895A-4FC6-A692-9641532B1B63}) (Version: 3.5.28.322 - ArcSoft)

BoxCryptor 1.3.2.0 (HKLM\...\BoxCryptor) (Version: 1.3.2.0 - Secomba GmbH)

Boxcryptor 2.0 (HKLM\...\{EBFEBFC7-B128-4700-ADBC-E839BFC833AE}) (Version: 2.0.419.376 - Secomba GmbH)

CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)

Classic Shell (HKLM\...\{E0E49E80-19DE-43FE-BFF2-8C58DDF3C7F9}) (Version: 4.1.0 - IvoSoft)

Codec Pack - All In 1 6.0.3.0 (HKLM\...\Cool's_Codec_pack_4.12) (Version:  - )

CrystalDiskInfo 6.2.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 6.2.2 - Crystal Dew World)

Desktopsymbole ausblenden 0.1 (HKLM\...\{C2424372-6F72-4364-9DDE-D0D28113F5D1}_is1) (Version:  - XProfan.Com)

DirComp (HKLM\...\{B915FA4E-B670-43E9-8EA0-9F16BFFD8AE8}) (Version: 2.06.0000 - Wolfgang Wirth)

DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.87 - DivX, LLC)

Dropbox (HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)

EasyBCD 2.2 (HKLM\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)

GhostMouse 2.0 (HKLM\...\GhostMouse 2.0) (Version:  - )

Granola (HKLM\...\{9B0E7CB3-A6A8-4E2C-80E3-2188B8B035CB}) (Version: 5.0.1 - MiserWare, Inc.)

HD Tune Pro 5.50 (HKLM\...\HD Tune Pro_is1) (Version:  - EFD Software)

HDD Regenerator (HKLM\...\{97A39919-9FEA-48B7-AB2B-4F99212D1E98}) (Version: 20.11.0011 - Abstradrome)

ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.2.0 - LIGHTNING UK!)

IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)

ISO Workshop 5.5 (HKLM\...\ISO Workshop_is1) (Version:  - Glorylogic)

Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)

L&H TTS3000 Deutsch (HKLM\...\LHTTSGED) (Version:  - )

Lame ACM MP3 Codec (HKLM\...\LameACM) (Version:  - )

LinuxLive USB Creator (HKLM\...\LinuxLive USB Creator) (Version: 2.9 - Thibaut Lauziere)

Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Media Player Classic - Home Cinema v1.5.2.3456 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.2.3456 - MPC-HC Team)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Encarta 99 Enzyklopädie (HKLM\...\Encarta99D) (Version: 99D - Microsoft Corporation)

Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version:  - )

Microsoft OneDrive (HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Windows Performance Toolkit (HKLM\...\{24190661-2122-40D1-9F7C-8FDEA5AE4197}) (Version: 4.6.0 - Microsoft Corporation)

Microsoft Windows SDK for Windows 7 (7.0) (HKLM\...\SDKSetup_7.0.7600.16385.40715) (Version: 7.0.7600.16385.40715 - Microsoft Corporation)

Moo0 RightClicker 1.47 (HKLM\...\Moo0 RightClicker) (Version:  - )

Mozilla Firefox 36.0.1 (x86 de) (HKLM\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)

Mozilla Thunderbird 31.3.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

NirSoft Volumouse (HKLM\...\Volumouse) (Version:  - )

PDF-XChange 4 Pro (HKLM\...\{E38531EE-318C-4EFB-A36B-1A57BFBDAB3C}_is1) (Version: 4.198.198.0 - Tracker Software Products Ltd)

PhraseExpress v10.5.35 (HKLM\...\PhraseExpress_is1) (Version: 10.5.35 - Bartels Media GmbH)

QuickTime Alternative 3.2.2 (HKLM\...\QuicktimeAlt_is1) (Version: 3.2.2 - )

REALTEK DTV USB DEVICE (HKLM\...\{DDBB7C89-1A09-441E-AA0F-6AA465755C17}) (Version: 1.00.0000 - Realtek)

Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)

Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)

Right Click Enhancer 4.3.1 (HKLM\...\Right Click Enhancer) (Version: 4.3.1 - RBSoft, Inc.)

RocketDock 1.3.5 (HKLM\...\RocketDock_is1) (Version:  - Punk Software)

Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)

StrokeIt (Deutsch) (HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\StrokeIt (Deutsch)) (Version:  - )

StrokeIt (HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\StrokeIt) (Version:  - )

swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

System Explorer 3.0.0 (HKLM\...\System Explorer_is1) (Version:  - Mister Group)

Tweaking.com - Simple System Tweaker (HKLM\...\Tweaking.com - Simple System Tweaker) (Version: 2.2.0 - Tweaking.com)

Unlocker 1.9.1 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)

VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)

VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)

Windows Media Center Edition MPEG Codec Plug-in (HKLM\...\{94F3D243-2006-4B2D-9160-C2A33F74BB84}) (Version:  - ArcSoft)

Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)

Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)

WinRAR 5.10 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

Wise Registry Cleaner 5.9.4 (HKLM\...\Wise Registry Cleaner_is1) (Version: 5.9.4 - ZhiQing Soft, Inc.)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncApi.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
 

==================== Restore Points  =========================
 

ATTENTION: System Restore is disabled.
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 03:04 - 2015-03-10 18:35 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {065E9E43-BEE6-4D82-8573-6D5DCD6737CD} - System32\Tasks\BoxCryptor 2-x, NEU => C:\Program Files\NEW Boxcryptor\Boxcryptor.exe [2014-04-08] (Secomba GmbH)

Task: {1B94BC7D-3534-4DE8-BF69-6CE2674920E2} - System32\Tasks\kill boxscrip => C:\Program Files\Kill BoxCryptor.exe [2013-06-07] ()

Task: {2CCD60D3-8578-4A89-9173-B99978307D7C} - System32\Tasks\AcronisDienst Stop => C:\Windows\system32\net.exe [2009-07-14] (Microsoft Corporation)

Task: {3E209D04-EA76-4D87-9F6D-260E407AA064} - System32\Tasks\Acronis Scheduler Dienst starten => C:\Windows\system32\Net.exe [2009-07-14] (Microsoft Corporation)

Task: {5E177179-7564-4584-AA37-B54FCE1DFFC6} - System32\Tasks\KILL DropBox => C:\Program Files\Kill DropBox.bat [2013-05-01] ()

Task: {7A42BEB4-A140-4454-9D7F-FFE774BE4E98} - System32\Tasks\WDR Philo-Sendung

Task: {7E0BB72C-E5C1-4325-8B34-B47DB0ADC89D} - System32\Tasks\BoxCryptor => C:\Program Files\BoxCryptor\BoxCryptor.exe [2012-06-07] (Secomba GmbH)

Task: {97CB342F-49F1-4D7D-AB86-4BA87F83B3D6} - System32\Tasks\Termin => C:\Users\Wolf\Desktop\Termin.txt

Task: {9FF061A7-6D8B-403A-826F-DD6ACB57DCA5} - System32\Tasks\AquaSnap => C:\Program Files\AquaSnap\AquaSnap.Daemon.exe [2015-02-23] (Nurgo-Software)

Task: {ACBA7AE2-0C7A-439B-9193-8484E1E11A41} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe

Task: {B675FB0B-C15F-4240-B8CA-2C5103AF92D4} - System32\Tasks\DropBox => C:\Users\Wolf\AppData\Roaming\Dropbox\bin\Dropbox.exe

Task: {C5A5E2F6-79A7-4DB0-BC01-286B414DDA8B} - System32\Tasks\Kill BoxScriptor NEU => C:\Program Files\Kill BoxCryptor.exe [2013-06-07] ()

Task: {E7C11865-CF8D-4952-B3C4-BA8575442A83} - System32\Tasks\Kill OneDrive => C:\Program Files\Kill Onedrive.bat [2015-03-08] ()

Task: {EB580139-7CF9-4A64-9C6E-2580F18F9994} - System32\Tasks\CrystalDiskInfo => D:\DVD\Betriebs\HARD Disk Tools\HD CrystalDiskInfo5_6_2\DiskInfo.exe [2013-04-24] (Crystal Dew World) <==== ATTENTION

Task: {EEC1AEF6-BF1C-4341-A6DD-A6A15D6FD349} - System32\Tasks\KDE Mover => C:\Program Files\KDE Mover-Sizer for Windows\KDE Mover-Sizer.exe [2009-10-12] ()

Task: {EFD7ABDE-CAD3-4BE8-8DB5-7BAF310AF5FF} - System32\Tasks\Uhr auf Desk => C:\Program Files\Uhr + Desk zeigen\Uhr auf Desktop\CLOCK.EXE [2004-09-26] ()

Task: {F59D9840-21B6-4D4A-B607-74E74F77D052} - System32\Tasks\PhrasenProgramm => C:\Program Files\PhraseExpress\phraseexpress.exe [2014-10-23] (Bartels Media GmbH)

Task: {F7EC8DEF-0A23-4B1F-B9F7-BE086564B326} - System32\Tasks\Kill unsecapp.exe => C:\Program Files\Kill unsecapp.bat [2014-07-30] ()

Task: {FC488C27-8609-4CBE-B97E-F4E20B316AFC} - System32\Tasks\Uhr im Tray => C:\Program Files\Uhr + Desk zeigen\Uhr im Tray + ShowDesktop\tclock.exe [2004-09-07] (Kazubon)
 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 

==================== Loaded Modules (whitelisted) ==============
 

2011-06-25 03:54 - 2001-10-28 17:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll

2014-11-16 02:13 - 2014-06-24 12:04 - 00182784 _____ () C:\Program Files\Allway Sync\Bin\SyncService.exe

2013-10-01 09:32 - 2013-10-01 09:32 - 02634920 _____ () C:\Program Files\Acronis\TrueImageHome\tishell.dll

2013-10-01 10:00 - 2013-10-01 10:00 - 00022336 _____ () C:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll

2010-01-03 18:27 - 2010-01-03 18:27 - 00011912 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\mhook.dll

2010-01-03 18:27 - 2010-01-03 18:27 - 00026248 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe

2010-01-03 18:28 - 2010-01-03 18:28 - 00016520 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\exec.dll

2010-01-03 18:28 - 2010-01-03 18:28 - 00018056 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\keys.dll

2010-01-03 18:28 - 2010-01-03 18:28 - 00013448 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\msg.dll

2010-01-03 18:28 - 2010-01-03 18:28 - 00013448 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\multimon.dll

2010-01-03 18:28 - 2010-01-03 18:28 - 00012936 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\OSD.dll

2010-01-03 18:28 - 2010-01-03 18:28 - 00010376 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\siControl.dll

2010-01-03 18:28 - 2010-01-03 18:28 - 00013960 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\utilities.dll

2010-01-03 18:28 - 2010-01-03 18:28 - 00016520 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\win.dll

2012-02-21 09:12 - 2012-02-21 09:12 - 00449264 _____ () C:\Program Files\MiserWare\Granola Personal\GranolaManager.exe
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 

AlternateDataStreams: C:\ProgramData\TEMP:1AAB2E68

AlternateDataStreams: C:\ProgramData\TEMP:2BE9FEFC

AlternateDataStreams: C:\ProgramData\TEMP:55B41E6A

AlternateDataStreams: C:\ProgramData\TEMP:A5A1816B
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 

==================== EXE Association (whitelisted) ===============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== Other Areas ============================
 

(Currently there is no automatic fix for this section.)
 

HKU\S-1-5-21-2588859782-1139336777-623044890-1001\Control Panel\Desktop\\Wallpaper -> 

DNS Servers: 192.168.1.1
 

==================== MSCONFIG/TASK MANAGER disabled items ==
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\Services: ACDaemon => 2

MSCONFIG\Services: AcrSch2Svc => 3

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3

MSCONFIG\Services: AHDDC2 => 2

MSCONFIG\Services: AxInstSV => 3

MSCONFIG\Services: BDESVC => 3

MSCONFIG\Services: bthserv => 3

MSCONFIG\Services: DfSdkS => 3

MSCONFIG\Services: gupdate => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: HDDHealth => 2

MSCONFIG\Services: HDDlife HDD Access service => 2

MSCONFIG\Services: MBAMScheduler => 2

MSCONFIG\Services: MBAMService => 2

MSCONFIG\Services: MozillaMaintenance => 3

MSCONFIG\Services: SearchAnonymizer => 2

MSCONFIG\Services: TabletInputService => 3

MSCONFIG\Services: UxTuneUp => 2

MSCONFIG\Services: WinDefend => 3

MSCONFIG\Services: WMPNetworkSvc => 3

MSCONFIG\Services: wuauserv => 2

MSCONFIG\startupreg: IR_SERVER => C:\PROGRA~1\Realtek\REALTE~1\IR_SERVER.exe
 

==================== Accounts: =============================
 

Administrator (S-1-5-21-2588859782-1139336777-623044890-500 - Administrator - Disabled)

Gast (S-1-5-21-2588859782-1139336777-623044890-501 - Limited - Disabled)

Wolf (S-1-5-21-2588859782-1139336777-623044890-1001 - Administrator - Enabled) => C:\Users\Wolf
 

==================== Faulty Device Manager Devices =============
 

Name: MpKslec0276e2

Description: MpKslec0276e2

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer: 

Service: MpKslec0276e2

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 

Name: MpKsl2b051bfa

Description: MpKsl2b051bfa

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer: 

Service: MpKsl2b051bfa

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 

Name: MpKsl71523a7c

Description: MpKsl71523a7c

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer: 

Service: MpKsl71523a7c

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 

Name: MpKslc317aad9

Description: MpKslc317aad9

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer: 

Service: MpKslc317aad9

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 

==================== Event log errors: =========================
 

Application errors:

==================
 

System errors:

=============
 

Microsoft Office Sessions:

=========================
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz

Percentage of memory in use: 51%

Total physical RAM: 2047.3 MB

Available physical RAM: 986.05 MB

Total Pagefile: 5117.3 MB

Available Pagefile: 3960.39 MB

Total Virtual: 2047.88 MB

Available Virtual: 1906.85 MB
 

==================== Drives ================================
 

Drive c: (Win) (Fixed) (Total:29.3 GB) (Free:13.24 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (Arch) (Fixed) (Total:68.36 GB) (Free:55.8 GB) NTFS

Drive e: (Back) (Fixed) (Total:175.78 GB) (Free:56.47 GB) NTFS

Drive f: (Dow) (Fixed) (Total:658.07 GB) (Free:555.41 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: F0E5415B)

Partition 1: (Active) - (Size=29.3 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=68.4 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=175.8 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=658.1 GB) - (Type=05)
 

==================== End Of Log ============================

Nö, momentan nicht. Komme mir bloß ein bisschen vor wie beim Arzt, der allerlei Sachen mit mir anstellt und vor lauter Konzentration nicht hört auf mein fragen, was er denn da so macht. Na ja, schließlich bin ich nicht mein PC.
Ich hoffe, ich werde noch heut Nacht dazu kommen, die angewiesenen Operationen durchzuführen - danke, Dir einen schönen Tag!

--- edit ---

Hier nun die logs.

Code:

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=920e4e52546d7f4cbf8319215a51546d

# engine=22971

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2015-03-19 12:43:39

# local_time=2015-03-19 01:43:39 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1=''

# compatibility_mode=5893 16776574 100 94 41411152 178357010 0 0

# scanned=171890

# found=21

# cleaned=0

# scan_time=7094

sh=C3EB532BFFB32B5982D6028C5E2CD9C096A408C4 ft=1 fh=89cc5f5067b76069 vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Wolf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OK44YEH\setup[1].exe"

sh=301416AAD29E88DD6EE3E6135D2BCAEC6D0ED5BB ft=1 fh=7a5f751b5d8a03fa vn="Variante von Win32/KeyLogger.RevealerKeylogger.NAB Anwendung" ac=I fn="D:\DVD\Betriebs\1Allerlei\Revealer Keylogger.exe"

sh=6E45431B698CDB7BE8F1A41266BE7B327F33AD38 ft=1 fh=e5f91a3476785862 vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="D:\DVD\Betriebs\1Allerlei\Unlocker1.9.1.exe"

sh=8F2C180360CFAD65C626B5318CD50429C749291B ft=1 fh=635bf0d6c0a19044 vn="Variante von Win32/KeyLogger.Refog.D Anwendung" ac=I fn="D:\DVD\Betriebs\1Allerlei\Tastatur\refog_setup_kl_641.exe"

sh=D2DBBAA1B3410EBFA493E39381EC0705BD4A321E ft=1 fh=2c81a63172f888ec vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\DVD\Betriebs\HARD Disk Tools\Ashampoo HDD Control Crack\ashampoo_hdd_control_2_2.01_sm.exe"

sh=B312E79757AFDF6BB9DD07F5D3E88066B5C1D438 ft=1 fh=d702af4396ccb3ce vn="Win32/Adware.WhenU.SaveNow evtl. unerwünschte Anwendung" ac=I fn="D:\DVD\GrundProgs\Virtuell Drive\DaemonTool\DaemonTools alt. Funktion ist tadellos\Daemon Tools.exe"

sh=301416AAD29E88DD6EE3E6135D2BCAEC6D0ED5BB ft=1 fh=7a5f751b5d8a03fa vn="Variante von Win32/KeyLogger.RevealerKeylogger.NAB Anwendung" ac=I fn="E:\Archiv D\DVD\Betriebs\1Allerlei\Revealer Keylogger.exe"

sh=6E45431B698CDB7BE8F1A41266BE7B327F33AD38 ft=1 fh=e5f91a3476785862 vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="E:\Archiv D\DVD\Betriebs\1Allerlei\Unlocker1.9.1.exe"

sh=8F2C180360CFAD65C626B5318CD50429C749291B ft=1 fh=635bf0d6c0a19044 vn="Variante von Win32/KeyLogger.Refog.D Anwendung" ac=I fn="E:\Archiv D\DVD\Betriebs\1Allerlei\Tastatur\refog_setup_kl_641.exe"

sh=D2DBBAA1B3410EBFA493E39381EC0705BD4A321E ft=1 fh=2c81a63172f888ec vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Archiv D\DVD\Betriebs\HARD Disk Tools\Ashampoo HDD Control Crack\ashampoo_hdd_control_2_2.01_sm.exe"

sh=B312E79757AFDF6BB9DD07F5D3E88066B5C1D438 ft=1 fh=d702af4396ccb3ce vn="Win32/Adware.WhenU.SaveNow evtl. unerwünschte Anwendung" ac=I fn="E:\Archiv D\DVD\GrundProgs\Virtuell Drive\DaemonTool\DaemonTools alt. Funktion ist tadellos\Daemon Tools.exe"

sh=301416AAD29E88DD6EE3E6135D2BCAEC6D0ED5BB ft=1 fh=7a5f751b5d8a03fa vn="Variante von Win32/KeyLogger.RevealerKeylogger.NAB Anwendung" ac=I fn="E:\OneDrive 1\OneDrive\Alles Andere\Betriebs\1Allerlei\Revealer Keylogger.exe"

sh=6E45431B698CDB7BE8F1A41266BE7B327F33AD38 ft=1 fh=e5f91a3476785862 vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="E:\OneDrive 1\OneDrive\Alles Andere\Betriebs\1Allerlei\Unlocker1.9.1.exe"

sh=8F2C180360CFAD65C626B5318CD50429C749291B ft=1 fh=635bf0d6c0a19044 vn="Variante von Win32/KeyLogger.Refog.D Anwendung" ac=I fn="E:\OneDrive 1\OneDrive\Alles Andere\Betriebs\1Allerlei\Tastatur\refog_setup_kl_641.exe"

sh=D2DBBAA1B3410EBFA493E39381EC0705BD4A321E ft=1 fh=2c81a63172f888ec vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\OneDrive 1\OneDrive\Alles Andere\Betriebs\HARD Disk Tools\Ashampoo HDD Control Crack\ashampoo_hdd_control_2_2.01_sm.exe"

sh=B312E79757AFDF6BB9DD07F5D3E88066B5C1D438 ft=1 fh=d702af4396ccb3ce vn="Win32/Adware.WhenU.SaveNow evtl. unerwünschte Anwendung" ac=I fn="E:\OneDrive 1\OneDrive\Alles Andere\GrundProgs\DaemonTool Virtuell Drive\DaemonTools alt. Funktion ist tadellos\Daemon Tools.exe"

sh=6E45431B698CDB7BE8F1A41266BE7B327F33AD38 ft=1 fh=e5f91a3476785862 vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="M:\OneDrive 2\OneDrive\Betriebs\1Allerlei\Unlocker1.9.1.exe"

sh=D2DBBAA1B3410EBFA493E39381EC0705BD4A321E ft=1 fh=2c81a63172f888ec vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="M:\OneDrive 2\OneDrive\Betriebs\HARD Disk Tools\Ashampoo HDD Control Crack\ashampoo_hdd_control_2_2.01_sm.exe"

sh=64C63505096186996B6CAB3B009E80D257BBF075 ft=1 fh=f64f4ef24f987c38 vn="Win32/Toolbar.Babylon evtl. unerwünschte Anwendung" ac=I fn="M:\OneDrive 2\OneDrive\GrundProgs\Bildbetrachter InfranView\PSDViewer32Setup.exe"

sh=B312E79757AFDF6BB9DD07F5D3E88066B5C1D438 ft=1 fh=d702af4396ccb3ce vn="Win32/Adware.WhenU.SaveNow evtl. unerwünschte Anwendung" ac=I fn="M:\OneDrive 2\OneDrive\GrundProgs\DaemonTool Virtuell Drive\DaemonTools alt. Funktion ist tadellos\Daemon Tools.exe"

sh=64C63505096186996B6CAB3B009E80D257BBF075 ft=1 fh=f64f4ef24f987c38 vn="Win32/Toolbar.Babylon evtl. unerwünschte Anwendung" ac=I fn="M:\OneDrive 2\OneDrive\GrundProgs\X Andere\Bildbetrachter InfranView\PSDViewer32Setup.exe"

Code:

 Results of screen317's Security Check version 0.99.97  

 Windows 7 Service Pack 1 x86 (UAC is enabled)  

 Internet Explorer 11  
 ``````````````Antivirus/Firewall Check:`````````````` 

 WMI entry may not exist for antivirus; attempting automatic update. 
 `````````Anti-malware/Other Utilities Check:````````` 

 CCleaner     

 Wise Registry Cleaner 5.9.4  

 Java 7 Update 67  

 Java version 32-bit out of Date! 

  Java 64-bit 8 Update 31  

 Adobe Flash Player         17.0.0.134  

 Mozilla Firefox (36.0.1) 

 Mozilla Thunderbird (31.3.0) 
 ````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamscheduler.exe   
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015

Ran by Wolf (administrator) on WOLF-PC on 19-03-2015 01:51:52

Running from C:\Users\Wolf\Desktop

Loaded Profiles: Wolf (Available profiles: Wolf)

Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)

Internet Explorer Version 9 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

() C:\Program Files\Allway Sync\Bin\SyncService.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(NirSoft) C:\Program Files\NirSoft\Volumouse\volumouse.exe

(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe

() C:\Program Files\MiserWare\Granola Personal\GranolaManager.exe

(Microsoft Corporation) C:\Windows\System32\vds.exe

() C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

() C:\Program Files\Uhr + Desk zeigen\Uhr auf Desktop\CLOCK.EXE

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe

(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe

(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM Group Policy restriction on software: C:\Program Files\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION

HKLM\...\Policies\Explorer: [NoStrCmpLogical] 1

HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1

HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1

HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Run: [$Volumouse$] => C:\Program Files\NirSoft\Volumouse\volumouse.exe [33280 2009-08-05] (NirSoft)

HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Policies\Explorer: [NoInternetOpenWith] 1

HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Policies\Explorer: [TaskbarNoNotificatio] 0

HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Policies\Explorer: [NoSMMyPictures] 0

HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\MountPoints2: N - N:\LaunchU3.exe

HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\MountPoints2: {69c69ae8-c7c7-11e4-ab6a-00218503c947} - H:\setup.exe

SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

SSODL: EldosMountNotificator-cbfs4 - {E36EB56C-F497-4482-B6E7-BCB93F2B6FDA} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)

ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files\Acronis\TrueImageHome\tishell.dll ()

ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files\Acronis\TrueImageHome\tishell.dll ()

ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files\Acronis\TrueImageHome\tishell.dll ()

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {7036EE8C-E7B0-4C46-96E7-08B06DC6E484} => C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)

ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

BootExecute: autocheck autochk * auto_reactivate C:\bootwiz\asrm.binauto_reactivate \\?\Volume{3d717c7d-d894-11df-8146-806e6f6e6963}\bootwiz\asrm.bin
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-2588859782-1139336777-623044890-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

HKU\S-1-5-21-2588859782-1139336777-623044890-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKU\S-1-5-21-2588859782-1139336777-623044890-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com

URLSearchHook: [S-1-5-21-2588859782-1139336777-623044890-1001] ATTENTION ==> Default URLSearchHook is missing.

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-2588859782-1139336777-623044890-1001 -> {652FDCC2-5EFA-4C64-9F36-12CDDF3A85E1} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}

SearchScopes: HKU\S-1-5-21-2588859782-1139336777-623044890-1001 -> {866E654D-5075-4625-A45A-23EDDCAA7E3C} URL = hxxp://www.google.de/search?q={searchTerms}

BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)

Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)

Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - C:\Program Files\Common Files\BinarySense\hlAPP.dll [2008-02-15] (BinarySense, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default

FF Homepage: hxxp://www.ighome.com/

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-14] ()

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)

FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2013-10-28] (DivX, LLC)

FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF XView\PDF Viewer\npPDFXCviewNPPlugin.dll [2000-01-01] (Tracker Software Products Ltd.)

FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-25] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-08-25] (Oracle Corporation)

FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)

FF Plugin HKU\S-1-5-21-2588859782-1139336777-623044890-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF XView\PDF Viewer\npPDFXCviewNPPlugin.dll [2000-01-01] (Tracker Software Products Ltd.)

FF Plugin HKU\S-1-5-21-2588859782-1139336777-623044890-1001: @sun.com/npsopluginmi;version=1.0 -> D:\Lexika\Portable Open Office\OpenOfficePortable\App\openoffice\program No File

FF Plugin HKU\S-1-5-21-2588859782-1139336777-623044890-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll No File

FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\englische-ergebnisse.xml [2014-10-19]

FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\gmx-suche.xml [2014-10-19]

FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\google-images.xml [2014-10-14]

FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\google-maps.xml [2014-10-14]

FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\lastminute.xml [2014-10-19]

FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\webde-suche.xml [2014-10-19]

FF Extension: MouseControl - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\MouseControl@neocodex.us [2015-01-07]

FF Extension: Disconnect - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\2.0@disconnect.me.xpi [2015-01-07]

FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\elemhidehelper@adblockplus.org.xpi [2015-01-07]

FF Extension: Ghostery - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\firefox@ghostery.com.xpi [2015-01-07]

FF Extension: Hide Caption Titlebar Plus - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\hidecaptionplus-dp@dummy.addons.mozilla.org.xpi [2015-01-07]

FF Extension: OmniSidebar - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\osb@quicksaver.xpi [2015-01-07]

FF Extension: The Fox, Only Better - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\thefoxonlybetter@quicksaver.xpi [2015-01-07]

FF Extension: Yet Another Smooth Scrolling - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\yetanothersmoothscrolling@kataho.xpi [2015-01-07]

FF Extension: X-notifier - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2015-01-07]

FF Extension: NoScript - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-07]

FF Extension: Password Exporter - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2015-01-07]

FF Extension: Fasterfox - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2015-01-07]

FF Extension: Adblock Plus - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-07]

FF Extension: Tab Mix Plus - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-01-07]

FF HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Firefox\Extensions: [{b9aa91db-385d-4c69-8a2f-96790aa9405b}] - c:\program files\copernic\desktopsearch4\firefoxconnector
 

Chrome: 

=======

CHR HKU\S-1-5-21-2588859782-1139336777-623044890-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cnnbdaahphjgdgfhliignpepgnbnfomp] - c:\program files\copernic\desktopsearch4\ChromeConnector\ChromeConnector.crx [Not Found]
 

========================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

S3 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [778000 2013-07-18] (Acronis)

S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3906552 2014-08-08] (Acronis)

R2 BotkindSyncService; C:\Program Files\Allway Sync\Bin\SyncService.exe [182784 2014-06-24] () [File not signed]

R2 Granola PM Manager; C:\Program Files\MiserWare\Granola Personal\GranolaManager.exe [449264 2012-02-21] ()

S4 HDDlife HDD Access service; C:\Program Files\Common Files\BinarySense\hldasvc.exe [845640 2012-03-05] (BinarySense, Inc.)

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

S4 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7152200 2014-02-04] (Acronis)

S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

S2 PEVSystemStart; "C:\ComboFix\pev.3XE" EXEC /i "C:\ComboFix\HIDEC.3XE" "C:\ComboFix\SWREG.3XE" ACL "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep" /RESET /Q
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)

S1 ATITool; C:\Windows\System32\DRIVERS\ATITool.sys [24064 2006-11-10] () [File not signed]

R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [299408 2012-06-07] (EldoS Corporation)

R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [323392 2013-11-15] (EldoS Corporation)

S3 DrvAgent32; C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2011-06-23] (Phoenix Technologies) [File not signed]

R3 dtultrascsibus; C:\Windows\System32\DRIVERS\dtultrascsibus.sys [25104 2015-03-11] (Disc Soft Ltd)

R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)

S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28560 2009-06-17] (Logitech, Inc.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-18] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)

R3 RTL2832UBDA; C:\Windows\System32\drivers\RTL2832UBDA.sys [93344 2009-10-26] (REALTEK SEMICONDUCTOR Corp.)

R3 RTL2832UUSB; C:\Windows\System32\Drivers\RTL2832UUSB.sys [32800 2009-10-26] (REALTEK SEMICONDUCTOR Corp.)

R3 RTL2832U_IRHID; C:\Windows\System32\DRIVERS\RTL2832U_IRHID.sys [31872 2009-10-05] (Realtek)

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [329384 2015-03-11] (Duplex Secure Ltd.)

S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2012-01-05] (AnchorFree Inc)

S3 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [889888 2014-08-08] (Acronis International GmbH)

R0 tib; C:\Windows\System32\DRIVERS\tib.sys [736192 2014-08-08] (Acronis International GmbH)

R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [143648 2014-08-08] (Acronis International GmbH)

R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [116000 2014-08-08] (Acronis International GmbH)

R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [85280 2014-08-08] (Acronis International GmbH)

R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [15936 2013-11-15] (EldoS Corporation)

S3 catchme; \??\C:\Users\Wolf\AppData\Local\Temp\catchme.sys [X]

S1 MpKsl2b051bfa; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7FF52F72-A29D-476F-90E8-21A28475066F}\MpKsl2b051bfa.sys [X]

S1 MpKsl71523a7c; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E11A820F-A7A5-419D-BF81-F92B3426B9D5}\MpKsl71523a7c.sys [X]

S1 MpKslc317aad9; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ACFA39A4-1875-4AF4-A097-68286B4E215E}\MpKslc317aad9.sys [X]

S1 MpKslec0276e2; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{50430688-CBE9-4D47-BA50-448FDD58657A}\MpKslec0276e2.sys [X]

S3 MSI_MSIBIOS_010507; \??\C:\Program Files\MSI\Live Update 5\msibios32_100507.sys [X]

S3 NTIOLib_1_0_4; \??\C:\Program Files\MSI\Live Update 5\NTIOLib.sys [X]

S3 SANDRA; \??\E:\SiSoftware Sandra Lite 2015.SP1\WNt600x86\Sandra.sys [X]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]

S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

U3 ai82zwhh; No ImagePath
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-03-19 01:51 - 2015-03-19 01:52 - 00018727 _____ () C:\Users\Wolf\Desktop\FRST.txt

2015-03-19 01:51 - 2015-03-19 01:51 - 01135104 _____ (Farbar) C:\Users\Wolf\Desktop\FRST.exe

2015-03-19 01:51 - 2015-03-19 01:51 - 00000000 ____D () C:\Users\Wolf\Desktop\FRST-OlderVersion

2015-03-19 01:49 - 2015-03-19 01:50 - 00000935 _____ () C:\Users\Wolf\Desktop\Security Check.txt

2015-03-18 23:46 - 2015-03-18 23:46 - 00000000 _____ () C:\Users\Wolf\Desktop\3Sat FR 20.3. 0215 Der Henker.txt

2015-03-18 23:21 - 2015-03-19 01:47 - 00000000 ____D () C:\Program Files\ESET

2015-03-18 14:48 - 2015-03-18 14:47 - 00852604 _____ () C:\Users\Wolf\Desktop\SecurityCheck.exe

2015-03-17 22:23 - 2015-03-08 12:12 - 00000052 _____ () C:\Program Files\Kill Onedrive.bat

2015-03-17 22:23 - 2013-05-01 11:28 - 00000029 _____ () C:\Program Files\Kill DropBox.bat

2015-03-17 21:56 - 2015-03-19 01:51 - 00000000 ____D () C:\FRST

2015-03-17 21:46 - 2015-03-17 21:50 - 00000000 ____D () C:\AdwCleaner

2015-03-17 21:37 - 2015-03-17 21:51 - 00001136 _____ () C:\Windows\PFRO.log

2015-03-17 21:27 - 2015-03-17 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-03-17 21:27 - 2015-03-17 21:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2015-03-17 21:27 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-03-17 21:27 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-03-17 14:50 - 2015-03-17 14:50 - 00000000 ___RD () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\GUL

2015-03-17 11:55 - 2015-03-17 11:55 - 00000808 _____ () C:\Users\Wolf\Downloads\WDR.xspf

2015-03-16 18:15 - 2015-03-16 18:15 - 01665395 _____ () C:\Program Files\procexp1204.zip

2015-03-16 18:14 - 2015-03-16 18:14 - 01997800 _____ () C:\Program Files\2009Decoder.zip

2015-03-16 14:21 - 2015-03-16 14:21 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EasyBCD

2015-03-16 14:21 - 2015-03-16 14:21 - 00000000 ____D () C:\Program Files\EasyBCD

2015-03-16 14:05 - 2015-03-16 14:05 - 00000962 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAEMON Tools.lnk

2015-03-16 14:05 - 2015-03-16 14:05 - 00000000 ____D () C:\Program Files\DAEMON Tools

2015-03-15 19:04 - 2015-03-18 19:38 - 00000560 _____ () C:\Windows\setupact.log

2015-03-15 19:04 - 2015-03-15 19:04 - 00000000 _____ () C:\Windows\setuperr.log

2015-03-15 17:50 - 2015-03-15 17:50 - 00001699 _____ () C:\Users\Wolf\Desktop\start TV u. clock nach n sec - Verknüpfung.lnk

2015-03-14 20:20 - 2015-03-14 20:20 - 17549488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe

2015-03-12 01:34 - 2015-03-12 01:34 - 00000000 ____D () C:\Program Files\Recuva

2015-03-11 22:21 - 2015-03-11 22:21 - 00000000 ____D () C:\Program Files\Tweaking.com

2015-03-11 09:22 - 2015-03-11 09:22 - 00025104 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtultrascsibus.sys

2015-03-11 09:21 - 2015-03-15 01:22 - 00000000 ____D () C:\Program Files\DAEMON Tools Ultra

2015-03-10 15:14 - 2015-03-10 15:14 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-WOLF-PC-Windows-7-Ultimate-(32-bit).dat

2015-03-09 19:19 - 2015-03-09 19:19 - 00000000 ____D () C:\Program Files\VirtualCloneDrive

2015-03-09 19:13 - 2015-03-09 19:13 - 00000000 ____D () C:\Program Files\Elaborate Bytes

2015-03-09 19:05 - 2015-03-09 19:05 - 00000000 ____D () C:\Users\Wolf\AppData\Local\Disc_Soft_Ltd

2015-03-09 19:01 - 2015-03-09 19:05 - 00000000 ____D () C:\Users\Public\Documents\Daemon Tools Images

2015-03-09 18:50 - 2015-03-11 09:24 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\DAEMON Tools Ultra

2015-03-09 18:49 - 2015-03-09 18:49 - 00000000 ____D () C:\ProgramData\DAEMON Tools Ultra

2015-03-09 18:20 - 2015-03-09 18:22 - 00140160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sptddrv1.sys

2015-03-09 16:40 - 2015-03-09 16:40 - 00000000 ____D () C:\Qoobox

2015-03-09 01:07 - 2015-03-07 16:02 - 00001108 _____ () C:\0 Desktop.lnk

2015-03-09 01:07 - 2015-03-06 20:05 - 00001239 _____ () C:\Batch für Prozessbeendigung.lnk

2015-03-09 01:07 - 2015-03-06 13:08 - 00000779 _____ () C:\Betriebs.lnk

2015-03-09 01:07 - 2014-12-24 13:18 - 00000801 _____ () C:\z Portable.lnk

2015-03-09 01:07 - 2014-11-04 17:45 - 00000810 _____ () C:\GrundProgsg.lnk

2015-03-07 16:13 - 2015-03-07 16:26 - 00000000 ____D () C:\ProgramData\RogueKiller

2015-03-07 16:13 - 2015-03-07 16:13 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2015-03-06 22:35 - 2009-10-26 10:43 - 00093344 _____ (REALTEK SEMICONDUCTOR Corp.) C:\Windows\system32\Drivers\RTL2832UBDA.sys

2015-03-06 22:35 - 2009-10-26 10:43 - 00032800 _____ (REALTEK SEMICONDUCTOR Corp.) C:\Windows\system32\Drivers\RTL2832UUSB.sys

2015-03-06 22:35 - 2009-10-05 20:20 - 00031872 _____ (Realtek) C:\Windows\system32\Drivers\RTL2832U_IRHID.sys

2015-03-06 22:34 - 2015-03-06 22:34 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\InstallShield

2015-03-06 22:34 - 2009-10-16 11:36 - 00139356 _____ (Realtek) C:\Windows\system32\RTKDABSOURCE.dll

2015-03-06 22:34 - 2009-10-15 16:22 - 00348239 ____T (Realtek) C:\Windows\system32\RTKFM.dll

2015-03-06 22:34 - 2009-10-15 16:16 - 04690000 _____ (Realtek) C:\Windows\system32\RTKDAB.dll

2015-03-06 22:34 - 2009-10-15 15:03 - 00053248 _____ () C:\Windows\system32\RTKDABMWare.dll

2015-03-06 22:34 - 2009-10-15 11:21 - 00135294 _____ (Realtek) C:\Windows\system32\RTKFMSOURCE.dll

2015-03-06 22:34 - 2009-09-11 14:15 - 00114688 ____T (Realtek) C:\Windows\system32\RTL283XACCESS.dll

2015-03-06 22:34 - 2009-09-11 11:44 - 00073832 _____ () C:\Windows\system32\SuperFrameSplitter.dll

2015-03-06 17:06 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2015-03-06 17:06 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2015-03-06 17:06 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-03-06 17:06 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-03-06 17:06 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-03-06 17:06 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2015-03-06 17:06 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2015-03-06 17:06 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2015-03-06 17:05 - 2015-03-06 17:05 - 00000000 ____D () C:\Windows\erdnt

2015-03-06 12:20 - 2015-03-18 18:26 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-03-06 12:20 - 2015-03-06 12:35 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2015-03-06 12:19 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-03-05 21:44 - 2015-03-05 21:51 - 00000066 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\msinfo32 .txt

2015-03-05 13:49 - 2015-03-05 13:49 - 00000020 _____ () C:\Users\Wolf\defogger_reenable

2015-03-04 23:45 - 2015-03-04 23:45 - 00000155 _____ () C:\Users\Wolf\Desktop\philosophisch.txt

2015-03-03 00:12 - 2015-03-03 00:12 - 00000405 _____ () C:\Users\Wolf\Desktop\Spect.lnk

2015-03-02 17:59 - 2015-03-03 10:14 - 00373825 _____ () C:\Users\Wolf\Desktop\2015-02-09, Hanna.rar

2015-03-02 14:56 - 2015-03-02 14:56 - 00000249 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\c't Gully.com.URL

2015-03-02 14:52 - 2015-03-17 14:03 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\vlc

2015-03-02 13:36 - 2015-03-02 13:37 - 00013303 _____ () C:\Users\Wolf\Desktop\2015-02-22, Nicole.rar

2015-03-02 12:27 - 2015-03-06 14:49 - 00155358 _____ () C:\Users\Wolf\Desktop\2015-02-10, Roland.rar

2015-02-28 18:03 - 2011-07-05 00:16 - 00125440 _____ (Nenad Hrg SoftwareOK) C:\Users\Wolf\Desktop\D.Ko.exe

2015-02-28 18:01 - 2015-02-28 15:51 - 00000194 _____ () C:\Users\Wolf\Desktop\S2).bat

2015-02-28 16:33 - 2015-02-28 16:33 - 00000124 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\CONVERT - Zamzar.URL

2015-02-28 15:41 - 2015-02-28 15:51 - 00000194 _____ () C:\Users\Wolf\Desktop\Sta.bat

2015-02-28 11:06 - 2015-02-28 11:07 - 00000197 _____ () C:\Windows\system32\2015-02-28-10-06-48.079-AvastVBoxSVC.exe-2264.log

2015-02-27 12:27 - 2015-03-12 23:53 - 00169836 _____ () C:\Users\Wolf\Desktop\2015 Andere.rar

2015-02-27 11:53 - 2015-02-27 11:53 - 00000197 _____ () C:\Windows\system32\2015-02-27-10-53-22.041-AvastVBoxSVC.exe-3256.log

2015-02-26 22:12 - 2015-02-26 22:13 - 00000197 _____ () C:\Windows\system32\2015-02-26-21-12-30.010-AvastVBoxSVC.exe-3204.log

2015-02-26 16:39 - 2015-03-02 12:28 - 00030714 _____ () C:\Users\Wolf\Desktop\2015-02-25, Lital.rar

2015-02-26 11:04 - 2015-02-26 11:04 - 00000197 _____ () C:\Windows\system32\2015-02-26-10-04-12.025-AvastVBoxSVC.exe-2676.log

2015-02-25 22:30 - 2015-02-25 22:30 - 00000000 ____D () C:\Program Files\AquaSnap

2015-02-25 09:21 - 2015-02-25 09:21 - 00000197 _____ () C:\Windows\system32\2015-02-25-08-21-54.091-AvastVBoxSVC.exe-2588.log

2015-02-24 09:43 - 2015-02-24 09:43 - 00000264 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Spektrum.URL

2015-02-24 09:43 - 2015-02-24 09:43 - 00000250 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Der Spiegel.URL

2015-02-24 09:21 - 2015-02-24 09:21 - 00000197 _____ () C:\Windows\system32\2015-02-24-08-21-43.058-AvastVBoxSVC.exe-3656.log

2015-02-22 11:10 - 2015-02-22 11:10 - 00000197 _____ () C:\Windows\system32\2015-02-22-10-10-26.046-AvastVBoxSVC.exe-2916.log

2015-02-21 23:36 - 2015-02-21 23:36 - 00000197 _____ () C:\Windows\system32\2015-02-21-22-36-30.071-AvastVBoxSVC.exe-2656.log

2015-02-21 10:25 - 2015-02-21 10:25 - 00000197 _____ () C:\Windows\system32\2015-02-21-09-25-05.014-AvastVBoxSVC.exe-2956.log

2015-02-19 10:47 - 2015-02-19 10:47 - 00000197 _____ () C:\Windows\system32\2015-02-19-09-47-22.052-AvastVBoxSVC.exe-2524.log

2015-02-18 15:57 - 2015-02-10 16:47 - 00000119 _____ () C:\Users\Wolf\Desktop\Mo 14 Anwalt.txt

2015-02-18 10:03 - 2015-02-18 10:03 - 00000197 _____ () C:\Windows\system32\2015-02-18-09-03-05.091-AvastVBoxSVC.exe-2572.log

2015-02-17 11:39 - 2015-02-17 11:39 - 00000197 _____ () C:\Windows\system32\2015-02-17-10-39-42.032-AvastVBoxSVC.exe-3016.log
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-03-19 01:46 - 2014-04-22 00:36 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\ClassicShell

2015-03-18 23:57 - 2010-10-16 04:39 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\uTorrent

2015-03-18 23:01 - 2010-02-09 20:56 - 01611396 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-03-18 22:25 - 2012-08-27 21:09 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Skype

2015-03-18 19:43 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-03-18 19:43 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-03-18 19:38 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-03-18 19:00 - 2013-05-17 16:49 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BURN ISO VIRTUAL-DRIVE

2015-03-18 18:28 - 2010-10-15 22:08 - 00000000 ____D () C:\Windows\pss

2015-03-18 14:50 - 2012-09-25 12:18 - 00000000 ___HD () C:\Users\Wolf\Documents\PhraseExpress

2015-03-17 20:23 - 2015-02-09 12:34 - 06814674 _____ () C:\Users\Wolf\Desktop\2015-02-09, Inge.rar

2015-03-16 22:23 - 2014-11-08 11:00 - 00001724 _____ () C:\Users\Wolf\Desktop\DesktopOK.ini

2015-03-16 18:24 - 2014-09-11 23:49 - 00159943 _____ () C:\Windows\WindowsUpdate.log

2015-03-16 15:44 - 2012-08-25 12:04 - 00000000 ___RD () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Schreib-Lese

2015-03-15 18:56 - 2015-02-09 12:33 - 07407012 _____ () C:\Users\Wolf\Desktop\39-2015 Gesamt.rar

2015-03-15 15:03 - 2013-06-02 20:07 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SysExplor MenuEdit

2015-03-14 20:20 - 2012-04-25 10:56 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2015-03-14 20:20 - 2011-05-16 10:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2015-03-14 20:04 - 2014-08-13 11:30 - 00000000 ____D () C:\Users\Wolf\AppData\Local\Adobe

2015-03-14 18:02 - 2010-10-15 21:48 - 00000000 ___RD () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wartung & TroubleShoot

2015-03-13 07:46 - 2014-09-25 10:37 - 00002176 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk

2015-03-11 22:54 - 2012-09-27 19:49 - 00000000 ____D () C:\Users\Public\Documents\PhraseExpress

2015-03-11 20:45 - 2014-05-01 23:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2015-03-11 09:11 - 2010-10-15 22:42 - 00329384 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys

2015-03-11 08:40 - 2014-04-16 11:37 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Dropbox

2015-03-10 18:40 - 2010-10-15 21:09 - 00067296 _____ () C:\Users\Wolf\AppData\Local\GDIPFONTCACHEV1.DAT

2015-03-10 18:40 - 2009-07-14 05:33 - 00307424 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-03-10 17:24 - 2009-07-14 03:04 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_359

2015-03-10 11:43 - 2013-05-12 00:01 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\USB Tools & Convert

2015-03-09 18:19 - 2014-11-12 18:09 - 00000026 _____ () C:\Users\Wolf\AppData\Local\isoworkshop.ini

2015-03-09 04:09 - 2014-12-25 11:51 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird

2015-03-09 04:09 - 2013-12-12 02:42 - 00000000 ____D () C:\Users\Wolf\AppData\Local\CrashDumps

2015-03-09 04:09 - 2010-12-15 01:05 - 00000000 ____D () C:\Windows\Minidump

2015-03-07 12:11 - 2010-10-28 21:46 - 00007628 _____ () C:\Users\Wolf\AppData\Local\resmon.resmoncfg

2015-03-06 23:15 - 2011-10-04 00:18 - 00000000 ___RD () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoTV-Kram

2015-03-06 22:34 - 2010-10-15 22:05 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information

2015-03-06 22:34 - 2010-10-15 22:05 - 00000000 ____D () C:\Program Files\Realtek

2015-03-06 22:27 - 2010-10-15 22:07 - 00000000 ____D () C:\Program Files\Common Files\ArcSoft

2015-03-06 22:20 - 2010-10-15 21:55 - 00000000 ____D () C:\Program Files\WinRAR

2015-03-06 17:06 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Public

2015-03-06 12:21 - 2013-08-22 22:33 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-03-05 22:06 - 2013-09-28 01:24 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDD Wächter u Reperatur

2015-03-05 21:11 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET

2015-03-05 13:49 - 2010-10-15 21:48 - 00000000 ____D () C:\Users\Wolf

2015-03-04 18:07 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Public\Libraries

2015-03-04 16:34 - 2010-10-15 21:06 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Mozilla

2015-03-02 23:55 - 2014-11-08 11:00 - 09733919 _____ () C:\Users\Wolf\Desktop\0 Parmenides.rar

2015-03-02 16:14 - 2011-06-16 02:26 - 00000000 ____D () C:\Program Files\Wise Registry Cleaner

2015-03-02 13:35 - 2015-02-09 12:34 - 00300287 _____ () C:\Users\Wolf\Desktop\2015-02-09, Lena.rar

2015-03-01 00:25 - 2011-07-20 15:34 - 00000000 ____D () C:\ProgramData\AVAST Software
 

==================== Files in the root of some directories =======
 

2015-03-16 18:14 - 2015-03-16 18:14 - 1997800 _____ () C:\Program Files\2009Decoder.zip

2014-08-11 20:25 - 2014-08-11 20:36 - 0000084 _____ () C:\Program Files\ACRONISDDIENST STARTET.vbs

2010-10-27 16:33 - 1998-09-25 14:37 - 0006054 _____ () C:\Program Files\agb.rtf

2011-12-02 23:09 - 2009-04-02 16:47 - 0648064 _____ (Sysinternals - www.sysinternals.com) C:\Program Files\autoruns.exe

2010-10-27 16:33 - 2010-10-27 16:33 - 0002204 _____ () C:\Program Files\DeIsL1.isu

2011-11-19 01:55 - 2011-11-19 01:56 - 0001685 _____ () C:\Program Files\DeIsL2.isu

2010-10-27 16:33 - 2000-02-13 15:33 - 0017395 _____ () C:\Program Files\digibib.cnt

2010-10-27 16:33 - 2000-02-13 15:33 - 0752400 _____ () C:\Program Files\DIGIBIB.HLP

2010-10-27 16:33 - 2010-10-27 16:34 - 0004981 _____ () C:\Program Files\digibib.ini

2010-10-27 16:33 - 2000-02-13 22:41 - 1733120 _____ () C:\Program Files\Digibib2.exe

2011-08-08 17:59 - 2011-05-25 08:25 - 0007878 _____ () C:\Program Files\EULA.txt

2013-07-16 01:09 - 2013-07-16 01:00 - 0005892 _____ () C:\Program Files\Ghost für  Remoce Torrent.gms

2011-11-19 01:55 - 1997-01-04 12:23 - 0246272 _____ () C:\Program Files\Gmouse.exe

2011-11-19 01:55 - 1997-01-04 12:20 - 0006909 _____ () C:\Program Files\GMOUSE.HLP

2010-10-20 17:17 - 2010-10-20 17:17 - 0890208 _____ (techPowerUp (www.techpowerup.com)) C:\Program Files\GPU-Z.0.4.7.exe

2013-06-07 23:22 - 2013-06-07 23:23 - 0023080 _____ () C:\Program Files\Kill BoxCryptor.exe

2013-08-01 09:56 - 2013-08-01 09:59 - 0000048 _____ () C:\Program Files\Kill DesktopOK.bat

2015-03-17 22:23 - 2013-05-01 11:28 - 0000029 _____ () C:\Program Files\Kill DropBox.bat

2014-04-18 02:32 - 2014-04-17 18:22 - 0023083 _____ () C:\Program Files\Kill HddGuard.exe

2015-03-17 22:23 - 2015-03-08 12:12 - 0000052 _____ () C:\Program Files\Kill Onedrive.bat

2014-08-01 12:57 - 2014-07-30 14:23 - 0000028 _____ () C:\Program Files\Kill unsecapp.bat

2011-08-08 17:59 - 2011-05-25 08:25 - 0015511 _____ () C:\Program Files\license.txt

2010-10-27 16:33 - 1998-03-08 22:51 - 0001663 _____ () C:\Program Files\lizenz.txt

2010-10-27 16:33 - 1998-09-27 14:09 - 0000352 _____ () C:\Program Files\makros.txt

2011-12-05 08:47 - 2011-11-30 21:06 - 0033792 _____ (Nenad Hrg (SoftwareOK.com)) C:\Program Files\OneLoupe.exe

2011-05-16 10:10 - 2011-05-10 22:45 - 0172032 _____ (Jorgen Bosman) C:\Program Files\poweroff_deutsch.exe

2015-03-16 18:15 - 2015-03-16 18:15 - 1665395 _____ () C:\Program Files\procexp1204.zip

2011-08-08 17:59 - 2011-05-25 08:25 - 0002773 _____ () C:\Program Files\Setup.cfg

2010-11-06 05:08 - 2010-10-12 16:46 - 0364544 _____ (© onlinetvrecorder.com) C:\Program Files\Updater.exe

2010-10-27 16:33 - 1999-12-14 17:48 - 0003489 _____ () C:\Program Files\www.txt

2010-10-27 16:33 - 1996-02-07 08:07 - 0024576 _____ (Stirling) C:\Program Files\_ISREG32.DLL

2012-08-25 21:54 - 2012-08-25 21:55 - 0000564 _____ () C:\Users\Wolf\AppData\Roaming\pcwSIcon.ini

2014-07-15 16:11 - 2014-07-16 12:35 - 0007741 _____ () C:\Users\Wolf\AppData\Roaming\PStrip.bak

2011-07-26 23:42 - 2014-07-15 16:17 - 0007764 _____ () C:\Users\Wolf\AppData\Roaming\PStrip.bk!

2014-07-16 12:35 - 2014-07-15 16:11 - 0007555 _____ () C:\Users\Wolf\AppData\Roaming\PStrip.bko

2011-07-26 23:37 - 2014-07-16 12:40 - 0008353 _____ () C:\Users\Wolf\AppData\Roaming\PStrip.ini

2010-11-22 18:48 - 2010-11-22 18:48 - 0000036 _____ () C:\Users\Wolf\AppData\Local\housecall.guid.cache

2014-11-12 18:09 - 2015-03-09 18:19 - 0000026 _____ () C:\Users\Wolf\AppData\Local\isoworkshop.ini

2010-10-28 21:46 - 2015-03-07 12:11 - 0007628 _____ () C:\Users\Wolf\AppData\Local\resmon.resmoncfg

2012-12-01 17:46 - 2012-12-01 17:47 - 0017408 _____ () C:\Users\Wolf\AppData\Local\WebpageIcons.db

2010-10-25 20:52 - 2010-10-25 20:53 - 0000367 _____ () C:\ProgramData\hpzinstall.log

2011-04-28 13:54 - 2011-04-28 13:54 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
 

Some content of TEMP:

====================

C:\Users\Wolf\AppData\Local\Temp\Quarantine.exe

C:\Users\Wolf\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Wolf\AppData\Local\Temp\sqlite3.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-03-06 02:04
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015

Ran by Wolf at 2015-03-19 01:52:40

Running from C:\Users\Wolf\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

µTorrent (HKLM\...\uTorrent) (Version: 2.0.3 - )

AC3Filter 1.63b (HKLM\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)

Acronis True Image 2014 (HKLM\...\{3ECDD663-5AF8-489B-9E3C-561F33A271BD}Visible) (Version: 17.0.6673 - Acronis)

Acronis True Image 2014 (Version: 17.0.6673 - Acronis) Hidden

Adobe Digital Editions 4.0 (HKLM\...\Adobe Digital Editions 4.0) (Version: 4.0 - Adobe Systems Incorporated)

Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)

Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)

Allway Sync version 14.2.1 (HKLM\...\Allway Sync_is1) (Version:  - Botkind Inc)

AquaSnap 1.12.1 (HKLM\...\{60CECC09-6E7B-4392-AA49-A6CBE1E2786C}) (Version: 1.12.1 - hxxp://www.nurgo-software.com?utm_source=AquaSnap&utm_medium=application&utm_campaign=continuous)

ArcSoft TotalMedia 3.5 (HKLM\...\{74292F90-895A-4FC6-A692-9641532B1B63}) (Version: 3.5.28.322 - ArcSoft)

BoxCryptor 1.3.2.0 (HKLM\...\BoxCryptor) (Version: 1.3.2.0 - Secomba GmbH)

Boxcryptor 2.0 (HKLM\...\{EBFEBFC7-B128-4700-ADBC-E839BFC833AE}) (Version: 2.0.419.376 - Secomba GmbH)

CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)

Classic Shell (HKLM\...\{E0E49E80-19DE-43FE-BFF2-8C58DDF3C7F9}) (Version: 4.1.0 - IvoSoft)

Codec Pack - All In 1 6.0.3.0 (HKLM\...\Cool's_Codec_pack_4.12) (Version:  - )

CrystalDiskInfo 6.2.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 6.2.2 - Crystal Dew World)

Desktopsymbole ausblenden 0.1 (HKLM\...\{C2424372-6F72-4364-9DDE-D0D28113F5D1}_is1) (Version:  - XProfan.Com)

DirComp (HKLM\...\{B915FA4E-B670-43E9-8EA0-9F16BFFD8AE8}) (Version: 2.06.0000 - Wolfgang Wirth)

DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.87 - DivX, LLC)

Dropbox (HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)

EasyBCD 2.2 (HKLM\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)

GhostMouse 2.0 (HKLM\...\GhostMouse 2.0) (Version:  - )

Granola (HKLM\...\{9B0E7CB3-A6A8-4E2C-80E3-2188B8B035CB}) (Version: 5.0.1 - MiserWare, Inc.)

HD Tune Pro 5.50 (HKLM\...\HD Tune Pro_is1) (Version:  - EFD Software)

HDD Regenerator (HKLM\...\{97A39919-9FEA-48B7-AB2B-4F99212D1E98}) (Version: 20.11.0011 - Abstradrome)

ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.2.0 - LIGHTNING UK!)

IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)

ISO Workshop 5.5 (HKLM\...\ISO Workshop_is1) (Version:  - Glorylogic)

Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)

L&H TTS3000 Deutsch (HKLM\...\LHTTSGED) (Version:  - )

Lame ACM MP3 Codec (HKLM\...\LameACM) (Version:  - )

LinuxLive USB Creator (HKLM\...\LinuxLive USB Creator) (Version: 2.9 - Thibaut Lauziere)

Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Media Player Classic - Home Cinema v1.5.2.3456 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.2.3456 - MPC-HC Team)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Encarta 99 Enzyklopädie (HKLM\...\Encarta99D) (Version: 99D - Microsoft Corporation)

Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version:  - )

Microsoft OneDrive (HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Windows Performance Toolkit (HKLM\...\{24190661-2122-40D1-9F7C-8FDEA5AE4197}) (Version: 4.6.0 - Microsoft Corporation)

Microsoft Windows SDK for Windows 7 (7.0) (HKLM\...\SDKSetup_7.0.7600.16385.40715) (Version: 7.0.7600.16385.40715 - Microsoft Corporation)

Moo0 RightClicker 1.47 (HKLM\...\Moo0 RightClicker) (Version:  - )

Mozilla Firefox 36.0.1 (x86 de) (HKLM\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)

Mozilla Thunderbird 31.3.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

NirSoft Volumouse (HKLM\...\Volumouse) (Version:  - )

PDF-XChange 4 Pro (HKLM\...\{E38531EE-318C-4EFB-A36B-1A57BFBDAB3C}_is1) (Version: 4.198.198.0 - Tracker Software Products Ltd)

PhraseExpress v10.5.35 (HKLM\...\PhraseExpress_is1) (Version: 10.5.35 - Bartels Media GmbH)

QuickTime Alternative 3.2.2 (HKLM\...\QuicktimeAlt_is1) (Version: 3.2.2 - )

REALTEK DTV USB DEVICE (HKLM\...\{DDBB7C89-1A09-441E-AA0F-6AA465755C17}) (Version: 1.00.0000 - Realtek)

Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)

Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)

Right Click Enhancer 4.3.1 (HKLM\...\Right Click Enhancer) (Version: 4.3.1 - RBSoft, Inc.)

RocketDock 1.3.5 (HKLM\...\RocketDock_is1) (Version:  - Punk Software)

Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)

StrokeIt (Deutsch) (HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\StrokeIt (Deutsch)) (Version:  - )

StrokeIt (HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\StrokeIt) (Version:  - )

swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

System Explorer 3.0.0 (HKLM\...\System Explorer_is1) (Version:  - Mister Group)

Tweaking.com - Simple System Tweaker (HKLM\...\Tweaking.com - Simple System Tweaker) (Version: 2.2.0 - Tweaking.com)

Unlocker 1.9.1 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)

VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)

VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)

Windows Media Center Edition MPEG Codec Plug-in (HKLM\...\{94F3D243-2006-4B2D-9160-C2A33F74BB84}) (Version:  - ArcSoft)

Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)

Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)

WinRAR 5.10 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

Wise Registry Cleaner 5.9.4 (HKLM\...\Wise Registry Cleaner_is1) (Version: 5.9.4 - ZhiQing Soft, Inc.)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncApi.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2588859782-1139336777-623044890-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
 

==================== Restore Points  =========================
 

ATTENTION: System Restore is disabled.
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 03:04 - 2015-03-10 18:35 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {065E9E43-BEE6-4D82-8573-6D5DCD6737CD} - System32\Tasks\BoxCryptor 2-x, NEU => C:\Program Files\NEW Boxcryptor\Boxcryptor.exe [2014-04-08] (Secomba GmbH)

Task: {1B94BC7D-3534-4DE8-BF69-6CE2674920E2} - System32\Tasks\kill boxscrip => C:\Program Files\Kill BoxCryptor.exe [2013-06-07] ()

Task: {2CCD60D3-8578-4A89-9173-B99978307D7C} - System32\Tasks\AcronisDienst Stop => C:\Windows\system32\net.exe [2009-07-14] (Microsoft Corporation)

Task: {3E209D04-EA76-4D87-9F6D-260E407AA064} - System32\Tasks\Acronis Scheduler Dienst starten => C:\Windows\system32\Net.exe [2009-07-14] (Microsoft Corporation)

Task: {5E177179-7564-4584-AA37-B54FCE1DFFC6} - System32\Tasks\KILL DropBox => C:\Program Files\Kill DropBox.bat [2013-05-01] ()

Task: {7A42BEB4-A140-4454-9D7F-FFE774BE4E98} - System32\Tasks\WDR Philo-Sendung

Task: {7E0BB72C-E5C1-4325-8B34-B47DB0ADC89D} - System32\Tasks\BoxCryptor => C:\Program Files\BoxCryptor\BoxCryptor.exe [2012-06-07] (Secomba GmbH)

Task: {97CB342F-49F1-4D7D-AB86-4BA87F83B3D6} - System32\Tasks\Termin => C:\Users\Wolf\Desktop\Termin.txt

Task: {9FF061A7-6D8B-403A-826F-DD6ACB57DCA5} - System32\Tasks\AquaSnap => C:\Program Files\AquaSnap\AquaSnap.Daemon.exe [2015-02-23] (Nurgo-Software)

Task: {ACBA7AE2-0C7A-439B-9193-8484E1E11A41} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe

Task: {B675FB0B-C15F-4240-B8CA-2C5103AF92D4} - System32\Tasks\DropBox => C:\Users\Wolf\AppData\Roaming\Dropbox\bin\Dropbox.exe

Task: {C5A5E2F6-79A7-4DB0-BC01-286B414DDA8B} - System32\Tasks\Kill BoxScriptor NEU => C:\Program Files\Kill BoxCryptor.exe [2013-06-07] ()

Task: {E7C11865-CF8D-4952-B3C4-BA8575442A83} - System32\Tasks\Kill OneDrive => C:\Program Files\Kill Onedrive.bat [2015-03-08] ()

Task: {EB580139-7CF9-4A64-9C6E-2580F18F9994} - System32\Tasks\CrystalDiskInfo => D:\DVD\Betriebs\HARD Disk Tools\HD CrystalDiskInfo5_6_2\DiskInfo.exe [2013-04-24] (Crystal Dew World) <==== ATTENTION

Task: {EEC1AEF6-BF1C-4341-A6DD-A6A15D6FD349} - System32\Tasks\KDE Mover => C:\Program Files\KDE Mover-Sizer for Windows\KDE Mover-Sizer.exe [2009-10-12] ()

Task: {EFD7ABDE-CAD3-4BE8-8DB5-7BAF310AF5FF} - System32\Tasks\Uhr auf Desk => C:\Program Files\Uhr + Desk zeigen\Uhr auf Desktop\CLOCK.EXE [2004-09-26] ()

Task: {F59D9840-21B6-4D4A-B607-74E74F77D052} - System32\Tasks\PhrasenProgramm => C:\Program Files\PhraseExpress\phraseexpress.exe [2014-10-23] (Bartels Media GmbH)

Task: {F7EC8DEF-0A23-4B1F-B9F7-BE086564B326} - System32\Tasks\Kill unsecapp.exe => C:\Program Files\Kill unsecapp.bat [2014-07-30] ()

Task: {FC488C27-8609-4CBE-B97E-F4E20B316AFC} - System32\Tasks\Uhr im Tray => C:\Program Files\Uhr + Desk zeigen\Uhr im Tray + ShowDesktop\tclock.exe [2004-09-07] (Kazubon)
 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 

==================== Loaded Modules (whitelisted) ==============
 

2011-06-25 03:54 - 2001-10-28 17:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll

2014-11-16 02:13 - 2014-06-24 12:04 - 00182784 _____ () C:\Program Files\Allway Sync\Bin\SyncService.exe

2013-10-01 09:32 - 2013-10-01 09:32 - 02634920 _____ () C:\Program Files\Acronis\TrueImageHome\tishell.dll

2013-10-01 10:00 - 2013-10-01 10:00 - 00022336 _____ () C:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll

2010-01-03 18:27 - 2010-01-03 18:27 - 00011912 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\mhook.dll

2012-02-21 09:12 - 2012-02-21 09:12 - 00449264 _____ () C:\Program Files\MiserWare\Granola Personal\GranolaManager.exe

2010-01-03 18:27 - 2010-01-03 18:27 - 00026248 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe

2010-01-03 18:28 - 2010-01-03 18:28 - 00016520 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\exec.dll

2010-01-03 18:28 - 2010-01-03 18:28 - 00018056 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\keys.dll

2010-01-03 18:28 - 2010-01-03 18:28 - 00013448 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\msg.dll

2010-01-03 18:28 - 2010-01-03 18:28 - 00013448 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\multimon.dll

2010-01-03 18:28 - 2010-01-03 18:28 - 00012936 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\OSD.dll

2010-01-03 18:28 - 2010-01-03 18:28 - 00010376 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\siControl.dll

2010-01-03 18:28 - 2010-01-03 18:28 - 00013960 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\utilities.dll

2010-01-03 18:28 - 2010-01-03 18:28 - 00016520 _____ () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\win.dll

2010-10-15 22:00 - 2004-09-26 11:59 - 00473600 _____ () C:\Program Files\Uhr + Desk zeigen\Uhr auf Desktop\CLOCK.EXE

2015-03-14 20:04 - 2015-03-14 20:04 - 16858288 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll

2014-12-25 12:00 - 2014-11-28 01:09 - 03339376 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll

2014-12-25 12:00 - 2014-11-28 01:09 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll

2014-12-25 12:00 - 2014-11-28 01:09 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 

AlternateDataStreams: C:\ProgramData\TEMP:1AAB2E68

AlternateDataStreams: C:\ProgramData\TEMP:2BE9FEFC

AlternateDataStreams: C:\ProgramData\TEMP:55B41E6A

AlternateDataStreams: C:\ProgramData\TEMP:A5A1816B
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 

==================== EXE Association (whitelisted) ===============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== Other Areas ============================
 

(Currently there is no automatic fix for this section.)
 

HKU\S-1-5-21-2588859782-1139336777-623044890-1001\Control Panel\Desktop\\Wallpaper -> 

DNS Servers: 192.168.1.1
 

==================== MSCONFIG/TASK MANAGER disabled items ==
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\Services: ACDaemon => 2

MSCONFIG\Services: AcrSch2Svc => 3

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3

MSCONFIG\Services: AHDDC2 => 2

MSCONFIG\Services: AxInstSV => 3

MSCONFIG\Services: BDESVC => 3

MSCONFIG\Services: bthserv => 3

MSCONFIG\Services: DfSdkS => 3

MSCONFIG\Services: gupdate => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: HDDHealth => 2

MSCONFIG\Services: HDDlife HDD Access service => 2

MSCONFIG\Services: MBAMScheduler => 2

MSCONFIG\Services: MBAMService => 2

MSCONFIG\Services: MozillaMaintenance => 3

MSCONFIG\Services: SearchAnonymizer => 2

MSCONFIG\Services: TabletInputService => 3

MSCONFIG\Services: UxTuneUp => 2

MSCONFIG\Services: WinDefend => 3

MSCONFIG\Services: WMPNetworkSvc => 3

MSCONFIG\Services: wuauserv => 2

MSCONFIG\startupfolder: C:^Users^Wolf^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^bird.lnk => C:\Windows\pss\bird.lnk.Startup

MSCONFIG\startupfolder: C:^Users^Wolf^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^firefox - Verknüpfung.lnk => C:\Windows\pss\firefox - Verknüpfung.lnk.Startup

MSCONFIG\startupreg: Allway Sync => "C:\Program Files\Allway Sync\Bin\syncappw.exe" -m

MSCONFIG\startupreg: Classic Start Menu => "C:\Program Files\Classic Shell\ClassicStartMenu.exe" -autorun

MSCONFIG\startupreg: Granola => "C:\Program Files\MiserWare\Granola Personal\granola.exe"

MSCONFIG\startupreg: IR_SERVER => C:\PROGRA~1\Realtek\REALTE~1\IR_SERVER.exe

MSCONFIG\startupreg: OneDrive => "C:\Users\Wolf\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background

MSCONFIG\startupreg: StrokeIt => C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe
 

==================== Accounts: =============================
 

Administrator (S-1-5-21-2588859782-1139336777-623044890-500 - Administrator - Disabled)

Gast (S-1-5-21-2588859782-1139336777-623044890-501 - Limited - Disabled)

Wolf (S-1-5-21-2588859782-1139336777-623044890-1001 - Administrator - Enabled) => C:\Users\Wolf
 

==================== Faulty Device Manager Devices =============
 

Name: MpKslec0276e2

Description: MpKslec0276e2

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer: 

Service: MpKslec0276e2

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 

Name: MpKsl2b051bfa

Description: MpKsl2b051bfa

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer: 

Service: MpKsl2b051bfa

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 

Name: MpKsl71523a7c

Description: MpKsl71523a7c

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer: 

Service: MpKsl71523a7c

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 

Name: MpKslc317aad9

Description: MpKslc317aad9

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer: 

Service: MpKslc317aad9

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 

==================== Event log errors: =========================
 

Application errors:

==================
 

System errors:

=============

Error: (03/18/2015 11:08:39 PM) (Source: atapi) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 

Error: (03/18/2015 11:08:39 PM) (Source: atapi) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 

Error: (03/18/2015 11:08:39 PM) (Source: atapi) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 

Error: (03/18/2015 11:08:39 PM) (Source: atapi) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 

Error: (03/18/2015 11:08:39 PM) (Source: atapi) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 

Error: (03/18/2015 11:08:39 PM) (Source: atapi) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 

Error: (03/18/2015 11:08:39 PM) (Source: atapi) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 

Error: (03/18/2015 11:08:39 PM) (Source: atapi) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 

Error: (03/18/2015 11:08:39 PM) (Source: atapi) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 

Error: (03/18/2015 11:08:39 PM) (Source: atapi) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
 

Microsoft Office Sessions:

=========================
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz

Percentage of memory in use: 64%

Total physical RAM: 2047.3 MB

Available physical RAM: 731.61 MB

Total Pagefile: 5117.3 MB

Available Pagefile: 3666.16 MB

Total Virtual: 2047.88 MB

Available Virtual: 1911.67 MB
 

==================== Drives ================================
 

Drive c: (Win) (Fixed) (Total:29.3 GB) (Free:13.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (Arch) (Fixed) (Total:68.36 GB) (Free:55.84 GB) NTFS

Drive e: (Back) (Fixed) (Total:175.78 GB) (Free:72.03 GB) NTFS

Drive f: (Dow) (Fixed) (Total:658.07 GB) (Free:564.1 GB) NTFS

Drive g: (USB Start 22 =C:) (Fixed) (Total:22.49 GB) (Free:22.37 GB) NTFS

Drive h: (Zweit WIN7) (Fixed) (Total:24.72 GB) (Free:24.63 GB) NTFS

Drive i: (Zweit ARCH) (Fixed) (Total:16.6 GB) (Free:16.46 GB) NTFS

Drive j: (Zweit BACK) (Fixed) (Total:33.21 GB) (Free:22.86 GB) NTFS

Drive l: (USB Archiv21=D:) (Fixed) (Total:29.45 GB) (Free:29.36 GB) NTFS

Drive m: (USB Backups250=E:) (Fixed) (Total:246.15 GB) (Free:153.82 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 74.5 GB) (Disk ID: 5ADF567A)

Partition 1: (Not Active) - (Size=24.7 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=16.6 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=33.2 GB) - (Type=07 NTFS)
 

========================================================

Disk: 1 (Size: 931.5 GB) (Disk ID: F0E5415B)

Partition 1: (Active) - (Size=29.3 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=68.4 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=175.8 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=658.1 GB) - (Type=05)
 

========================================================

Disk: 2 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: E0307819)

Partition 1: (Active) - (Size=22.5 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=29.4 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=246.2 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================