|   | Alphazaboo | 08.01.2015 13:05 |  
 FRST: 
FRST Logfile:   Code: 
 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015Ran by Kraul (administrator) on KRAUL-PC on 08-01-2015 13:01:40
 Running from C:\Users\Kraul\Desktop
 Loaded Profile: Kraul (Available profiles: Kraul & Gast)
 Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
 Internet Explorer Version 11 (Default browser: FF)
 Boot Mode: Normal
 Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
 ==================== Processes (Whitelisted) =================
 
 (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
 (Microsoft Corporation) C:\Windows\System32\rundll32.exe
 (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
 (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
 (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
 (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
 (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
 (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
 (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
 (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
 (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
 (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
 (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
 (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
 (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
 (CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
 (Intel Corporation) C:\Windows\System32\igfxtray.exe
 (Intel Corporation) C:\Windows\System32\hkcmd.exe
 (Intel Corporation) C:\Windows\System32\igfxpers.exe
 (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
 (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
 (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
 (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
 (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
 (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
 (Intel Corporation) C:\Windows\System32\igfxext.exe
 (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
 (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
 (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
 (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
 (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
 (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
 (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
 (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 (Microsoft Corporation) C:\Windows\System32\dllhost.exe
 (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
 (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
 (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
 (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
 (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
 
 
 ==================== Registry (Whitelisted) ==================
 
 (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
 HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392360 2010-10-08] (Synaptics Incorporated)
 HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
 HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated)
 HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-29] (Egis Technology Inc.)
 HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-29] (Egis Technology Inc.)
 HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
 HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
 HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
 HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
 Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
 HKU\S-1-5-21-1910688198-3369152459-1835389315-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
 ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 
 ==================== Internet (Whitelisted) ====================
 
 (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
 HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
 HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
 HKU\S-1-5-21-1910688198-3369152459-1835389315-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
 HKU\S-1-5-21-1910688198-3369152459-1835389315-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
 HKU\S-1-5-21-1910688198-3369152459-1835389315-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
 URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
 BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
 BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
 BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
 Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 
 FireFox:
 ========
 FF ProfilePath: C:\Users\Kraul\AppData\Roaming\Mozilla\Firefox\Profiles\n6xctto1.default
 FF Homepage: google.de
 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
 FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
 FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
 FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
 FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
 FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
 FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
 FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll ()
 FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 FF SearchPlugin: C:\Users\Kraul\AppData\Roaming\Mozilla\Firefox\Profiles\n6xctto1.default\searchplugins\google-images.xml
 FF SearchPlugin: C:\Users\Kraul\AppData\Roaming\Mozilla\Firefox\Profiles\n6xctto1.default\searchplugins\google-maps.xml
 FF Extension: Adblock Plus Pop-up Addon - C:\Users\Kraul\AppData\Roaming\Mozilla\Firefox\Profiles\n6xctto1.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-05-02]
 FF HKU\S-1-5-21-1910688198-3369152459-1835389315-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Kraul\AppData\Roaming\Mozilla\Firefox\Profiles\n6xctto1.default\extensions\cliqz@cliqz.com
 
 Chrome:
 =======
 CHR HKLM-x32\...\Chrome\Extension: [bfcpnihmbfoaeoakalclfalkdepgiaje] - C:\Users\Kraul\AppData\Roaming\SpecialSavings\SpecialSavings.crx [Not Found]
 CHR HKLM-x32\...\Chrome\Extension: [fgfdfcbeamjnjdejakdidpniblllnbpg] - C:\Windows\SysWOW64\jmdp\pnte.crx [Not Found]
 CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
 CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [Not Found]
 CHR HKLM-x32\...\Chrome\Extension: [nohfdhapjjlndfgjnmdlcabloeembdkj] - C:\Users\Kraul\AppData\Roaming\BabSolution\CR\delta2.crx [Not Found]
 
 ==================== Services (Whitelisted) =================
 
 (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
 S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
 S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer Free\Dfsdks.exe [544768 2009-08-24] (mst software GmbH, Germany) [File not signed]
 S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-05-20] (WildTangent)
 R2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated) [File not signed]
 S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
 R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
 R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
 R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
 R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
 R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
 S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]
 
 ==================== Drivers (Whitelisted) ====================
 
 (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
 U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
 R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-12-09] (Disc Soft Ltd)
 R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
 R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
 R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
 R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
 R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-16] (Panda Security, S.L.)
 R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
 R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
 R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
 R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
 R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
 R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
 R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
 R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
 R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
 R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
 R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
 R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
 R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
 R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
 R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
 S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2015-01-07] (Avira GmbH)
 S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
 ==================== NetSvcs (Whitelisted) ===================
 
 (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
 ==================== One Month Created Files and Folders ========
 
 (If an entry is included in the fixlist, the file\folder will be moved.)
 
 2015-01-08 13:01 - 2015-01-08 13:02 - 00015400 _____ () C:\Users\Kraul\Desktop\FRST.txt
 2015-01-08 13:01 - 2015-01-08 13:01 - 00000000 ____D () C:\FRST
 2015-01-08 13:00 - 2015-01-08 13:00 - 02124288 _____ (Farbar) C:\Users\Kraul\Desktop\FRST64.exe
 2015-01-08 12:56 - 2015-01-08 12:56 - 00415232 _____ (Farbar) C:\Users\Kraul\Desktop\FSS.exe
 2015-01-08 11:07 - 2015-01-08 11:07 - 00000000 ____D () C:\Users\Public\Recorded TV
 2015-01-08 10:47 - 2015-01-08 10:47 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-KRAUL-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
 2015-01-08 10:47 - 2015-01-08 10:47 - 00000000 ____D () C:\RegBackup
 2015-01-08 10:23 - 2015-01-08 10:23 - 00003288 ____N () C:\bootsqm.dat
 2015-01-08 10:10 - 2015-01-08 10:10 - 00000000 ____D () C:\Users\Kraul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
 2015-01-08 10:10 - 2015-01-08 10:10 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
 2015-01-07 20:27 - 2014-03-25 14:15 - 00060400 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
 2015-01-07 20:26 - 2015-01-07 20:27 - 00000000 ____D () C:\Program Files (x86)\Panda Security
 2015-01-07 20:26 - 2015-01-07 20:26 - 00000000 ____D () C:\Users\Kraul\AppData\Roaming\Panda Security
 2015-01-07 20:26 - 2015-01-07 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
 2015-01-07 20:25 - 2015-01-07 20:27 - 00000000 ____D () C:\ProgramData\Panda Security
 2015-01-07 20:00 - 2015-01-07 20:00 - 00001276 _____ () C:\Users\Kraul\Desktop\Revo Uninstaller.lnk
 2015-01-07 19:02 - 2015-01-07 19:02 - 00000818 _____ () C:\DelFix.txt
 2015-01-07 17:31 - 2015-01-07 17:31 - 00000000 __RHD () C:\Users\Public\Libraries
 2015-01-07 15:53 - 2015-01-07 15:53 - 00000000 ____D () C:\ProgramData\Sun
 2015-01-07 15:52 - 2015-01-07 15:51 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
 2015-01-07 15:51 - 2015-01-07 15:51 - 00000000 ____D () C:\ProgramData\Oracle
 2015-01-07 15:51 - 2015-01-07 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
 2015-01-07 15:51 - 2015-01-07 15:51 - 00000000 ____D () C:\Program Files\Java
 2015-01-07 14:54 - 2015-01-07 14:53 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
 2015-01-06 17:44 - 2015-01-07 19:02 - 00000000 ____D () C:\Windows\ERUNT
 2015-01-06 16:47 - 2015-01-06 16:47 - 00000000 ____D () C:\Users\Kraul\AppData\Local\PDF24
 2015-01-06 16:43 - 2015-01-06 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
 2015-01-06 16:43 - 2015-01-06 16:43 - 00000000 ____D () C:\Program Files (x86)\PDF24
 2015-01-06 14:34 - 2015-01-06 14:36 - 00000000 ____D () C:\Users\Kraul\AppData\Local\paint.net
 2015-01-06 14:34 - 2015-01-06 14:34 - 00001304 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
 2015-01-06 14:34 - 2015-01-06 14:34 - 00000000 ____D () C:\Program Files\paint.net
 2015-01-06 14:02 - 2015-01-06 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
 2015-01-06 13:58 - 2015-01-06 13:58 - 00000000 ____D () C:\Users\Kraul\AppData\Roaming\InstallShield
 2015-01-06 13:58 - 2008-06-17 15:33 - 00167936 ____N (brother) C:\Windows\SysWOW64\NSSearch.dll
 2015-01-06 13:58 - 2007-12-13 22:16 - 00073728 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2.dll
 2015-01-06 13:58 - 2007-12-13 22:16 - 00005632 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2L.dll
 2015-01-06 13:58 - 2007-12-13 22:16 - 00003072 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2S.dll
 2015-01-06 13:58 - 2006-12-28 13:39 - 00176128 ____N (Brother Industries, Ltd.) C:\Windows\SysWOW64\BroSNMP.dll
 2015-01-06 13:58 - 2003-11-28 18:57 - 00000000 _____ () C:\Windows\brdfxspd.dat
 2015-01-04 20:38 - 2015-01-04 20:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
 2015-01-04 17:32 - 2015-01-07 18:59 - 00000000 ____D () C:\Windows\erdnt
 2015-01-04 17:16 - 2015-01-07 20:00 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
 2015-01-04 12:01 - 2015-01-04 12:01 - 00000000 ____D () C:\Users\Kraul\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE}
 2015-01-04 12:01 - 2015-01-04 12:01 - 00000000 ____D () C:\ProgramData\Virtualized Applications
 2015-01-03 21:45 - 2015-01-03 21:45 - 00000000 ____D () C:\Program Files (x86)\ESET
 2015-01-03 21:08 - 2015-01-03 21:09 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonstiges
 2015-01-03 20:42 - 2015-01-03 20:44 - 00000000 ____D () C:\Users\Kraul\Desktop\Konzerte, Noten und Musik
 2015-01-03 20:21 - 2015-01-03 20:21 - 00062976 ___SH () C:\Users\PS3-Daten\Thumbs.db
 2015-01-03 19:19 - 2015-01-03 19:19 - 00000000 __SHD () C:\Users\Kraul\AppData\Local\EmieBrowserModeList
 2015-01-03 19:18 - 2015-01-03 19:18 - 00000355 _____ () C:\Users\Kraul\Desktop\Computer.lnk
 2015-01-03 15:20 - 2015-01-03 16:06 - 00000000 ____D () C:\SiegeOfAvalon
 2015-01-03 14:05 - 2015-01-03 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Siege Of Avalon
 2015-01-01 17:38 - 2015-01-01 17:38 - 00000000 ____D () C:\Stranded II
 2015-01-01 17:38 - 2015-01-01 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stranded II
 2015-01-01 16:23 - 2015-01-01 16:23 - 00000000 ____D () C:\Program Files (x86)\mektek.net
 2014-12-21 10:40 - 2014-12-21 10:40 - 00000000 ____D () C:\Users\Kraul\AppData\Roaming\15909
 2014-12-21 10:10 - 2014-12-21 10:11 - 00000000 ____D () C:\Users\Kraul\AppData\Roaming\Anvsoft
 2014-12-21 10:04 - 2014-12-21 10:04 - 00000000 ____D () C:\Users\Kraul\AppData\Roaming\XMedia Recode
 2014-12-18 08:11 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
 2014-12-18 08:11 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
 2014-12-17 20:02 - 2014-12-17 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALNO AG  Küchenplaner
 2014-12-17 20:02 - 2014-12-17 20:02 - 00000000 ____D () C:\Program Files (x86)\ALNO
 2014-12-17 17:44 - 2014-12-17 17:44 - 00000000 ____D () C:\Program Files (x86)\Digital Tome
 2014-12-16 09:46 - 2014-12-16 09:46 - 00000000 ____D () C:\Windows\system32\appraiser
 2014-12-16 09:35 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
 2014-12-16 09:35 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
 2014-12-16 09:35 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
 2014-12-16 09:35 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
 2014-12-16 09:35 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
 2014-12-16 09:35 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
 2014-12-16 09:35 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
 2014-12-16 09:35 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
 2014-12-16 09:35 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
 2014-12-16 09:35 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
 2014-12-10 13:01 - 2014-12-10 13:01 - 00000000 ____D () C:\Users\Kraul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Tome
 2014-12-10 13:01 - 2014-12-10 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digital Tome
 2014-12-10 11:16 - 2014-12-10 11:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
 2014-12-10 11:16 - 2014-12-10 11:16 - 00000000 ____D () C:\Program Files\7-Zip
 2014-12-10 08:56 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
 2014-12-10 08:56 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
 2014-12-10 08:56 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
 2014-12-10 08:56 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
 2014-12-10 08:56 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
 2014-12-10 08:56 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
 2014-12-10 08:56 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
 2014-12-10 08:56 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
 2014-12-10 08:56 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
 2014-12-10 08:56 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
 2014-12-10 08:56 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
 2014-12-10 08:56 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
 2014-12-10 08:56 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
 2014-12-10 08:56 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
 2014-12-10 08:56 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
 2014-12-10 08:56 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
 2014-12-10 08:56 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
 2014-12-10 08:56 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
 2014-12-10 08:56 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
 2014-12-10 08:56 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
 2014-12-10 08:56 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
 2014-12-10 08:56 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
 2014-12-10 08:56 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
 2014-12-10 08:56 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
 2014-12-10 08:56 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
 2014-12-10 08:56 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
 2014-12-10 08:56 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
 2014-12-10 08:56 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
 2014-12-10 08:56 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
 2014-12-10 08:56 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
 2014-12-10 08:56 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
 2014-12-10 08:56 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
 2014-12-10 08:56 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
 2014-12-10 08:56 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
 2014-12-10 08:56 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
 2014-12-10 08:56 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
 2014-12-10 08:56 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
 2014-12-10 08:56 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
 2014-12-10 08:56 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
 2014-12-10 08:56 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
 2014-12-10 08:56 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
 2014-12-10 08:56 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
 2014-12-10 08:56 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
 2014-12-10 08:56 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
 2014-12-10 08:56 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
 2014-12-10 08:56 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
 2014-12-10 08:56 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
 2014-12-10 08:56 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
 2014-12-10 08:56 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
 2014-12-10 08:56 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
 2014-12-10 08:56 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
 2014-12-10 08:56 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
 2014-12-10 08:56 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
 2014-12-10 08:56 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
 2014-12-10 08:17 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
 2014-12-10 08:17 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
 2014-12-10 08:17 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
 2014-12-10 08:17 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
 2014-12-10 08:17 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
 2014-12-10 08:17 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
 2014-12-10 08:17 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
 2014-12-10 08:17 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
 2014-12-10 08:15 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
 2014-12-10 08:15 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
 2014-12-10 08:15 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
 2014-12-10 08:13 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
 2014-12-10 08:13 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
 2014-12-10 08:13 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
 2014-12-10 08:13 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
 2014-12-10 08:13 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
 2014-12-10 08:13 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
 2014-12-10 08:13 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
 2014-12-10 08:13 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
 2014-12-10 08:13 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
 2014-12-10 08:13 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
 2014-12-10 08:13 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
 2014-12-10 08:13 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
 2014-12-10 08:13 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
 2014-12-10 08:13 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
 2014-12-09 19:09 - 2014-12-10 15:13 - 00000739 _____ () C:\Windows\Debug.ini
 2014-12-09 19:00 - 2014-12-09 19:00 - 00000000 ____D () C:\Users\Kraul\AppData\Roaming\Columbus Soft
 2014-12-09 18:59 - 2005-04-20 15:28 - 00225280 ____R (Propellerhead Software AB) C:\Windows\SysWOW64\ReWire.dll
 2014-12-09 17:41 - 2015-01-08 12:52 - 00000304 _____ () C:\Windows\Tasks\DNZSXHB.job
 2014-12-09 17:41 - 2014-12-09 17:41 - 00165888 __RSH () C:\Windows\SysWOW64\KBDARMEN.dll
 2014-12-09 17:41 - 2014-12-09 17:41 - 00002584 _____ () C:\Windows\System32\Tasks\DNZSXHB
 2014-12-09 15:09 - 2014-12-09 15:28 - 00000000 ____D () C:\Users\Kraul\AppData\Roaming\DAEMON Tools Lite
 2014-12-09 15:09 - 2014-12-09 15:09 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
 2014-12-09 15:09 - 2014-12-09 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
 2014-12-09 15:09 - 2014-12-09 15:09 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
 2014-12-09 15:08 - 2014-12-09 15:28 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
 2014-12-09 15:07 - 2014-12-09 21:15 - 00000000 ____D () C:\Der Planer 1
 2014-12-09 15:07 - 2014-12-09 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenwood Entertainment
 2014-12-09 10:29 - 2015-01-06 17:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
 
 ==================== One Month Modified Files and Folders =======
 
 (If an entry is included in the fixlist, the file\folder will be moved.)
 
 2015-01-08 13:01 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
 2015-01-08 13:01 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
 2015-01-08 12:57 - 2011-10-23 17:34 - 00686272 _____ () C:\Windows\system32\perfh007.dat
 2015-01-08 12:57 - 2011-10-23 17:34 - 00145814 _____ () C:\Windows\system32\perfc007.dat
 2015-01-08 12:57 - 2011-10-23 07:44 - 01302440 _____ () C:\Windows\WindowsUpdate.log
 2015-01-08 12:57 - 2009-07-14 06:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI
 2015-01-08 12:56 - 2014-05-02 06:48 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
 2015-01-08 12:54 - 2011-11-11 23:16 - 00000000 ____D () C:\ProgramData\clear.fi
 2015-01-08 12:52 - 2014-11-22 22:51 - 00004003 _____ () C:\Windows\setupact.log
 2015-01-08 12:52 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
 2015-01-08 12:10 - 2011-11-11 22:43 - 00061672 _____ () C:\Users\Kraul\AppData\Local\GDIPFONTCACHEV1.DAT
 2015-01-08 12:02 - 2014-12-06 15:52 - 00035270 _____ () C:\Windows\PFRO.log
 2015-01-08 12:02 - 2009-07-14 05:45 - 00312160 _____ () C:\Windows\system32\FNTCACHE.DAT
 2015-01-08 11:58 - 2009-07-14 03:34 - 00000471 _____ () C:\Windows\win.ini
 2015-01-08 11:02 - 2009-07-14 03:34 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_986
 2015-01-07 20:21 - 2013-08-08 11:28 - 00000000 ____D () C:\Program Files (x86)\Avira
 2015-01-07 20:16 - 2013-08-08 11:28 - 00000000 ____D () C:\ProgramData\Avira
 2015-01-07 20:11 - 2011-09-26 13:09 - 00000000 ____D () C:\ProgramData\Skype
 2015-01-07 18:08 - 2011-11-13 11:42 - 00000000 ____D () C:\Users\Kraul\AppData\Roaming\SoftGrid Client
 2015-01-07 18:08 - 2011-11-11 22:43 - 00000000 ____D () C:\Users\Kraul
 2015-01-07 15:56 - 2014-05-02 06:48 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
 2015-01-07 15:56 - 2013-12-15 10:48 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
 2015-01-07 15:56 - 2011-09-26 13:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 2015-01-07 15:54 - 2011-11-13 22:01 - 00000000 ____D () C:\Users\Kraul\AppData\Local\Adobe
 2015-01-06 18:10 - 2012-12-28 03:59 - 00000000 ____D () C:\Users\Kraul\Desktop\Bewerbung Finja
 2015-01-06 17:38 - 2011-11-21 16:26 - 00000000 ____D () C:\ProgramData\ICQ
 2015-01-06 14:01 - 2013-07-30 18:27 - 00000241 _____ () C:\Windows\Brpfx04a.ini
 2015-01-06 14:01 - 2013-07-30 18:27 - 00000093 _____ () C:\Windows\brpcfx.ini
 2015-01-06 14:01 - 2013-07-30 15:23 - 00000425 _____ () C:\Windows\BRWMARK.INI
 2015-01-06 14:01 - 2013-07-30 15:23 - 00000027 _____ () C:\Windows\BRPP2KA.INI
 2015-01-06 13:58 - 2013-07-30 18:27 - 00000050 _____ () C:\Windows\system32\bridf08b.dat
 2015-01-06 13:58 - 2013-07-30 18:26 - 00000000 ____D () C:\Program Files (x86)\Brother
 2015-01-06 13:58 - 2011-09-26 12:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
 2015-01-06 11:47 - 2011-11-11 22:43 - 00000000 ____D () C:\Recovery
 2015-01-04 21:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PLA
 2015-01-04 20:32 - 2014-08-16 19:02 - 00000000 ____D () C:\ProgramData\Package Cache
 2015-01-04 18:01 - 2014-05-10 08:17 - 00000000 ____D () C:\Users\PS3-Daten
 2015-01-04 17:55 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
 2015-01-04 17:53 - 2009-07-14 03:34 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_370
 2015-01-04 12:01 - 2011-11-13 11:42 - 00000000 ____D () C:\Users\Kraul\AppData\Local\SoftGrid Client
 2015-01-03 21:11 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
 2015-01-03 21:10 - 2011-09-26 13:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
 2015-01-03 20:59 - 2012-06-22 14:01 - 00000000 ____D () C:\Users\Kraul\Desktop\Steven
 2015-01-03 20:53 - 2012-06-09 19:55 - 00000000 ____D () C:\Program Files (x86)\OXXOGames
 2015-01-03 20:51 - 2012-06-22 14:03 - 00000000 ___RD () C:\Users\Kraul\Desktop\PAPA
 2015-01-03 20:01 - 2012-01-02 22:40 - 00000000 ____D () C:\Program Files (x86)\EA GAMES
 2015-01-03 19:57 - 2014-05-10 08:40 - 00000000 ____D () C:\ProgramData\TVersity
 2015-01-03 19:43 - 2011-09-26 13:33 - 00000000 ____D () C:\Program Files (x86)\NTI
 2015-01-03 19:39 - 2011-11-19 18:05 - 00000000 ____D () C:\Users\Kraul\AppData\Local\Google
 2015-01-03 19:38 - 2014-07-06 13:04 - 00000000 ____D () C:\Program Files (x86)\Free mp3 Wma Converter
 2015-01-03 19:36 - 2012-06-09 19:55 - 00000000 ____D () C:\Program Files (x86)\DEUTSCHLAND SPIELT
 2015-01-03 19:33 - 2014-10-05 00:49 - 00000000 ____D () C:\Program Files\Autodesk
 2015-01-03 19:32 - 2014-10-05 00:54 - 00000000 ____D () C:\ProgramData\Autodesk
 2015-01-03 19:09 - 2012-01-02 23:00 - 00000000 ____D () C:\Users\Kraul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
 2015-01-03 15:17 - 2011-11-11 22:43 - 00000000 ____D () C:\Users\Kraul\AppData\Local\VirtualStore
 2014-12-26 15:02 - 2011-11-16 08:02 - 00061200 _____ () C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
 2014-12-17 15:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
 2014-12-16 09:46 - 2014-05-07 20:32 - 00000000 ___SD () C:\Windows\system32\CompatTel
 2014-12-16 09:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
 2014-12-16 09:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
 2014-12-16 09:39 - 2011-11-11 23:07 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 2014-12-10 20:17 - 2014-05-02 07:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
 2014-12-09 19:59 - 2014-11-12 21:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
 
 Some content of TEMP:
 ====================
 C:\Users\Kraul\AppData\Local\Temp\avgnt.exe
 
 
 ==================== Bamital & volsnap Check =================
 
 (There is no automatic fix for files that do not pass verification.)
 
 C:\Windows\System32\winlogon.exe => File is digitally signed
 C:\Windows\System32\wininit.exe => File is digitally signed
 C:\Windows\SysWOW64\wininit.exe => File is digitally signed
 C:\Windows\explorer.exe => File is digitally signed
 C:\Windows\SysWOW64\explorer.exe => File is digitally signed
 C:\Windows\System32\svchost.exe => File is digitally signed
 C:\Windows\SysWOW64\svchost.exe => File is digitally signed
 C:\Windows\System32\services.exe => File is digitally signed
 C:\Windows\System32\User32.dll => File is digitally signed
 C:\Windows\SysWOW64\User32.dll => File is digitally signed
 C:\Windows\System32\userinit.exe => File is digitally signed
 C:\Windows\SysWOW64\userinit.exe => File is digitally signed
 C:\Windows\System32\rpcss.dll => File is digitally signed
 C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
 LastRegBack: 2015-01-04 13:01
 
 ==================== End Of Log ============================
 --- --- ---   
Addition   Code: 
 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015Ran by Kraul at 2015-01-08 13:02:22
 Running from C:\Users\Kraul\Desktop
 Boot Mode: Normal
 ==========================================================
 
 
 ==================== Security Center ========================
 
 (If an entry is included in the fixlist, it will be removed.)
 
 AV: Panda Free Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
 AS: Panda Free Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
 AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
 
 ==================== Installed Programs ======================
 
 (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
 Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
 Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
 Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
 Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3007 - Acer Incorporated)
 Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Acer Incorporated)
 Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
 Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3502 - Acer Incorporated)
 Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0517.2011 - Acer Incorporated)
 Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
 Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
 Adobe Reader X (10.1.2) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.2 - Adobe Systems Incorporated)
 Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
 Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.42.68439 - Alcor Micro Corp.)
 Alcor Micro USB Card Reader (x32 Version: 1.2.42.68439 - Alcor Micro Corp.) Hidden
 ALNO AG  Küchenplaner (HKLM-x32\...\{A89131FD-3D18-4DA8-84C8-622423011B51}_is1) (Version: 14a - ALNO AG)
 Ashampoo WinOptimizer Free v.1.0.0 (HKLM-x32\...\{4209F371-393F-E3AF-1440-2EAD843B93B4}_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
 Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.43 - Atheros Communications Inc.)
 Avira (x32 Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden
 Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
 Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 Brother MFL-Pro Suite MFC-250C (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
 Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1720.00 - CyberLink Corp.)
 clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
 clear.fi (x32 Version: 1.0.1720.00 - CyberLink Corp.) Hidden
 clear.fi (x32 Version: 9.0.7709 - CyberLink Corp.) Hidden
 clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
 Crazy Chicken Kart 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
 D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
 DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
 Der Planer 1 (HKLM-x32\...\Der Planer 1) (Version:  - )
 Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
 Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.)
 ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
 FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
 Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
 Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 Harry Potter und der Halbblut-Prinz™ (HKLM-x32\...\{FD1B1980-8CAB-4474-89F8-1245AF657AD1}) (Version: 1.0.0.0 - Electronic Arts)
 Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
 Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
 Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
 Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
 Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
 Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
 Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
 Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
 Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
 John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
 Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Acer Inc.)
 Maestro: Musik aus der Tiefe (HKLM-x32\...\BFG-Maestro - Musik aus der Tiefe) (Version:  - )
 Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
 Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
 Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
 Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
 Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
 Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5128.5002 - Microsoft Corporation)
 Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
 Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
 Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
 Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
 Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
 Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
 Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
 Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
 Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
 Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
 Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
 Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
 Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
 MyWinLocker (Version: 4.0.14.25 - Egis Technology Inc.) Hidden
 MyWinLocker 4 (x32 Version: 4.0.14.25 - Egis Technology Inc.) Hidden
 MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.15 - Egis Technology Inc.)
 MyWinLocker Suite (x32 Version: 4.0.14.15 - Egis Technology Inc.) Hidden
 Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
 OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
 Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
 paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
 Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
 Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
 Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0000 - Panda Security)
 Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
 PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
 Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
 Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
 Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
 Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)
 Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
 Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
 Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
 Siege of Avalon Anthology CD (HKLM-x32\...\Siege of Avalon Anthology CD) (Version: 1.7.1.0913 - Digital Tome LP, Texas USA)
 Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 Stranded II 1.0.0.1 (HKLM-x32\...\{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1) (Version:  - Unreal Software)
 Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.18.0 - Synaptics Incorporated)
 Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
 Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.2 - Tweaking.com)
 Unknown Horizons (HKLM-x32\...\Unknown Horizons) (Version: 2013.3 - The Unknown Horizons Team)
 Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
 Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
 Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
 Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3503 - Acer Incorporated)
 WildTangent Games App (x32 Version: 4.0.11.2 - WildTangent) Hidden
 Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
 Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
 Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
 Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
 ==================== Custom CLSID (selected items): ==========================
 
 (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
 ==================== Restore Points  =========================
 
 07-01-2015 19:02:30 Ende der Bereinigung
 07-01-2015 20:01:48 Revo Uninstaller's restore point - McAfee Security Scan Plus
 07-01-2015 20:04:09 Revo Uninstaller's restore point - Malwarebytes Anti-Malware Version 2.0.4.1028
 07-01-2015 20:09:22 Revo Uninstaller's restore point - Winamp Erkennungs-Plug-in
 07-01-2015 20:10:12 Revo Uninstaller's restore point - Skype™ 6.11
 07-01-2015 20:10:39 Removed Skype™ 6.11
 07-01-2015 20:12:44 Revo Uninstaller's restore point - Skype Click to Call
 07-01-2015 20:12:53 Removed Skype Click to Call
 07-01-2015 20:15:35 Revo Uninstaller's restore point - Avira Free Antivirus
 
 ==================== Hosts content: ==========================
 
 (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
 2009-07-14 03:34 - 2015-01-08 11:58 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
 127.0.0.1       localhost
 
 ==================== Scheduled Tasks (whitelisted) =============
 
 (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
 Task: {21D4D59E-AEE2-4D92-8ECD-CC7ABEC119CC} - \Google Updater and Installer No Task File <==== ATTENTION
 Task: {2720351D-A004-40F3-8A91-FB4D615E94A7} - \{7E602A60-C9A0-47FE-A5FB-A019D806D733} No Task File <==== ATTENTION
 Task: {41738C43-C19B-4203-A423-C11B1BCEDA0D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-07] (Adobe Systems Incorporated)
 Task: {5BAF5D82-60AE-44C2-B4C2-4000CDA00CB6} - \{2A5253BA-501C-4B30-BA63-A938A98C5DF2} No Task File <==== ATTENTION
 Task: {6C4599DF-0566-4BA7-8065-7E9CD0B76430} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-05-20] (Acer Incorporated)
 Task: {6F2D6FA1-33CA-4127-8472-E65A4355F00F} - \User_Feed_Synchronization-{B97E79EE-0443-44A9-B195-B5A861D6B4DC} No Task File <==== ATTENTION
 Task: {89A6E1AC-98D1-4F28-BBF4-9896581A0025} - System32\Tasks\DNZSXHB => Rundll32.exe "C:\Windows\SysWOW64\KBDARMEN.dll",Vemtt
 Task: {C05B9BB0-7CF7-40A7-A627-4E3BC6D7F833} - \{0C4D8523-1C61-40CB-B92F-C6A9E4F49D2A} No Task File <==== ATTENTION
 Task: {C9B0A623-4831-4935-97AD-1D287E4E15BF} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
 Task: {CBFFBBB4-49BC-4E14-96C4-5244F09214B3} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-05-20] (CyberLink Corp.)
 Task: {D84BE0D6-B01E-4156-808A-9822B975F4F5} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-05-20] (CyberLink)
 Task: {F0669C63-F95D-43FE-8C24-9BFAC5A622C2} - \{E1BC4555-3AB0-4173-A146-A766ABA9F1CF} No Task File <==== ATTENTION
 Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 Task: C:\Windows\Tasks\DNZSXHB.job => C:\Windows\SysWOW64\KBDARMEN.dll
 
 ==================== Loaded Modules (whitelisted) =============
 
 2012-04-09 21:42 - 2011-10-04 21:43 - 00087552 _____ () C:\Windows\System32\custmon64i.dll
 2011-09-26 13:09 - 2011-03-25 10:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
 2013-04-12 18:23 - 2013-04-12 18:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
 2011-04-24 02:29 - 2011-04-24 02:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
 2011-04-24 02:29 - 2011-04-24 02:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
 2011-04-24 02:29 - 2011-04-24 02:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
 2011-05-20 10:13 - 2011-05-20 10:13 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
 2015-01-06 13:58 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 2014-12-09 10:29 - 2014-12-09 10:29 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 2014-10-23 02:34 - 2014-10-23 02:34 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ba8588c3319d63350220ec2ac3eb2c36\IsdiInterop.ni.dll
 2011-09-26 12:34 - 2010-09-14 02:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
 2015-01-07 15:56 - 2015-01-07 15:56 - 16843952 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll
 
 ==================== Alternate Data Streams (whitelisted) =========
 
 (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 AlternateDataStreams: C:\ProgramData\Temp:BD414E4B
 
 ==================== Safe Mode (whitelisted) ===================
 
 (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
 HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
 HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
 HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
 
 ==================== EXE Association (whitelisted) =============
 
 (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
 ==================== MSCONFIG/TASK MANAGER disabled items =========
 
 (Currently there is no automatic fix for this section.)
 
 MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
 MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
 MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
 MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
 MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
 MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
 MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
 MSCONFIG\startupreg: Facebook Update => "C:\Users\Kraul\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
 MSCONFIG\startupreg: Google Update => "C:\Users\Kraul\AppData\Local\Google\Update\GoogleUpdate.exe" /c
 MSCONFIG\startupreg: Guard.Mail.ru.gui => "C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe" /gui
 MSCONFIG\startupreg: ICQ => ~"C:\Program Files (x86)\ICQ7M\ICQ.exe" silent loginmode=4
 MSCONFIG\startupreg: Iminent => C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
 MSCONFIG\startupreg: IminentMessenger => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
 MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
 MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
 MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
 MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
 MSCONFIG\startupreg: Spiele Post => C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe
 MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
 MSCONFIG\startupreg: SweetIM => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
 
 ========================= Accounts: ==========================
 
 Administrator (S-1-5-21-1910688198-3369152459-1835389315-500 - Administrator - Disabled)
 Gast (S-1-5-21-1910688198-3369152459-1835389315-501 - Limited - Enabled) => C:\Users\Gast
 HomeGroupUser$ (S-1-5-21-1910688198-3369152459-1835389315-1010 - Limited - Enabled)
 Kraul (S-1-5-21-1910688198-3369152459-1835389315-1000 - Administrator - Enabled) => C:\Users\Kraul
 
 ==================== Faulty Device Manager Devices =============
 
 
 ==================== Event log errors: =========================
 
 Application errors:
 ==================
 Error: (01/08/2015 00:53:58 PM) (Source: Application Error) (EventID: 1000) (User: )
 Description: Name der fehlerhaften Anwendung: Avira.OE.Systray.exe, Version: 1.1.25.25617, Zeitstempel: 0x5447ad92
 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
 Ausnahmecode: 0xe0434352
 Fehleroffset: 0x0000c42d
 ID des fehlerhaften Prozesses: 0xe0c
 Startzeit der fehlerhaften Anwendung: 0xAvira.OE.Systray.exe0
 Pfad der fehlerhaften Anwendung: Avira.OE.Systray.exe1
 Pfad des fehlerhaften Moduls: Avira.OE.Systray.exe2
 Berichtskennung: Avira.OE.Systray.exe3
 
 Error: (01/08/2015 00:53:40 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
 Description: Anwendung: Avira.OE.Systray.exe
 Frameworkversion: v4.0.30319
 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
 Ausnahmeinformationen: System.Configuration.ConfigurationErrorsException
 Stapel:
 bei System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)
 bei System.Configuration.BaseConfigurationRecord.GetSection(System.String)
 bei System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String)
 bei System.Configuration.ConfigurationManager.GetSection(System.String)
 bei System.Configuration.ConfigurationManager.get_AppSettings()
 bei Avira.OE.WinCore.OeProductInfo.get_Culture()
 bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
 bei Avira.OE.Systray.Program.Main(System.String[])
 
 Error: (01/08/2015 00:10:21 PM) (Source: Application Error) (EventID: 1000) (User: )
 Description: Name der fehlerhaften Anwendung: Avira.OE.Systray.exe, Version: 1.1.25.25617, Zeitstempel: 0x5447ad92
 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
 Ausnahmecode: 0xe0434352
 Fehleroffset: 0x0000c42d
 ID des fehlerhaften Prozesses: 0xda4
 Startzeit der fehlerhaften Anwendung: 0xAvira.OE.Systray.exe0
 Pfad der fehlerhaften Anwendung: Avira.OE.Systray.exe1
 Pfad des fehlerhaften Moduls: Avira.OE.Systray.exe2
 Berichtskennung: Avira.OE.Systray.exe3
 
 Error: (01/08/2015 00:10:19 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
 Description: Anwendung: Avira.OE.Systray.exe
 Frameworkversion: v4.0.30319
 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
 Ausnahmeinformationen: System.Configuration.ConfigurationErrorsException
 Stapel:
 bei System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)
 bei System.Configuration.BaseConfigurationRecord.GetSection(System.String)
 bei System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String)
 bei System.Configuration.ConfigurationManager.GetSection(System.String)
 bei System.Configuration.ConfigurationManager.get_AppSettings()
 bei Avira.OE.WinCore.OeProductInfo.get_Culture()
 bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
 bei Avira.OE.Systray.Program.Main(System.String[])
 
 Error: (01/08/2015 00:05:07 PM) (Source: Application Error) (EventID: 1000) (User: )
 Description: Name der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe, Version: 1.1.25.25607, Zeitstempel: 0x5447ad7e
 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
 Ausnahmecode: 0xe0434352
 Fehleroffset: 0x0000c42d
 ID des fehlerhaften Prozesses: 0x484
 Startzeit der fehlerhaften Anwendung: 0xAvira.OE.ServiceHost.exe0
 Pfad der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe1
 Pfad des fehlerhaften Moduls: Avira.OE.ServiceHost.exe2
 Berichtskennung: Avira.OE.ServiceHost.exe3
 
 Error: (01/08/2015 00:05:07 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
 Description: Anwendung: Avira.OE.ServiceHost.exe
 Frameworkversion: v4.0.30319
 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
 Ausnahmeinformationen: System.TypeInitializationException
 Stapel:
 bei NLog.Common.InternalLogger.Debug(System.String, System.Object[])
 bei NLog.LogFactory.get_Configuration()
 bei NLog.LogFactory.GetLogger(LoggerCacheKey)
 bei NLog.LogFactory.GetLogger(System.String)
 bei NLog.LogManager.GetLogger(System.String)
 bei Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
 bei Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
 bei Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
 bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
 bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
 bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
 bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
 bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
 bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
 bei System.Threading.ThreadPoolWorkQueue.Dispatch()
 bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
 Error: (01/08/2015 00:04:57 PM) (Source: Application Error) (EventID: 1000) (User: )
 Description: Name der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe, Version: 1.1.25.25607, Zeitstempel: 0x5447ad7e
 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
 Ausnahmecode: 0xe0434352
 Fehleroffset: 0x0000c42d
 ID des fehlerhaften Prozesses: 0x6a4
 Startzeit der fehlerhaften Anwendung: 0xAvira.OE.ServiceHost.exe0
 Pfad der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe1
 Pfad des fehlerhaften Moduls: Avira.OE.ServiceHost.exe2
 Berichtskennung: Avira.OE.ServiceHost.exe3
 
 Error: (01/08/2015 00:04:57 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
 Description: Anwendung: Avira.OE.ServiceHost.exe
 Frameworkversion: v4.0.30319
 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
 Ausnahmeinformationen: System.TypeInitializationException
 Stapel:
 bei NLog.Common.InternalLogger.Debug(System.String, System.Object[])
 bei NLog.LogFactory.get_Configuration()
 bei NLog.LogFactory.GetLogger(LoggerCacheKey)
 bei NLog.LogFactory.GetLogger(System.String)
 bei NLog.LogManager.GetLogger(System.String)
 bei Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
 bei Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
 bei Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
 bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
 bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
 bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
 bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
 bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
 bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
 bei System.Threading.ThreadPoolWorkQueue.Dispatch()
 bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
 Error: (01/08/2015 00:04:02 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
 Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 
 Error: (01/08/2015 00:04:00 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
 Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 
 
 System errors:
 =============
 Error: (01/08/2015 00:54:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
 Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
 ssmdrv
 
 Error: (01/08/2015 00:53:58 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
 Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
 %%5
 
 Error: (01/08/2015 00:53:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
 Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.
 
 Error: (01/08/2015 00:52:12 PM) (Source: Application Popup) (EventID: 1060) (User: )
 Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\system32\DRIVERS\ssmdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
 
 Error: (01/08/2015 00:05:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
 Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
 
 Error: (01/08/2015 00:04:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
 Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
 
 Error: (01/08/2015 00:04:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
 Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
 
 Error: (01/08/2015 00:03:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
 Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
 ssmdrv
 
 Error: (01/08/2015 00:03:47 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
 Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
 %%5
 
 Error: (01/08/2015 00:02:30 PM) (Source: Application Popup) (EventID: 1060) (User: )
 Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\system32\DRIVERS\ssmdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
 
 
 Microsoft Office Sessions:
 =========================
 Error: (01/08/2015 00:53:58 PM) (Source: Application Error) (EventID: 1000) (User: )
 Description: Avira.OE.Systray.exe1.1.25.256175447ad92KERNELBASE.dll6.1.7601.1840953159a86e04343520000c42de0c01d02b39b7c24afcC:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exeC:\Windows\syswow64\KERNELBASE.dll06cfa27c-972d-11e4-bb76-e89a8fc56e58
 
 Error: (01/08/2015 00:53:40 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
 Description: Anwendung: Avira.OE.Systray.exe
 Frameworkversion: v4.0.30319
 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
 Ausnahmeinformationen: System.Configuration.ConfigurationErrorsException
 Stapel:
 bei System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)
 bei System.Configuration.BaseConfigurationRecord.GetSection(System.String)
 bei System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String)
 bei System.Configuration.ConfigurationManager.GetSection(System.String)
 bei System.Configuration.ConfigurationManager.get_AppSettings()
 bei Avira.OE.WinCore.OeProductInfo.get_Culture()
 bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
 bei Avira.OE.Systray.Program.Main(System.String[])
 
 Error: (01/08/2015 00:10:21 PM) (Source: Application Error) (EventID: 1000) (User: )
 Description: Avira.OE.Systray.exe1.1.25.256175447ad92KERNELBASE.dll6.1.7601.1840953159a86e04343520000c42dda401d02b33af57ef8eC:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exeC:\Windows\syswow64\KERNELBASE.dlleefe56a3-9726-11e4-a4fc-e89a8fc56e58
 
 Error: (01/08/2015 00:10:19 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
 Description: Anwendung: Avira.OE.Systray.exe
 Frameworkversion: v4.0.30319
 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
 Ausnahmeinformationen: System.Configuration.ConfigurationErrorsException
 Stapel:
 bei System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)
 bei System.Configuration.BaseConfigurationRecord.GetSection(System.String)
 bei System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String)
 bei System.Configuration.ConfigurationManager.GetSection(System.String)
 bei System.Configuration.ConfigurationManager.get_AppSettings()
 bei Avira.OE.WinCore.OeProductInfo.get_Culture()
 bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
 bei Avira.OE.Systray.Program.Main(System.String[])
 
 Error: (01/08/2015 00:05:07 PM) (Source: Application Error) (EventID: 1000) (User: )
 Description: Avira.OE.ServiceHost.exe1.1.25.256075447ad7eKERNELBASE.dll6.1.7601.1840953159a86e04343520000c42d48401d02b32f6556cfeC:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exeC:\Windows\syswow64\KERNELBASE.dll342cd0a3-9726-11e4-a4fc-e89a8fc56e58
 
 Error: (01/08/2015 00:05:07 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
 Description: Anwendung: Avira.OE.ServiceHost.exe
 Frameworkversion: v4.0.30319
 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
 Ausnahmeinformationen: System.TypeInitializationException
 Stapel:
 bei NLog.Common.InternalLogger.Debug(System.String, System.Object[])
 bei NLog.LogFactory.get_Configuration()
 bei NLog.LogFactory.GetLogger(LoggerCacheKey)
 bei NLog.LogFactory.GetLogger(System.String)
 bei NLog.LogManager.GetLogger(System.String)
 bei Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
 bei Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
 bei Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
 bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
 bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
 bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
 bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
 bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
 bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
 bei System.Threading.ThreadPoolWorkQueue.Dispatch()
 bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
 Error: (01/08/2015 00:04:57 PM) (Source: Application Error) (EventID: 1000) (User: )
 Description: Avira.OE.ServiceHost.exe1.1.25.256075447ad7eKERNELBASE.dll6.1.7601.1840953159a86e04343520000c42d6a401d02b32f015d046C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exeC:\Windows\syswow64\KERNELBASE.dll2df4580c-9726-11e4-a4fc-e89a8fc56e58
 
 Error: (01/08/2015 00:04:57 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
 Description: Anwendung: Avira.OE.ServiceHost.exe
 Frameworkversion: v4.0.30319
 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
 Ausnahmeinformationen: System.TypeInitializationException
 Stapel:
 bei NLog.Common.InternalLogger.Debug(System.String, System.Object[])
 bei NLog.LogFactory.get_Configuration()
 bei NLog.LogFactory.GetLogger(LoggerCacheKey)
 bei NLog.LogFactory.GetLogger(System.String)
 bei NLog.LogManager.GetLogger(System.String)
 bei Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
 bei Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
 bei Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
 bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
 bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
 bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
 bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
 bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
 bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
 bei System.Threading.ThreadPoolWorkQueue.Dispatch()
 bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
 Error: (01/08/2015 00:04:02 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
 Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 
 Error: (01/08/2015 00:04:00 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
 Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 
 
 CodeIntegrity Errors:
 ===================================
 Date: 2015-01-08 12:52:12.034
 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\ssmdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
 Date: 2015-01-08 12:52:11.909
 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\ssmdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
 Date: 2015-01-08 12:02:30.229
 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\ssmdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
 Date: 2015-01-08 12:02:30.120
 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\ssmdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
 Date: 2015-01-08 11:31:33.806
 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\ssmdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
 Date: 2015-01-08 11:31:33.697
 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\ssmdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
 Date: 2015-01-08 11:06:37.742
 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\ssmdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
 Date: 2015-01-08 11:06:37.617
 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\ssmdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
 Date: 2015-01-08 10:43:46.071
 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\ssmdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
 Date: 2015-01-08 10:43:45.946
 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\ssmdrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
 
 ==================== Memory info ===========================
 
 Processor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz
 Percentage of memory in use: 27%
 Total physical RAM: 5995.86 MB
 Available physical RAM: 4343.34 MB
 Total Pagefile: 11989.9 MB
 Available Pagefile: 10239.53 MB
 Total Virtual: 8192 MB
 Available Virtual: 8191.82 MB
 
 ==================== Drives ================================
 
 Drive c: (Acer) (Fixed) (Total:450.66 GB) (Free:349.27 GB) NTFS
 Drive d: (THE_DARK_KNIGHT) (CDROM) (Total:7.9 GB) (Free:0 GB) UDF
 
 ==================== MBR & Partition Table ==================
 
 ========================================================
 Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A9A71C95)
 Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
 Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
 Partition 3: (Not Active) - (Size=450.7 GB) - (Type=07 NTFS)
 
 ==================== End Of Log ============================
 FSS:   Code: 
 Note: The export is in "Windows Registry Editor Version 5.00" format.
 ================== Result for "wscsvc" ==================
 
 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\wscsvc]
 "DisplayName"="Sicherheitscenter"
 "ErrorControl"=dword:00000001
 "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
 6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
 00,65,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,52,00,65,00,73,00,74,00,\
 72,00,69,00,63,00,74,00,65,00,64,00,00,00
 "Start"=dword:00000004
 "Type"=dword:00000020
 "Description"="@%SystemRoot%\\System32\\wscsvc.dll,-201"
 "DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,77,00,69,00,6e,00,\
 6d,00,67,00,6d,00,74,00,00,00,00,00
 "ObjectName"="NT AUTHORITY\\LocalService"
 "ServiceSidType"=dword:00000001
 "RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\
 00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
 67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\
 00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
 00,00,00,00
 "DelayedAutoStart"=dword:00000001
 "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
 00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00
 
 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\wscsvc\Enum]
 "0"="Root\\LEGACY_WSCSVC\\0000"
 "Count"=dword:00000001
 "NextInstance"=dword:00000001
 
 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\wscsvc\Parameters]
 "ServiceDllUnloadOnStop"=dword:00000001
 "ServiceDll"=hex(2):25,00,53,00,59,00,53,00,54,00,45,00,4d,00,52,00,4f,00,4f,\
 00,54,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
 77,00,73,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
 
 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\wscsvc\Security]
 "Security"=hex:01,00,14,80,c8,00,00,00,d4,00,00,00,14,00,00,00,30,00,00,00,02,\
 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
 00,00,02,00,98,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
 20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
 00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,\
 00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,28,00,15,00,00,00,01,06,00,\
 00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,\
 7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,\
 00,00,00
 
 
 
 ================== End Of Export =============
 |