Ich finde täglich neue Viren

Simi1961 · 31.08.2014, 14:55

Hallo.

Mein Name ist Simone.Seit gestern ist mein Laptop extrem langsam, und es kommt mir vor als wenn im Hintergrund irgendwelche Programme laufen, obwohl kein Fenster auf ist.
Ich habe mir dann gestern Malwarebytes 2.0.2 installiert.Die Software hat jede Menge gefunden.Ist alles in Quarantäne.Heute wurden wieder Viren gefunden.Ich weiss nicht was ich machen soll.Ich bin in solchen Sachen ein Laie.
Würdet Ihr mit bitte helfen?

Vielen Dank

LG Simone

cosinus · 31.08.2014, 14:56

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Simi1961 · 31.08.2014, 15:22

Ja habe noch einen anderen benutzt.Ad-Aware Antivirus.

Der Virus heisst Java Exploit. CVE-2012 0507.I

cosinus · 31.08.2014, 15:23

Ich möchte die Logs vollständig sehen. Außerdem brauch ich Logs von FRST.

Simi1961 · 31.08.2014, 15:38

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 31.08.2014
Suchlauf-Zeit: 12:02:17
Logdatei: 
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.31.02
Rootkit Datenbank: v2014.08.21.01
Lizenz: Premium
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7
CPU: x64
Dateisystem: NTFS
Benutzer: G72B20SG

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 309806
Verstrichene Zeit: 17 Min, 57 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 26
PUP.Optional.Softonic.A, C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.admin", false);), Ersetzt,[2d6caf1a067540f6387abd5b768f60a0]
PUP.Optional.Softonic.A, C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.aflt", "OC");), Ersetzt,[5247b5143843280ea60cb365d134c53b]
PUP.Optional.Softonic.A, C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}");), Ersetzt,[4f4a20a9275468ce466cd444e91cac54]
PUP.Optional.Softonic.A, C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.autoRvrt", "false");), Ersetzt,[4851caff403bdf57d4dec94f09fc9070]
PUP.Optional.Softonic.A, C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.dfltLng", "de");), Ersetzt,[b8e1b118fc7fd363149e74a4e520fa06]
PUP.Optional.Softonic.A, C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.dfltSrch", true);), Ersetzt,[8415d7f2bdbeb87eb7fb45d359acce32]
PUP.Optional.Softonic.A, C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.dnsErr", true);), Ersetzt,[ddbce0e9e59657dfd6dcd34564a1f20e]
PUP.Optional.Softonic.A, C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.excTlbr", false);), Ersetzt,[851406c34437e254862c0c0cf90ce020]
PUP.Optional.Softonic.A, C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.ffxUnstlRst", false);), Ersetzt,[e7b2be0b2c4f62d48032a17719ec29d7]
PUP.Optional.Softonic.A, C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.hmpg", true);), Ersetzt,[b2e7b71294e71521efc32aee6e977a86]
PUP.Optional.Softonic.A, C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=13&cc=&mi=cc897d78000000000000ac8112209281");), Ersetzt,[bfda7851a3d81125258d8197b253b64a]
PUP.Optional.Softonic.A, C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.id", "cc897d78000000000000ac8112209281");), Ersetzt,[ddbc4c7d87f4f73f7939cf499471728e]
PUP.Optional.Softonic.A, C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.instlDay", "16025");), Ersetzt,[5445b7122853fa3ccfe362b61bea966a]
PUP.Optional.Softonic.A, C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.instlRef", "MOY00621");), Ersetzt,[386109c0bfbc9d991c960f09f70eaa56]
PUP.Optional.Softonic.A, C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.newTab", true);), Ersetzt,[0e8b41882853b1855e54839501046d93]
PUP.Optional.Softonic.A, C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=cc897d78000000000000ac8112209281");), Ersetzt,[debb8b3e0378f83e6e44f62271949868]
PUP.Optional.Softonic.A, C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.prdct", "Softonic");), Ersetzt,[89104e7bec8f5dd9407232e69e67db25]
PUP.Optional.Softonic.A, C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.prtnrId", "softonic");), Ersetzt,[b3e66762017a95a12e844fc9c83d60a0]
PUP.Optional.Softonic.A, C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.rvrt", "false");), Ersetzt,[d1c828a191ea40f65959cc4cad58629e]
PUP.Optional.Softonic.A, C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.smplGrp", "none");), Ersetzt,[47526960fd7e2a0c1e94d7419b6a7888]
PUP.Optional.Softonic.A, C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");), Ersetzt,[217822a71f5c04329220e632ec1944bc]
PUP.Optional.Softonic.A, C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.tlbrId", "opencandy2013");), Ersetzt,[e1b801c81e5dce687c360b0dba4bee12]
PUP.Optional.Softonic.A, C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=1&cc=&mi=cc897d78000000000000ac8112209281&q=");), Ersetzt,[dfba13b61a61300661514ccc24e1827e]
PUP.Optional.Softonic.A, C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.vrsn", "1.8.21.14");), Ersetzt,[1e7b11b816651a1c5959fe1a93724fb1]
PUP.Optional.Softonic.A, C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.vrsnTs", "1.8.21.1416:12:00");), Ersetzt,[91084188354659dd2c865cbccf36c937]
PUP.Optional.Softonic.A, C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.vrsni", "1.8.21.14");), Ersetzt,[4b4e96338af175c1f2c08791798c43bd]

Physische Sektoren: 0
(No malicious items detected)


(end)

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014
Ran by G72B20SG (administrator) on G72B20SG-HP on 31-08-2014 16:33:41
Running from C:\Users\G72B20SG\Downloads
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(TopLang Software) C:\Program Files\Desktop Lock\TLDL.EXE
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(LG Electronics) C:\Program Files (x86)\LG Electronics\LG EV-DO Rev.A USB Modem\Modem Software\REVAService.exe
() C:\Program Files (x86)\SAGEM\SAGEM F@st 800-840\dslmon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
() C:\Windows\autoclk.exe
() C:\Windows\adiras.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Windows\System32\GfxUI.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 8.0 Commerzbank-Edition\ouservice\StarMoneyOnlineUpdate.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareDesktop.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-27] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6234144 2010-03-13] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [Desktop Lock Loader] => C:\Program Files\Desktop Lock\TLDL.EXE [233984 2009-04-01] (TopLang Software)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe [8886592 2014-08-27] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-06-02] (EasyBits Software AS)
HKLM-x32\...\Run: [autoclk] => C:\Windows\autoclk.exe [176128 2006-02-15] ()
HKLM-x32\...\Run: [adiras] => C:\Windows\adiras.exe [143360 2006-02-16] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\Run: [Mobile Partner] => C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe [536576 2012-07-01] ()
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\Run: [REVAService] => C:\Program Files (x86)\LG Electronics\LG EV-DO Rev.A USB Modem\Modem Software\REVAService.exe [23040 2008-10-12] (LG Electronics)
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {00184fad-8390-11e1-8a01-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {0039dbd8-6223-11e3-ad85-d58a2083a6b9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {0039dc15-6223-11e3-ad85-d58a2083a6b9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {05e807ab-c393-11e3-8637-8ae6d58e00b9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {05e807c7-c393-11e3-8637-8ae6d58e00b9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {0c1d2cdf-b634-11e3-9b7b-c20ae93ebbb8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {0c1d2cfa-b634-11e3-9b7b-c20ae93ebbb8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {0c622546-686f-11e3-bd58-e98cb22b38ba} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {15139805-ab03-11e3-846a-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {15139813-ab03-11e3-846a-92a8d7b73df5} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {1f97ac23-8352-11e1-9fae-9b52adc9c93c} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {206ab672-975b-11e1-aee1-ac8112209281} - F:\pushinst.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {20e28e3d-baee-11e3-8750-b7f95d0f3aa4} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {2645172c-63b4-11e3-85ff-cf4083aee974} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {26c627c9-5314-11e2-adef-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {27d8f79f-a9a4-11e3-9b25-c0dfe90704a7} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {27d8f7b6-a9a4-11e3-9b25-c0dfe90704a7} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {28c5e31f-9ddf-11e3-85c3-b7ec1c215291} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {2e9d8143-5e33-11e3-8cfe-aec8ab6a5a64} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {308cf2a5-c7cf-11e3-8a12-8921f4369ab9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {308cf2af-c7cf-11e3-8a12-8921f4369ab9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {308cf2bd-c7cf-11e3-8a12-8921f4369ab9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {308cf2c6-c7cf-11e3-8a12-8921f4369ab9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {31cd87df-5315-11e2-a62c-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {35192586-67a5-11e3-ae20-d63da974dd64} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {351925b5-67a5-11e3-ae20-d63da974dd64} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {351925d4-67a5-11e3-ae20-d63da974dd64} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {3b33d12d-a4f1-11e3-88e1-efdd4fc5b492} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {3b33d147-a4f1-11e3-88e1-efdd4fc5b492} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {3b33d161-a4f1-11e3-88e1-efdd4fc5b492} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {401e8ee4-5fd5-11e3-bbe3-99e6e08b93b9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {4b3895a6-a90c-11e3-87a1-9ed8916a3ba1} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {4b3895b0-a90c-11e3-87a1-9ed8916a3ba1} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {4b3895cb-a90c-11e3-87a1-9ed8916a3ba1} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {4d6f20bb-c7b4-11e3-aee6-f0e16f8e3692} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {52ccdcf9-c5ef-11e3-a2e1-e5fec3d102b9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {52ccdd19-c5ef-11e3-a2e1-e5fec3d102b9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {55475630-bc1f-11e1-9c5f-001e101f63cf} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {55475647-bc1f-11e1-9c5f-001e101f63cf} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {577161bd-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {577161de-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {577161ec-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {577161f5-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {577161fe-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {57716206-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {5771620f-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {57716218-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {57716221-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {5771622a-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {57716234-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {5771623d-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {57716246-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {57716250-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {57716259-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {57716273-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {5771627b-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {5abe7cdc-b892-11e3-b030-d7184d7be5b9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {5f279f05-62f0-11e3-a639-8c8f4afc52b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {679f66c9-b977-11e1-9993-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {679f66d6-b977-11e1-9993-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {679f66fd-b977-11e1-9993-001e101f2500} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {679f6709-b977-11e1-9993-001e101f2500} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {6a3ad0bc-c525-11e3-967b-b0638e7a7cb9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {6a3ad0c5-c525-11e3-967b-b0638e7a7cb9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {6bcc9c2d-b95c-11e3-8ee5-b140340469b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {702797df-a1e0-11e3-a693-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {72b7a453-bc9b-11e1-b521-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {77de971f-a7be-11e3-8450-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {7ce6b9b3-69fe-11e3-ad1b-b0e6bc80eebb} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {864704a2-43bb-11e1-9c3b-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {864704b2-43bb-11e1-9c3b-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {8f2e54e0-8309-11e1-a2e5-da20ad1a9650} - F:\SWLauncher.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {993f1373-5bdb-11e3-af0c-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {993f137f-5bdb-11e3-af0c-934ca4618a0c} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {9ae3d2d6-a03a-11e3-ad4e-87296dcdbfb9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {9ae3d2da-a03a-11e3-ad4e-87296dcdbfb9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {9ae3d2f4-a03a-11e3-ad4e-87296dcdbfb9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {9d65d62b-5d70-11e3-ba29-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {9d65d645-5d70-11e3-ba29-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {9d97bbaa-b4a1-11e3-8a25-c522f78533b9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {9d97bbcd-b4a1-11e3-8a25-c522f78533b9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {9d97bbd0-b4a1-11e3-8a25-c522f78533b9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {9f43ab63-5f08-11e3-a664-b8a30f21326e} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {a582cb2a-6ad7-11e3-811c-aa051420ea6a} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {a73bb8e3-a8db-11e3-b3fd-e555df5609a7} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {a73bb8ec-a8db-11e3-b3fd-e555df5609a7} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {a88191a3-b3e1-11e3-935c-cf625c417fb0} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {a88191d6-b3e1-11e3-935c-cf625c417fb0} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {abb30e23-b56d-11e3-899b-9e7c40bc86a7} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {abb30e80-b56d-11e3-899b-9e7c40bc86a7} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {abb30e8b-b56d-11e3-899b-9e7c40bc86a7} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {abb30e94-b56d-11e3-899b-9e7c40bc86a7} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {abb30ea7-b56d-11e3-899b-9e7c40bc86a7} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {abb30eb0-b56d-11e3-899b-9e7c40bc86a7} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {ae4323be-647d-11e3-9b98-8398421876b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {b2702d2f-ad5b-11e3-b1a4-c9b494d6517f} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {b47ec2c3-b17f-11e3-a361-e9bff51a87ae} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {b615211d-ad91-11e3-8811-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {b92e362f-9ea6-11e3-aa54-a9fd3d4b5dae} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {b92e365a-9ea6-11e3-aa54-a9fd3d4b5dae} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {b92e3663-9ea6-11e3-aa54-a9fd3d4b5dae} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {b92e366d-9ea6-11e3-aa54-a9fd3d4b5dae} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {b92e3676-9ea6-11e3-aa54-a9fd3d4b5dae} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {bb0a079e-d095-11e3-8781-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {bd6e5ec8-4feb-11e2-9c87-cd8b570f4b57} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {bd6e5ecc-4feb-11e2-9c87-cd8b570f4b57} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {bd6e5ed5-4feb-11e2-9c87-cd8b570f4b57} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {bf99931c-a814-11e3-89f6-f060ddb1979d} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {bf999359-a814-11e3-89f6-f060ddb1979d} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {bf999362-a814-11e3-89f6-f060ddb1979d} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {c9e6db41-c842-11e1-9d60-001e101f57d0} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {c9e6db44-c842-11e1-9d60-001e101f57d0} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {caa6399e-c3ac-11e1-a668-001e101fb4df} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {caa639ab-c3ac-11e1-a668-001e101fb4df} - G:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {cb03bb30-c484-11e1-9a90-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {cc837f63-a422-11e3-b02a-af728eea65b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {cc837f6c-a422-11e3-b02a-af728eea65b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {cf791962-b0b5-11e3-a12a-93e0e4c756b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {cf791976-b0b5-11e3-a12a-93e0e4c756b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {cf791991-b0b5-11e3-a12a-93e0e4c756b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {d3df570b-a35a-11e3-b17e-93dc417e62b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {d3df5714-a35a-11e3-b17e-93dc417e62b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {d3df571d-a35a-11e3-b17e-93dc417e62b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {d3df5726-a35a-11e3-b17e-93dc417e62b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {d526a0a2-b7de-11e3-8da4-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {d62bf02c-c852-11e3-aa48-f877d36d41a6} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {de2bb7a0-615b-11e3-812b-85c4b82ae24f} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {de969121-b6ff-11e3-85b0-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {de96912e-b6ff-11e3-85b0-b0a9deaa044a} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {de969137-b6ff-11e3-85b0-b0a9deaa044a} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {df5340c3-c491-11e3-9dd7-d56831a907a4} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {df5340e4-c491-11e3-9dd7-d56831a907a4} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {e454522c-c45e-11e3-87b6-9cfffde3afb9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {ea9464ca-b1c8-11e3-afa5-ec9f6c4558b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {ea9464dd-b1c8-11e3-afa5-ec9f6c4558b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {eb23a3a9-ba20-11e3-8e92-d8b1d78bcdb8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {eb23a3b4-ba20-11e3-8e92-d8b1d78bcdb8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {eb3230c5-c469-11e3-b7a3-a7a55d02c279} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {eb3230c9-c469-11e3-b7a3-a7a55d02c279} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {eb3230d6-c469-11e3-b7a3-a7a55d02c279} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {eb3230de-c469-11e3-b7a3-a7a55d02c279} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {ec86d4ab-bbb6-11e3-8a18-db4e44d79da6} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {ec86d4c6-bbb6-11e3-8a18-db4e44d79da6} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {ed2196ce-7237-11e3-b1f8-f9966fea75ac} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {ed2196e4-7237-11e3-b1f8-f9966fea75ac} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {f39629e6-b011-11e3-87e7-dd3b4861c9b1} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {f39629f3-b011-11e3-87e7-dd3b4861c9b1} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {f3962a00-b011-11e3-87e7-dd3b4861c9b1} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {f5a0dd70-a0f9-11e3-9b49-c910c86c159d} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {faa18b55-4d9c-11e2-aecc-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {fe65e621-5ab8-11e3-90c7-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {fe65e630-5ab8-11e3-90c7-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Mobile Partner] => C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe [536576 2012-07-01] ()
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [REVAService] => C:\Program Files (x86)\LG Electronics\LG EV-DO Rev.A USB Modem\Modem Software\REVAService.exe [23040 2008-10-12] (LG Electronics)
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {00184fad-8390-11e1-8a01-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {0039dbd8-6223-11e3-ad85-d58a2083a6b9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {0039dc15-6223-11e3-ad85-d58a2083a6b9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {05e807ab-c393-11e3-8637-8ae6d58e00b9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {05e807c7-c393-11e3-8637-8ae6d58e00b9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {0c1d2cdf-b634-11e3-9b7b-c20ae93ebbb8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {0c1d2cfa-b634-11e3-9b7b-c20ae93ebbb8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {0c622546-686f-11e3-bd58-e98cb22b38ba} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {15139805-ab03-11e3-846a-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {15139813-ab03-11e3-846a-92a8d7b73df5} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {1f97ac23-8352-11e1-9fae-9b52adc9c93c} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {206ab672-975b-11e1-aee1-ac8112209281} - F:\pushinst.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {20e28e3d-baee-11e3-8750-b7f95d0f3aa4} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {2645172c-63b4-11e3-85ff-cf4083aee974} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {26c627c9-5314-11e2-adef-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {27d8f79f-a9a4-11e3-9b25-c0dfe90704a7} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {27d8f7b6-a9a4-11e3-9b25-c0dfe90704a7} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {28c5e31f-9ddf-11e3-85c3-b7ec1c215291} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {2e9d8143-5e33-11e3-8cfe-aec8ab6a5a64} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {308cf2a5-c7cf-11e3-8a12-8921f4369ab9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {308cf2af-c7cf-11e3-8a12-8921f4369ab9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {308cf2bd-c7cf-11e3-8a12-8921f4369ab9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {308cf2c6-c7cf-11e3-8a12-8921f4369ab9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {31cd87df-5315-11e2-a62c-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {35192586-67a5-11e3-ae20-d63da974dd64} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {351925b5-67a5-11e3-ae20-d63da974dd64} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {351925d4-67a5-11e3-ae20-d63da974dd64} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {3b33d12d-a4f1-11e3-88e1-efdd4fc5b492} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {3b33d147-a4f1-11e3-88e1-efdd4fc5b492} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {3b33d161-a4f1-11e3-88e1-efdd4fc5b492} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {401e8ee4-5fd5-11e3-bbe3-99e6e08b93b9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4b3895a6-a90c-11e3-87a1-9ed8916a3ba1} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4b3895b0-a90c-11e3-87a1-9ed8916a3ba1} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4b3895cb-a90c-11e3-87a1-9ed8916a3ba1} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4d6f20bb-c7b4-11e3-aee6-f0e16f8e3692} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {52ccdcf9-c5ef-11e3-a2e1-e5fec3d102b9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {52ccdd19-c5ef-11e3-a2e1-e5fec3d102b9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {55475630-bc1f-11e1-9c5f-001e101f63cf} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {55475647-bc1f-11e1-9c5f-001e101f63cf} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {577161bd-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {577161de-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {577161ec-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {577161f5-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {577161fe-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {57716206-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5771620f-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {57716218-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {57716221-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5771622a-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {57716234-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5771623d-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {57716246-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {57716250-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {57716259-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {57716273-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5771627b-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5abe7cdc-b892-11e3-b030-d7184d7be5b9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5f279f05-62f0-11e3-a639-8c8f4afc52b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {679f66c9-b977-11e1-9993-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {679f66d6-b977-11e1-9993-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {679f66fd-b977-11e1-9993-001e101f2500} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {679f6709-b977-11e1-9993-001e101f2500} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6a3ad0bc-c525-11e3-967b-b0638e7a7cb9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6a3ad0c5-c525-11e3-967b-b0638e7a7cb9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6bcc9c2d-b95c-11e3-8ee5-b140340469b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {702797df-a1e0-11e3-a693-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {72b7a453-bc9b-11e1-b521-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {77de971f-a7be-11e3-8450-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {7ce6b9b3-69fe-11e3-ad1b-b0e6bc80eebb} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {864704a2-43bb-11e1-9c3b-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {864704b2-43bb-11e1-9c3b-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8f2e54e0-8309-11e1-a2e5-da20ad1a9650} - F:\SWLauncher.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {993f1373-5bdb-11e3-af0c-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {993f137f-5bdb-11e3-af0c-934ca4618a0c} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {9ae3d2d6-a03a-11e3-ad4e-87296dcdbfb9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {9ae3d2da-a03a-11e3-ad4e-87296dcdbfb9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {9ae3d2f4-a03a-11e3-ad4e-87296dcdbfb9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {9d65d62b-5d70-11e3-ba29-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {9d65d645-5d70-11e3-ba29-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {9d97bbaa-b4a1-11e3-8a25-c522f78533b9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {9d97bbcd-b4a1-11e3-8a25-c522f78533b9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {9d97bbd0-b4a1-11e3-8a25-c522f78533b9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {9f43ab63-5f08-11e3-a664-b8a30f21326e} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a582cb2a-6ad7-11e3-811c-aa051420ea6a} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a73bb8e3-a8db-11e3-b3fd-e555df5609a7} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a73bb8ec-a8db-11e3-b3fd-e555df5609a7} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a88191a3-b3e1-11e3-935c-cf625c417fb0} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a88191d6-b3e1-11e3-935c-cf625c417fb0} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {abb30e23-b56d-11e3-899b-9e7c40bc86a7} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {abb30e80-b56d-11e3-899b-9e7c40bc86a7} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {abb30e8b-b56d-11e3-899b-9e7c40bc86a7} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {abb30e94-b56d-11e3-899b-9e7c40bc86a7} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {abb30ea7-b56d-11e3-899b-9e7c40bc86a7} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {abb30eb0-b56d-11e3-899b-9e7c40bc86a7} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ae4323be-647d-11e3-9b98-8398421876b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b2702d2f-ad5b-11e3-b1a4-c9b494d6517f} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b47ec2c3-b17f-11e3-a361-e9bff51a87ae} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b615211d-ad91-11e3-8811-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b92e362f-9ea6-11e3-aa54-a9fd3d4b5dae} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b92e365a-9ea6-11e3-aa54-a9fd3d4b5dae} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b92e3663-9ea6-11e3-aa54-a9fd3d4b5dae} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b92e366d-9ea6-11e3-aa54-a9fd3d4b5dae} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b92e3676-9ea6-11e3-aa54-a9fd3d4b5dae} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {bb0a079e-d095-11e3-8781-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {bd6e5ec8-4feb-11e2-9c87-cd8b570f4b57} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {bd6e5ecc-4feb-11e2-9c87-cd8b570f4b57} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {bd6e5ed5-4feb-11e2-9c87-cd8b570f4b57} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {bf99931c-a814-11e3-89f6-f060ddb1979d} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {bf999359-a814-11e3-89f6-f060ddb1979d} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {bf999362-a814-11e3-89f6-f060ddb1979d} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {c9e6db41-c842-11e1-9d60-001e101f57d0} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {c9e6db44-c842-11e1-9d60-001e101f57d0} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {caa6399e-c3ac-11e1-a668-001e101fb4df} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {caa639ab-c3ac-11e1-a668-001e101fb4df} - G:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {cb03bb30-c484-11e1-9a90-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {cc837f63-a422-11e3-b02a-af728eea65b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {cc837f6c-a422-11e3-b02a-af728eea65b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {cf791962-b0b5-11e3-a12a-93e0e4c756b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {cf791976-b0b5-11e3-a12a-93e0e4c756b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {cf791991-b0b5-11e3-a12a-93e0e4c756b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d3df570b-a35a-11e3-b17e-93dc417e62b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d3df5714-a35a-11e3-b17e-93dc417e62b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d3df571d-a35a-11e3-b17e-93dc417e62b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d3df5726-a35a-11e3-b17e-93dc417e62b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d526a0a2-b7de-11e3-8da4-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d62bf02c-c852-11e3-aa48-f877d36d41a6} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {de2bb7a0-615b-11e3-812b-85c4b82ae24f} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {de969121-b6ff-11e3-85b0-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {de96912e-b6ff-11e3-85b0-b0a9deaa044a} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {de969137-b6ff-11e3-85b0-b0a9deaa044a} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {df5340c3-c491-11e3-9dd7-d56831a907a4} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {df5340e4-c491-11e3-9dd7-d56831a907a4} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e454522c-c45e-11e3-87b6-9cfffde3afb9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ea9464ca-b1c8-11e3-afa5-ec9f6c4558b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ea9464dd-b1c8-11e3-afa5-ec9f6c4558b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {eb23a3a9-ba20-11e3-8e92-d8b1d78bcdb8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {eb23a3b4-ba20-11e3-8e92-d8b1d78bcdb8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {eb3230c5-c469-11e3-b7a3-a7a55d02c279} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {eb3230c9-c469-11e3-b7a3-a7a55d02c279} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {eb3230d6-c469-11e3-b7a3-a7a55d02c279} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {eb3230de-c469-11e3-b7a3-a7a55d02c279} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ec86d4ab-bbb6-11e3-8a18-db4e44d79da6} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ec86d4c6-bbb6-11e3-8a18-db4e44d79da6} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ed2196ce-7237-11e3-b1f8-f9966fea75ac} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ed2196e4-7237-11e3-b1f8-f9966fea75ac} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f39629e6-b011-11e3-87e7-dd3b4861c9b1} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f39629f3-b011-11e3-87e7-dd3b4861c9b1} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f3962a00-b011-11e3-87e7-dd3b4861c9b1} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f5a0dd70-a0f9-11e3-9b49-c910c86c159d} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {faa18b55-4d9c-11e2-aecc-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {fe65e621-5ab8-11e3-90c7-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {fe65e630-5ab8-11e3-90c7-ac8112209281} - F:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DSLMON.lnk
ShortcutTarget: DSLMON.lnk -> C:\Program Files (x86)\SAGEM\SAGEM F@st 800-840\dslmon.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=10&cc=&mi=cc897d78000000000000ac8112209281
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll ()
URLSearchHook: HKCU - Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=161&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {71B1211B-9353-4059-A415-93E2AEC42415} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=161&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {D511E4E9-05F1-41F2-9BF3-B15074BD9702} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=161&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {71B1211B-9353-4059-A415-93E2AEC42415} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=161&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {D511E4E9-05F1-41F2-9BF3-B15074BD9702} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - DefaultScope {EA68ECD0-E228-4AE4-91A5-907FC9B34453} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=cc897d78000000000000ac8112209281&r=138
SearchScopes: HKCU - {71B1211B-9353-4059-A415-93E2AEC42415} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=161&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {D511E4E9-05F1-41F2-9BF3-B15074BD9702} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {EA68ECD0-E228-4AE4-91A5-907FC9B34453} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=cc897d78000000000000ac8112209281&r=138
BHO: Ad-Aware Security Toolbar -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} -> C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll ()
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Ad-Aware Security Toolbar -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} -> C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll ()
Toolbar: HKLM-x32 - Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2010-07-17] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.189.1
Tcpip\..\Interfaces\{BBDBC3D2-DF73-4BC4-A43E-39EF516C18E5}: [NameServer] 193.189.244.206 193.189.244.225

FireFox:
========
FF ProfilePath: C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default
FF Homepage: https://www.google.de/
FF Keyword.URL: hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_9&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\user.js
FF SearchPlugin: C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\Extensions\abs@avira.com [2014-08-29]
FF Extension: Ad-Aware Security Toolbar - C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2014-08-30]
FF Extension: HP Detect - C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2013-09-18]
FF Extension: WiseConvert  - C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\Extensions\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} [2014-06-02]
FF Extension: Cliqz Beta - C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\Extensions\cliqz@cliqz.com.xpi [2014-06-30]
FF Extension: Adblock Plus - C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-05]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\G72B20SG\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\G72B20SG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-17]
CHR Extension: (Google Drive) - C:\Users\G72B20SG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-17]
CHR Extension: (YouTube) - C:\Users\G72B20SG\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-17]
CHR Extension: (Google-Suche) - C:\Users\G72B20SG\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-17]
CHR Extension: (Google Wallet) - C:\Users\G72B20SG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-17]
CHR Extension: (Google Mail) - C:\Users\G72B20SG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393080 2012-10-25] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2012-10-25] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-07-02] ()
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe [706864 2014-08-27] ()
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-17] (Realtek Semiconductor Corp.) [File not signed]
R2 StarMoney 8.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 8.0 Commerzbank-Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2138936 2014-03-20] (TuneUp Software)
R2 WTGService; C:\Program Files (x86)\Verbindungsassistent\WTGService.exe [296400 2009-03-03] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-02] (Avira Operations GmbH & Co. KG)
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [116096 2012-05-06] (AVM Berlin)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2012-10-25] (BlueStack Systems)
S1 DeskLock; C:\Windows\System32\drivers\DeskLock.sys [17920 2009-03-28] (TopLang Software) [File not signed]
S3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [115328 2008-07-24] (Huawei Technologies Co., Ltd.) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-31] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-23] (Realtek Semiconductor Corp.)
S3 StMp3Recx64; C:\Windows\System32\Drivers\StMp3Recx64.sys [26112 2007-01-12] (Generic)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
S3 UsbEvdomAtc; C:\Windows\System32\DRIVERS\lgevdom64atc.sys [27136 2008-08-26] (LG Electronics Inc.)
S3 usbevdombus; C:\Windows\System32\DRIVERS\lgevdom64bus.sys [18432 2008-08-26] (LG Electronics Inc.)
S3 UsbEvdomDiag; C:\Windows\System32\DRIVERS\lgevdom64diag.sys [27136 2008-08-26] (LG Electronics Inc.)
S3 USBEVDOmModem; C:\Windows\System32\DRIVERS\lgevdom64modem.sys [29696 2008-08-26] (LG Electronics Inc.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-31 16:33 - 2014-08-31 16:34 - 00073686 _____ () C:\Users\G72B20SG\Downloads\FRST.txt
2014-08-31 16:33 - 2014-08-31 16:33 - 00000000 ____D () C:\FRST
2014-08-31 16:32 - 2014-08-31 16:32 - 02104320 _____ (Farbar) C:\Users\G72B20SG\Downloads\FRST64.exe
2014-08-31 16:02 - 2014-08-31 16:14 - 00000478 _____ () C:\Users\G72B20SG\Downloads\defogger_disable.log
2014-08-31 16:02 - 2014-08-31 16:02 - 00000000 _____ () C:\Users\G72B20SG\defogger_reenable
2014-08-31 16:00 - 2014-08-31 16:00 - 00050477 _____ () C:\Users\G72B20SG\Downloads\Defogger.exe
2014-08-31 14:33 - 2014-08-31 14:33 - 00000000 ____D () C:\Users\G72B20SG\AppData\Local\Adobe
2014-08-30 19:28 - 2014-08-30 19:28 - 00000000 ____D () C:\Users\G72B20SG\AppData\Roaming\LavasoftStatistics
2014-08-30 19:28 - 2014-08-30 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2014-08-30 19:27 - 2014-08-31 09:26 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-08-30 19:27 - 2014-08-30 19:27 - 00000000 ____D () C:\Users\G72B20SG\AppData\Local\adawarebp
2014-08-30 19:27 - 2014-08-30 19:27 - 00000000 ____D () C:\Program Files\Lavasoft
2014-08-30 19:27 - 2014-08-30 19:27 - 00000000 ____D () C:\Program Files (x86)\Toolbar Cleaner
2014-08-30 19:26 - 2014-08-30 19:26 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-08-30 19:24 - 2014-08-30 19:24 - 00000000 ____D () C:\Users\G72B20SG\AppData\Roaming\Lavasoft
2014-08-30 19:23 - 2014-08-30 19:23 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-08-30 19:23 - 2014-08-30 19:23 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-08-30 19:22 - 2014-08-30 19:22 - 02806920 _____ () C:\Users\G72B20SG\Downloads\Adaware_Installer.exe
2014-08-30 17:43 - 2014-08-31 12:02 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-30 17:41 - 2014-08-30 17:41 - 00000000 ____D () C:\Users\G72B20SG\AppData\Roaming\Malwarebytes
2014-08-30 17:28 - 2014-08-31 09:25 - 00000392 _____ () C:\Windows\setupact.log
2014-08-30 17:28 - 2014-08-30 18:59 - 00312448 _____ () C:\Windows\PFRO.log
2014-08-30 17:28 - 2014-08-30 17:28 - 00000000 ____D () C:\Intel
2014-08-30 17:28 - 2014-08-30 17:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-30 17:25 - 2014-08-30 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-08-30 17:25 - 2014-08-30 17:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-08-30 17:23 - 2014-08-30 17:23 - 00000000 ____D () C:\Users\G72B20SG\Downloads\malewarebytes
2014-08-30 17:22 - 2014-08-30 17:22 - 10282311 _____ () C:\Users\G72B20SG\Downloads\malewarebytes.rar
2014-08-30 15:48 - 2014-08-30 15:48 - 00000000 ____D () C:\SUPERDelete
2014-08-30 15:28 - 2014-08-30 17:39 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-30 15:27 - 2014-08-30 15:26 - 18767256 _____ (SUPERAntiSpyware) C:\Users\G72B20SG\Downloads\SUPERAntiSpyware_CB-DL-Manager [1].exe
2014-08-30 15:25 - 2014-08-30 15:26 - 00816064 _____ ( ) C:\Users\G72B20SG\Downloads\SUPERAntiSpyware_CB-DL-Manager(1).exe
2014-08-30 15:25 - 2014-08-30 15:25 - 00816064 _____ ( ) C:\Users\G72B20SG\Downloads\SUPERAntiSpyware_CB-DL-Manager.exe
2014-08-30 14:11 - 2014-08-30 14:11 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-30 14:11 - 2014-08-30 14:11 - 00000000 _____ () C:\autoexec.bat
2014-08-30 14:08 - 2014-08-30 17:18 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-30 14:06 - 2014-08-30 14:07 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\G72B20SG\Downloads\SpyHunter-Installer.exe
2014-08-28 17:07 - 2014-08-28 17:07 - 01101648 _____ () C:\Users\G72B20SG\Downloads\Windows Live Messenger 2012 Final - CHIP-Installer.exe
2014-08-28 16:59 - 2014-08-28 17:00 - 00000000 ____D () C:\Users\G72B20SG\AppData\Roaming\ICQ-Profile
2014-08-28 16:58 - 2014-08-28 16:59 - 35200008 _____ (ICQ) C:\Users\G72B20SG\Downloads\icq_rfrset.exe
2014-08-28 16:54 - 2014-08-28 16:54 - 01677928 _____ (Skype Technologies S.A.) C:\Users\G72B20SG\Downloads\SkypeSetup.exe
2014-08-20 08:21 - 2014-08-20 08:21 - 00000000 ____D () C:\Users\G72B20SG\Documents\My Cheat Tables
2014-08-20 08:20 - 2014-08-20 08:20 - 03520000 _____ () C:\Users\G72B20SG\Downloads\Fv2Trainer_2014.exe
2014-08-19 15:44 - 2014-01-06 19:55 - 00903168 _____ (Farm Ville 2 Hack) C:\Users\G72B20SG\Downloads\FarmVille 2 Hack.exe
2014-08-19 15:34 - 2014-08-19 15:35 - 00452096 _____ (Your Organization/Home Here) C:\Users\G72B20SG\Downloads\Farmville 2 Hack Tool 100% Working(1).exe
2014-08-19 15:31 - 2014-08-19 15:31 - 00452096 _____ (Your Organization/Home Here) C:\Users\G72B20SG\Downloads\Farmville 2 Hack Tool 100% Working.exe
2014-08-19 14:46 - 2014-08-19 14:46 - 00000000 ____D () C:\Users\G72B20SG\Downloads\FarmVille+2+Xtream+Pack
2014-08-19 14:26 - 2014-08-19 14:26 - 00708346 _____ () C:\Users\G72B20SG\Downloads\FarmVille+2+Xtream+Pack.rar
2014-08-16 19:51 - 2014-08-16 19:51 - 00000000 _____ () C:\Windows\SysWOW64\sho828.tmp
2014-08-08 19:54 - 2014-08-08 19:54 - 00000000 _____ () C:\Windows\SysWOW64\shoF6D1.tmp
2014-08-07 12:32 - 2014-08-21 05:30 - 00001097 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-07 12:32 - 2014-08-21 05:30 - 00000000 ____D () C:\ProgramData\Package Cache

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-31 16:34 - 2014-08-31 16:33 - 00073686 _____ () C:\Users\G72B20SG\Downloads\FRST.txt
2014-08-31 16:33 - 2014-08-31 16:33 - 00000000 ____D () C:\FRST
2014-08-31 16:32 - 2014-08-31 16:32 - 02104320 _____ (Farbar) C:\Users\G72B20SG\Downloads\FRST64.exe
2014-08-31 16:14 - 2014-08-31 16:02 - 00000478 _____ () C:\Users\G72B20SG\Downloads\defogger_disable.log
2014-08-31 16:02 - 2014-08-31 16:02 - 00000000 _____ () C:\Users\G72B20SG\defogger_reenable
2014-08-31 16:02 - 2011-03-26 15:31 - 00000000 ____D () C:\Users\G72B20SG
2014-08-31 16:00 - 2014-08-31 16:00 - 00050477 _____ () C:\Users\G72B20SG\Downloads\Defogger.exe
2014-08-31 15:42 - 2011-09-24 20:37 - 00000000 ____D () C:\Users\G72B20SG\AppData\Roaming\Skype
2014-08-31 15:37 - 2012-05-08 14:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-31 14:33 - 2014-08-31 14:33 - 00000000 ____D () C:\Users\G72B20SG\AppData\Local\Adobe
2014-08-31 12:02 - 2014-08-30 17:43 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-31 09:35 - 2009-07-14 06:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-31 09:35 - 2009-07-14 06:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-31 09:31 - 2010-12-24 17:09 - 01248902 _____ () C:\Windows\WindowsUpdate.log
2014-08-31 09:28 - 2012-05-08 00:20 - 00000439 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-08-31 09:26 - 2014-08-30 19:27 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-08-31 09:25 - 2014-08-30 17:28 - 00000392 _____ () C:\Windows\setupact.log
2014-08-31 09:25 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-30 20:54 - 2014-05-23 18:37 - 00000000 ____D () C:\Users\G72B20SG\Desktop\Bami Goreng
2014-08-30 19:28 - 2014-08-30 19:28 - 00000000 ____D () C:\Users\G72B20SG\AppData\Roaming\LavasoftStatistics
2014-08-30 19:28 - 2014-08-30 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2014-08-30 19:27 - 2014-08-30 19:27 - 00000000 ____D () C:\Users\G72B20SG\AppData\Local\adawarebp
2014-08-30 19:27 - 2014-08-30 19:27 - 00000000 ____D () C:\Program Files\Lavasoft
2014-08-30 19:27 - 2014-08-30 19:27 - 00000000 ____D () C:\Program Files (x86)\Toolbar Cleaner
2014-08-30 19:26 - 2014-08-30 19:26 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-08-30 19:24 - 2014-08-30 19:24 - 00000000 ____D () C:\Users\G72B20SG\AppData\Roaming\Lavasoft
2014-08-30 19:23 - 2014-08-30 19:23 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-08-30 19:23 - 2014-08-30 19:23 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-08-30 19:22 - 2014-08-30 19:22 - 02806920 _____ () C:\Users\G72B20SG\Downloads\Adaware_Installer.exe
2014-08-30 18:59 - 2014-08-30 17:28 - 00312448 _____ () C:\Windows\PFRO.log
2014-08-30 18:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-08-30 17:42 - 2014-05-18 10:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-30 17:41 - 2014-08-30 17:41 - 00000000 ____D () C:\Users\G72B20SG\AppData\Roaming\Malwarebytes
2014-08-30 17:39 - 2014-08-30 15:28 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-30 17:28 - 2014-08-30 17:28 - 00000000 ____D () C:\Intel
2014-08-30 17:28 - 2014-08-30 17:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-30 17:25 - 2014-08-30 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-08-30 17:25 - 2014-08-30 17:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-08-30 17:25 - 2014-05-18 10:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-30 17:23 - 2014-08-30 17:23 - 00000000 ____D () C:\Users\G72B20SG\Downloads\malewarebytes
2014-08-30 17:22 - 2014-08-30 17:22 - 10282311 _____ () C:\Users\G72B20SG\Downloads\malewarebytes.rar
2014-08-30 17:18 - 2014-08-30 14:08 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-30 15:48 - 2014-08-30 15:48 - 00000000 ____D () C:\SUPERDelete
2014-08-30 15:26 - 2014-08-30 15:27 - 18767256 _____ (SUPERAntiSpyware) C:\Users\G72B20SG\Downloads\SUPERAntiSpyware_CB-DL-Manager [1].exe
2014-08-30 15:26 - 2014-08-30 15:25 - 00816064 _____ ( ) C:\Users\G72B20SG\Downloads\SUPERAntiSpyware_CB-DL-Manager(1).exe
2014-08-30 15:25 - 2014-08-30 15:25 - 00816064 _____ ( ) C:\Users\G72B20SG\Downloads\SUPERAntiSpyware_CB-DL-Manager.exe
2014-08-30 14:11 - 2014-08-30 14:11 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-30 14:11 - 2014-08-30 14:11 - 00000000 _____ () C:\autoexec.bat
2014-08-30 14:07 - 2014-08-30 14:06 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\G72B20SG\Downloads\SpyHunter-Installer.exe
2014-08-30 13:41 - 2012-06-19 23:41 - 00000000 ____D () C:\Users\G72B20SG\AppData\Local\CrashDumps
2014-08-28 17:07 - 2014-08-28 17:07 - 01101648 _____ () C:\Users\G72B20SG\Downloads\Windows Live Messenger 2012 Final - CHIP-Installer.exe
2014-08-28 17:00 - 2014-08-28 16:59 - 00000000 ____D () C:\Users\G72B20SG\AppData\Roaming\ICQ-Profile
2014-08-28 16:59 - 2014-08-28 16:58 - 35200008 _____ (ICQ) C:\Users\G72B20SG\Downloads\icq_rfrset.exe
2014-08-28 16:57 - 2014-03-02 10:38 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-28 16:56 - 2011-04-16 15:01 - 00000000 ____D () C:\ProgramData\Skype
2014-08-28 16:54 - 2014-08-28 16:54 - 01677928 _____ (Skype Technologies S.A.) C:\Users\G72B20SG\Downloads\SkypeSetup.exe
2014-08-27 14:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-26 10:14 - 2012-04-09 09:31 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-08-21 05:30 - 2014-08-07 12:32 - 00001097 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-21 05:30 - 2014-08-07 12:32 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-21 05:30 - 2013-07-26 13:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-21 05:30 - 2013-07-26 13:48 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-20 14:17 - 2013-04-27 14:08 - 00000000 ____D () C:\Users\G72B20SG\Desktop\Goldschrift HP
2014-08-20 10:25 - 2012-05-06 12:17 - 00000000 ____D () C:\Users\G72B20SG\AppData\Roaming\SoftGrid Client
2014-08-20 08:21 - 2014-08-20 08:21 - 00000000 ____D () C:\Users\G72B20SG\Documents\My Cheat Tables
2014-08-20 08:20 - 2014-08-20 08:20 - 03520000 _____ () C:\Users\G72B20SG\Downloads\Fv2Trainer_2014.exe
2014-08-19 15:35 - 2014-08-19 15:34 - 00452096 _____ (Your Organization/Home Here) C:\Users\G72B20SG\Downloads\Farmville 2 Hack Tool 100% Working(1).exe
2014-08-19 15:31 - 2014-08-19 15:31 - 00452096 _____ (Your Organization/Home Here) C:\Users\G72B20SG\Downloads\Farmville 2 Hack Tool 100% Working.exe
2014-08-19 14:46 - 2014-08-19 14:46 - 00000000 ____D () C:\Users\G72B20SG\Downloads\FarmVille+2+Xtream+Pack
2014-08-19 14:26 - 2014-08-19 14:26 - 00708346 _____ () C:\Users\G72B20SG\Downloads\FarmVille+2+Xtream+Pack.rar
2014-08-17 08:11 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-16 19:51 - 2014-08-16 19:51 - 00000000 _____ () C:\Windows\SysWOW64\sho828.tmp
2014-08-13 06:05 - 2012-05-08 14:54 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-13 06:04 - 2012-05-08 14:54 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-13 06:04 - 2011-09-25 20:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-08 19:54 - 2014-08-08 19:54 - 00000000 _____ () C:\Windows\SysWOW64\shoF6D1.tmp
2014-08-08 05:45 - 2012-04-11 20:12 - 00000000 ____D () C:\Users\G72B20SG\AppData\Roaming\TeamViewer
2014-08-07 12:32 - 2013-07-26 13:48 - 00000000 ____D () C:\ProgramData\Avira
2014-08-06 07:13 - 2012-12-26 09:42 - 00001062 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
2014-08-06 07:13 - 2012-12-26 09:42 - 00001050 _____ () C:\Users\Public\Desktop\TeamViewer 8.lnk
2014-08-05 09:20 - 2011-03-26 15:54 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\G72B20SG\AppData\Local\Temp\7b4a7b62-a14a-42a7-8304-4c3287f29317.exe
C:\Users\G72B20SG\AppData\Local\Temp\avgnt.exe
C:\Users\G72B20SG\AppData\Local\Temp\SHSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-27 10:45

==================== End Of Log ============================

--- --- ---

--- --- ---

Simi1961 · 31.08.2014, 15:39

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2014
Ran by G72B20SG at 2014-08-31 16:34:41
Running from C:\Users\G72B20SG\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Ad-Aware Antivirus (HKLM\...\{E39A80AE-0CC0-43EE-AB6B-BE11DC4F969F}_AdAwareUpdater) (Version: 11.3.6321.0 - Lavasoft)
Ad-Aware Security Toolbar (HKLM-x32\...\adawaretb) (Version: 3.9.0.26 - Lavasoft)
AdAwareInstaller (Version: 11.3.6321.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.3.6321.0 - Lavasoft) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Aqua Real 2 (HKLM-x32\...\{8DB9EA6D-2D56-4392-85D6-5272CD95610A}) (Version:  - )
ATI Catalyst Install Manager (HKLM\...\{1795BAA8-65EC-66D0-9DA4-D4B1FBE7700E}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
AVM FRITZ!Box USB-Fernanschluss (HKCU\...\f018cf21c0452c64) (Version: 2.2.1.0 - AVM Berlin)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.7.7.813 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0621.2137.36973 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0621.2137.36973 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0621.2137.36973 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0621.2137.36973 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help English (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help French (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help German (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0621.2137.36973 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0621.2137.36973 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 7.0.3003 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4217 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.1.4217 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.2511 - CyberLink Corp.) Hidden
Desktop Lock 7.2 (HKLM-x32\...\Desktop Lock) (Version: 7.2 - TopLang Software)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Druckerdeinstallation für EPSON SX210 Series (HKLM\...\EPSON SX210 Series) (Version:  - SEIKO EPSON Corporation)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Free Audio Converter version 5.0.30.1029 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.30.1029 - DVDVideoSoft Ltd.)
Google Earth (HKLM-x32\...\{C1940CF0-E2DD-11E0-BB25-B8AC6F97B88E}) (Version: 6.1.0.4738 - Google)
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.4 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
HP Product Detection (HKLM-x32\...\{8A9FC225-75F6-4B5D-911C-0ED230565643}) (Version: 11.15.0009 - HP)
HP Quick Launch (HKLM-x32\...\{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM\...\{E342EC6B-5F25-47FE-B92C-DE616149B430}) (Version: 4.0.9.0 - Hewlett-Packard)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Internet Mobile (HKLM-x32\...\Internet Mobile) (Version: 11.302.09.01.162 - Huawei Technologies Co.,Ltd)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Java(TM) 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Jewel Quest II (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
LG EV-DOM USB MODEM (HKLM-x32\...\{3314870F-4DEB-4E38-A9D8-B978945CEF01}) (Version:  - )
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version:  - EasyBits Software AS)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 16.002.03.02.705 - Huawei Technologies Co.,Ltd)
MobileWiFi (HKLM-x32\...\MobileWiFi) (Version: TOOL-ConnLaucher_WIN1.09.02.00 - Huawei Technologies Co.,Ltd)
Modem LG LDU-1900D (HKLM-x32\...\{43DB077F-C85F-42CC-8302-17CBEE4A6BC6}) (Version: 1.00.0000 - LG Electronics)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Notification Center (HKLM-x32\...\{384FA0C0-BB19-4CA0-8DB4-5FD4E938277F}) (Version: 0.7.7.813 - BlueStack Systems, Inc.)
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6066 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
RtVOsd (HKLM\...\{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}) (Version: 1.0.3 - Realtek Semiconductor Corp.)
SAGEM F@st 800-840 (HKLM-x32\...\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}) (Version:  - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
StarMoney (x32 Version: 3.0.5.8 - StarFinanz) Hidden
StarMoney 8.0 Commerzbank-Edition (HKLM-x32\...\{B7E7F5E6-1E8C-49B6-97C0-78B97393354C}) (Version: 8.0 - Star Finanz GmbH)
Steinberg My MP3 Player 3.0 (HKLM-x32\...\Install Steinberg My MP3 Player 3.0) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.17.4 - Synaptics Incorporated)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
Tinypic 3.18 (HKLM-x32\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.275 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Verbindungsassistent (HKLM-x32\...\Verbindungsassistent) (Version: 2.1 - Verbindungsassistent)
VLC media player 1.1.9 (HKLM-x32\...\VLC media player) (Version: 1.1.9 - VideoLAN)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Xara 3D Maker 7 (HKLM-x32\...\MAGIX_{19B9DAD6-5E6E-4B80-8EFE-314B5638D6D4}) (Version: 7.0.0.442 - Xara Group Ltd)
Xara 3D Maker 7 (Version: 7.0.0.442 - Xara Group Ltd) Hidden
Yontoo 1.10.02 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.02 - Yontoo LLC) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2196551083-3368854960-1698058853-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\G72B20SG\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2196551083-3368854960-1698058853-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\G72B20SG\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2196551083-3368854960-1698058853-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\G72B20SG\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2196551083-3368854960-1698058853-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\G72B20SG\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2196551083-3368854960-1698058853-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\G72B20SG\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0521AFA3-C84C-46C6-8429-97B54D3D3365} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {0F1E6911-DFCC-4EEE-9126-C3FE86F3CA92} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-03-20] (TuneUp Software)
Task: {169A690B-3778-4355-89D4-C1C73B1664B7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {178D960A-DB9F-480C-A953-943C8F66EC1B} - System32\Tasks\{5EA07D89-2AF2-4A59-A011-21F4F5BFFBF0} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.2.0.166.321/de/abandoninstall?page=tsDownload&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {18CD99E0-3F5C-4AF6-BC9B-39088E6E6BD4} - System32\Tasks\{BE6E5F12-9217-452C-B412-0A9F566B6B1D} => C:\Program Files (x86)\LG Electronics\LG EV-DO Rev.A USB Modem\Modem Software\IEUM.exe [2008-10-12] (LG Electronics)
Task: {2625AB9A-C548-4FFB-B51B-CB4D0E515EF0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {27FF9C15-22CB-4F85-AED5-8AE61AB80111} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {2D915D22-6721-4AAF-87B8-564B51B7865E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {69D74337-34E7-4375-936D-955B260A61D6} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe
Task: {7E55CC6F-2879-416E-8B3D-81C2263643D6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {8050E22F-F2E4-437F-8328-0B8DD886B1F3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {8469BB48-9881-4FDF-BD1F-0C62396AB9B2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2013-09-17] (Microsoft)
Task: {A9AC69D3-F3A9-4511-96B9-B1827583F871} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-13] (Adobe Systems Incorporated)
Task: {B007DE4E-5438-4A93-A8BA-35A9EA2AF4E3} - System32\Tasks\{F8EAEDB7-1F49-4E2E-8350-73080FF1591E} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.0.158.321/en/abandoninstall?page=tsMain
Task: {D644C257-BB29-46E9-900C-D8F0348B95FE} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-05-07] (Oracle Corporation)
Task: {F9AEC520-AE06-4E45-A2FB-BECF20AD477C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2008-09-08 10:19 - 2008-09-08 10:19 - 00022016 _____ () C:\Windows\System32\cl31cl6.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 02745168 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareShellExtension.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\RCF.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_filesystem-vc100-mt-1_55.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_system-vc100-mt-1_55.dll
2010-07-02 11:51 - 2010-07-02 11:51 - 00027192 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
2011-03-14 17:27 - 2011-03-14 17:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-08-27 12:32 - 2014-08-27 12:32 - 00706864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe
2014-08-27 12:53 - 2014-08-27 12:53 - 00103768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_thread-vc100-mt-1_55.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_chrono-vc100-mt-1_55.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_date_time-vc100-mt-1_55.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 11947856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareServiceKernel.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00788824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_regex-vc100-mt-1_55.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00734536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareActivation.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 02167640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareApplicationUpdater.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00813896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareGamingMode.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00098624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareReset.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00120128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTime.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00943960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareDefinitionsUpdater.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00869224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareDefinitionsUpdaterScheduler.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01105224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareIgnoreList.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00247624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareQuarantine.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00988504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiMalwareEngine.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiRootkitEngine.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01172816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareScannerHistory.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01277248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareScanner.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_timer-vc100-mt-1_55.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00975192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareScannerScheduler.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01109336 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareRealTimeProtection.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareIncompatibles.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00891720 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiSpam.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00843088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiPhishing.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 03090768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareParentalControl.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 02624848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareWebProtection.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01067344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareEmailProtection.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01290584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareNetworkProtection.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01004352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwarePromo.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00343880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareFeedback.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 02787160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareThreatWorkAlliance.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01238848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwarePinCode.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01004864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareNotice.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00928072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAvcEngine.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00154944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\SecurityCenter.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 08886592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe
2014-08-27 12:53 - 2014-08-27 12:53 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_locale-vc100-mt-1_55.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 02101568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\HtmlFramework.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\DllStorage.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00832848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTrayDefaultSkin.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\Localization.dll
2011-11-01 21:06 - 2006-06-13 14:04 - 00839680 _____ () C:\Program Files (x86)\SAGEM\SAGEM F@st 800-840\dslmon.exe
2011-11-01 21:06 - 2006-02-15 11:15 - 00176128 _____ () C:\Windows\autoclk.exe
2011-11-01 21:06 - 2006-02-16 08:44 - 00143360 _____ () C:\Windows\adiras.exe
2014-03-20 15:44 - 2014-03-20 15:44 - 00675640 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2012-06-22 06:15 - 2009-03-03 12:45 - 00296400 ____N () C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
2010-06-10 18:12 - 2010-06-10 18:12 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-06-21 22:36 - 2010-06-21 22:36 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-06-18 16:26 - 2010-06-18 16:26 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-06-18 16:26 - 2010-06-18 16:26 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2010-06-18 16:26 - 2010-06-18 16:26 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 16202048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareDesktop.exe
2014-08-27 12:53 - 2014-08-27 12:53 - 00451440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_program_options-vc100-mt-1_55.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 08987480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareDesktopDefaultSkin.dll
2011-11-01 21:06 - 2006-06-08 12:13 - 00094208 _____ () C:\Program Files (x86)\SAGEM\SAGEM F@st 800-840\Languages\German.dll
2014-08-30 07:47 - 2014-08-04 14:20 - 00052472 _____ () C:\Users\G72B20SG\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2013-04-18 13:53 - 2011-01-13 12:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 8.0 Commerzbank-Edition\ouservice\PATCHW32.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00067832 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2013-09-20 11:11 - 2013-09-20 11:11 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9e5dc5d1c75de12100f8c1d8c65de002\IsdiInterop.ni.dll
2010-12-24 17:13 - 2010-04-13 10:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-07-26 22:22 - 2014-07-17 07:42 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-08-13 06:04 - 2014-08-13 06:04 - 17048240 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: EPSON SX210 Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFDE.EXE /FU "C:\Windows\TEMP\E_SB6B3.tmp" /EF "HKCU"
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: iFunBox Price Watch => C:\Program Files (x86)\iFunbox 2014\iFunBox2014.exe /tray
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: Magic Desktop for HP notification => "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe"
MSCONFIG\startupreg: REVAService => C:\Program Files (x86)\LG Electronics\LG EV-DO Rev.A USB Modem\Modem Software\REVAService.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/31/2014 04:34:43 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
.


Vorgang:
   VSS-Server wird instanziiert

Error: (08/31/2014 04:34:43 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "IVssCoordinatorEx2" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
   VSS-Server wird instanziiert

Error: (08/31/2014 11:01:30 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (08/31/2014 10:55:30 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/31/2014 09:26:34 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (08/30/2014 09:11:21 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (08/30/2014 07:31:40 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (08/30/2014 07:28:05 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\msiexec.exe /V; Beschreibung = Installed AA11.; Fehler = 0x80042302).

Error: (08/30/2014 07:28:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
.

Error: (08/30/2014 07:28:05 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {0b5a2c52-3eb9-470a-96e2-6c6d4570e40f} und dem Namen "Coordinator" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


System errors:
=============
Error: (08/31/2014 00:29:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (08/31/2014 00:28:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (08/31/2014 00:28:12 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068stisvc{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (08/31/2014 09:28:12 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
DeskLock

Error: (08/31/2014 09:26:34 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (08/30/2014 09:11:50 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
DeskLock

Error: (08/30/2014 09:11:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (08/30/2014 09:10:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LightScribeService Direct Disc Labeling Service erreicht.

Error: (08/30/2014 07:57:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (08/30/2014 07:57:30 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068stisvc{A1F4E726-8CF1-11D1-BF92-0060081ED811}


Microsoft Office Sessions:
=========================
Error: (08/31/2014 04:34:43 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   VSS-Server wird instanziiert

Error: (08/31/2014 04:34:43 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   VSS-Server wird instanziiert

Error: (08/31/2014 11:01:30 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (08/31/2014 10:55:30 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (08/31/2014 09:26:34 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (08/30/2014 09:11:21 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (08/30/2014 07:31:40 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (08/30/2014 07:28:05 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\msiexec.exe /VInstalled AA11.0x80042302

Error: (08/30/2014 07:28:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.

Error: (08/30/2014 07:28:05 PM) (Source: VSS) (EventID: 13) (User: )
Description: {0b5a2c52-3eb9-470a-96e2-6c6d4570e40f}Coordinator0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


CodeIntegrity Errors:
===================================
  Date: 2014-08-31 09:25:42.668
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\DeskLock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-31 09:25:42.574
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\DeskLock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-30 21:09:16.856
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\DeskLock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-30 21:09:16.763
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\DeskLock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-30 19:29:58.792
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\DeskLock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-30 19:29:58.699
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\DeskLock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-30 18:59:25.870
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\DeskLock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-30 18:59:25.777
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\DeskLock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-30 18:33:18.292
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\DeskLock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-30 18:33:18.198
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\DeskLock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU P6100 @ 2.00GHz
Percentage of memory in use: 75%
Total physical RAM: 3893.86 MB
Available physical RAM: 963.84 MB
Total Pagefile: 7785.86 MB
Available Pagefile: 4541.44 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:448.61 GB) (Free:341.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:16.86 GB) (Free:2.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 91CA769B)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=448.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================

cosinus · 31.08.2014, 15:45

Zitat:

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

Sowas geht garnicht. 1. installiert man niemals sowas wie Avira und Ad-Aware AV parallel, 2. würde ich niemals einen der beiden verwenden. Deinstalliere bitte Avira und Ad-Aware, wenn wir hier fertig sind, kannst du auf Avast Free oder Emsisoft umsteigen.

Simi1961 · 31.08.2014, 15:48

Ja ok,mache ich sofort.

cosinus · 31.08.2014, 15:50

Ok, danach bitte so weitermachen:

Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Simi1961 · 31.08.2014, 17:40

Code:

ATTFilter

# AdwCleaner v3.308 - Bericht erstellt am 31/08/2014 um 17:15:50
# Aktualisiert 20/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzername : G72B20SG - G72B20SG-HP
# Gestartet von : C:\Users\G72B20SG\Downloads\adwcleaner_3.308.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Uniblue
Ordner Gelöscht : C:\Users\G72B20SG\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\G72B20SG\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\ConduitCommon
Ordner Gelöscht : C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\CT3196716
Ordner Gelöscht : C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\Extensions\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gelöscht : C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\user.js

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\adawarebp
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browser ] *****

-\\ Internet Explorer v8.0.7600.17267

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.Softonic.admin", false);
Zeile gelöscht : user_pref("extensions.Softonic.aflt", "OC");
Zeile gelöscht : user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}");
Zeile gelöscht : user_pref("extensions.Softonic.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.Softonic.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.Softonic.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.Softonic.dnsErr", true);
Zeile gelöscht : user_pref("extensions.Softonic.excTlbr", false);
Zeile gelöscht : user_pref("extensions.Softonic.ffxUnstlRst", false);
Zeile gelöscht : user_pref("extensions.Softonic.hmpg", true);
Zeile gelöscht : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=13&cc=&mi=cc897d78000000000000ac8112209281");
Zeile gelöscht : user_pref("extensions.Softonic.id", "cc897d78000000000000ac8112209281");
Zeile gelöscht : user_pref("extensions.Softonic.instlDay", "16025");
Zeile gelöscht : user_pref("extensions.Softonic.instlRef", "MOY00621");
Zeile gelöscht : user_pref("extensions.Softonic.newTab", true);
Zeile gelöscht : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=cc897d78000000000000ac8112209281");
Zeile gelöscht : user_pref("extensions.Softonic.prdct", "Softonic");
Zeile gelöscht : user_pref("extensions.Softonic.prtnrId", "softonic");
Zeile gelöscht : user_pref("extensions.Softonic.rvrt", "false");
Zeile gelöscht : user_pref("extensions.Softonic.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
Zeile gelöscht : user_pref("extensions.Softonic.tlbrId", "opencandy2013");
Zeile gelöscht : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=1&cc=&mi=cc897d78000000000000ac8112209281&q=");
Zeile gelöscht : user_pref("extensions.Softonic.vrsn", "1.8.21.14");
Zeile gelöscht : user_pref("extensions.Softonic.vrsnTs", "1.8.21.1416:12:00");
Zeile gelöscht : user_pref("extensions.Softonic.vrsni", "1.8.21.14");
Zeile gelöscht : user_pref("extensions.ffxtlbr@babylon.com.install-event-fired", true);
Zeile gelöscht : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,BestVideoDownloader,EzLooker,TwitTube,TopRelatedTopics,Buzzdock,");
Zeile gelöscht : user_pref("extentions.y2layers.installId", "80b021b9-0608-4d23-91de-2310d662b11e");

-\\ Google Chrome v

[ Datei : C:\Users\G72B20SG\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [9647 octets] - [31/08/2014 17:09:52]
AdwCleaner[S0].txt - [9221 octets] - [31/08/2014 17:15:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9281 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by G72B20SG on 31.08.2014 at 17:26:07,33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_chr_1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_chr_1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_chr_1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_chr_1_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D511E4E9-05F1-41F2-9BF3-B15074BD9702}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EA68ECD0-E228-4AE4-91A5-907FC9B34453}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{D511E4E9-05F1-41F2-9BF3-B15074BD9702}



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho39A9.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8156.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho828.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9615.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoAC1D.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoCEBC.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF0EF.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF6D1.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\simplitec"
Successfully deleted: [Folder] "C:\Users\G72B20SG\AppData\Roaming\simplitec"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted the following from C:\Users\G72B20SG\AppData\Roaming\mozilla\firefox\profiles\5tw0gy5k.default\prefs.js

user_pref("keyword.URL", "hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_9&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=");
Emptied folder: C:\Users\G72B20SG\AppData\Roaming\mozilla\firefox\profiles\5tw0gy5k.default\minidumps [198 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.08.2014 at 17:32:59,84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by G72B20SG on 31.08.2014 at 17:26:07,33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_chr_1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_chr_1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_chr_1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_chr_1_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D511E4E9-05F1-41F2-9BF3-B15074BD9702}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EA68ECD0-E228-4AE4-91A5-907FC9B34453}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{D511E4E9-05F1-41F2-9BF3-B15074BD9702}



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho39A9.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8156.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho828.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9615.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoAC1D.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoCEBC.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF0EF.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF6D1.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\simplitec"
Successfully deleted: [Folder] "C:\Users\G72B20SG\AppData\Roaming\simplitec"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted the following from C:\Users\G72B20SG\AppData\Roaming\mozilla\firefox\profiles\5tw0gy5k.default\prefs.js

user_pref("keyword.URL", "hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_9&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=");
Emptied folder: C:\Users\G72B20SG\AppData\Roaming\mozilla\firefox\profiles\5tw0gy5k.default\minidumps [198 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.08.2014 at 17:32:59,84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014
Ran by G72B20SG (administrator) on G72B20SG-HP on 31-08-2014 17:39:12
Running from C:\Users\G72B20SG\Downloads
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(TopLang Software) C:\Program Files\Desktop Lock\TLDL.EXE
() C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Windows\System32\GfxUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(LG Electronics) C:\Program Files (x86)\LG Electronics\LG EV-DO Rev.A USB Modem\Modem Software\REVAService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\SAGEM\SAGEM F@st 800-840\dslmon.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Windows\autoclk.exe
() C:\Windows\adiras.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 8.0 Commerzbank-Edition\ouservice\StarMoneyOnlineUpdate.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\G72B20SG\Downloads\FRST64(2).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-27] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6234144 2010-03-13] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [Desktop Lock Loader] => C:\Program Files\Desktop Lock\TLDL.EXE [233984 2009-04-01] (TopLang Software)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-06-02] (EasyBits Software AS)
HKLM-x32\...\Run: [autoclk] => C:\Windows\autoclk.exe [176128 2006-02-15] ()
HKLM-x32\...\Run: [adiras] => C:\Windows\adiras.exe [143360 2006-02-16] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\Run: [Mobile Partner] => C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe [536576 2012-07-01] ()
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\Run: [REVAService] => C:\Program Files (x86)\LG Electronics\LG EV-DO Rev.A USB Modem\Modem Software\REVAService.exe [23040 2008-10-12] (LG Electronics)
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {00184fad-8390-11e1-8a01-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {0039dbd8-6223-11e3-ad85-d58a2083a6b9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {0039dc15-6223-11e3-ad85-d58a2083a6b9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {05e807ab-c393-11e3-8637-8ae6d58e00b9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {05e807c7-c393-11e3-8637-8ae6d58e00b9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {0c1d2cdf-b634-11e3-9b7b-c20ae93ebbb8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {0c1d2cfa-b634-11e3-9b7b-c20ae93ebbb8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {0c622546-686f-11e3-bd58-e98cb22b38ba} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {15139805-ab03-11e3-846a-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {15139813-ab03-11e3-846a-92a8d7b73df5} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {1f97ac23-8352-11e1-9fae-9b52adc9c93c} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {206ab672-975b-11e1-aee1-ac8112209281} - F:\pushinst.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {20e28e3d-baee-11e3-8750-b7f95d0f3aa4} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {2645172c-63b4-11e3-85ff-cf4083aee974} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {26c627c9-5314-11e2-adef-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {27d8f79f-a9a4-11e3-9b25-c0dfe90704a7} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {27d8f7b6-a9a4-11e3-9b25-c0dfe90704a7} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {28c5e31f-9ddf-11e3-85c3-b7ec1c215291} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {2e9d8143-5e33-11e3-8cfe-aec8ab6a5a64} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {308cf2a5-c7cf-11e3-8a12-8921f4369ab9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {308cf2af-c7cf-11e3-8a12-8921f4369ab9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {308cf2bd-c7cf-11e3-8a12-8921f4369ab9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {308cf2c6-c7cf-11e3-8a12-8921f4369ab9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {31cd87df-5315-11e2-a62c-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {35192586-67a5-11e3-ae20-d63da974dd64} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {351925b5-67a5-11e3-ae20-d63da974dd64} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {351925d4-67a5-11e3-ae20-d63da974dd64} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {3b33d12d-a4f1-11e3-88e1-efdd4fc5b492} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {3b33d147-a4f1-11e3-88e1-efdd4fc5b492} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {3b33d161-a4f1-11e3-88e1-efdd4fc5b492} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {401e8ee4-5fd5-11e3-bbe3-99e6e08b93b9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {4b3895a6-a90c-11e3-87a1-9ed8916a3ba1} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {4b3895b0-a90c-11e3-87a1-9ed8916a3ba1} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {4b3895cb-a90c-11e3-87a1-9ed8916a3ba1} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {4d6f20bb-c7b4-11e3-aee6-f0e16f8e3692} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {52ccdcf9-c5ef-11e3-a2e1-e5fec3d102b9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {52ccdd19-c5ef-11e3-a2e1-e5fec3d102b9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {55475630-bc1f-11e1-9c5f-001e101f63cf} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {55475647-bc1f-11e1-9c5f-001e101f63cf} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {577161bd-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {577161de-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {577161ec-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {577161f5-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {577161fe-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {57716206-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {5771620f-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {57716218-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {57716221-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {5771622a-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {57716234-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {5771623d-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {57716246-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {57716250-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {57716259-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {57716273-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {5771627b-9f71-11e3-b1e0-e20f8bb31191} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {5abe7cdc-b892-11e3-b030-d7184d7be5b9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {5f279f05-62f0-11e3-a639-8c8f4afc52b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {679f66c9-b977-11e1-9993-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {679f66d6-b977-11e1-9993-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {679f66fd-b977-11e1-9993-001e101f2500} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {679f6709-b977-11e1-9993-001e101f2500} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {6a3ad0bc-c525-11e3-967b-b0638e7a7cb9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {6a3ad0c5-c525-11e3-967b-b0638e7a7cb9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {6bcc9c2d-b95c-11e3-8ee5-b140340469b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {702797df-a1e0-11e3-a693-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {72b7a453-bc9b-11e1-b521-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {77de971f-a7be-11e3-8450-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {7ce6b9b3-69fe-11e3-ad1b-b0e6bc80eebb} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {864704a2-43bb-11e1-9c3b-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {864704b2-43bb-11e1-9c3b-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {8f2e54e0-8309-11e1-a2e5-da20ad1a9650} - F:\SWLauncher.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {993f1373-5bdb-11e3-af0c-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {993f137f-5bdb-11e3-af0c-934ca4618a0c} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {9ae3d2d6-a03a-11e3-ad4e-87296dcdbfb9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {9ae3d2da-a03a-11e3-ad4e-87296dcdbfb9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {9ae3d2f4-a03a-11e3-ad4e-87296dcdbfb9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {9d65d62b-5d70-11e3-ba29-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {9d65d645-5d70-11e3-ba29-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {9d97bbaa-b4a1-11e3-8a25-c522f78533b9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {9d97bbcd-b4a1-11e3-8a25-c522f78533b9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {9d97bbd0-b4a1-11e3-8a25-c522f78533b9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {9f43ab63-5f08-11e3-a664-b8a30f21326e} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {a582cb2a-6ad7-11e3-811c-aa051420ea6a} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {a73bb8e3-a8db-11e3-b3fd-e555df5609a7} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {a73bb8ec-a8db-11e3-b3fd-e555df5609a7} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {a88191a3-b3e1-11e3-935c-cf625c417fb0} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {a88191d6-b3e1-11e3-935c-cf625c417fb0} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {abb30e23-b56d-11e3-899b-9e7c40bc86a7} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {abb30e80-b56d-11e3-899b-9e7c40bc86a7} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {abb30e8b-b56d-11e3-899b-9e7c40bc86a7} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {abb30e94-b56d-11e3-899b-9e7c40bc86a7} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {abb30ea7-b56d-11e3-899b-9e7c40bc86a7} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {abb30eb0-b56d-11e3-899b-9e7c40bc86a7} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {ae4323be-647d-11e3-9b98-8398421876b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {b2702d2f-ad5b-11e3-b1a4-c9b494d6517f} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {b47ec2c3-b17f-11e3-a361-e9bff51a87ae} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {b615211d-ad91-11e3-8811-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {b92e362f-9ea6-11e3-aa54-a9fd3d4b5dae} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {b92e365a-9ea6-11e3-aa54-a9fd3d4b5dae} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {b92e3663-9ea6-11e3-aa54-a9fd3d4b5dae} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {b92e366d-9ea6-11e3-aa54-a9fd3d4b5dae} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {b92e3676-9ea6-11e3-aa54-a9fd3d4b5dae} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {bb0a079e-d095-11e3-8781-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {bd6e5ec8-4feb-11e2-9c87-cd8b570f4b57} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {bd6e5ecc-4feb-11e2-9c87-cd8b570f4b57} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {bd6e5ed5-4feb-11e2-9c87-cd8b570f4b57} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {bf99931c-a814-11e3-89f6-f060ddb1979d} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {bf999359-a814-11e3-89f6-f060ddb1979d} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {bf999362-a814-11e3-89f6-f060ddb1979d} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {c9e6db41-c842-11e1-9d60-001e101f57d0} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {c9e6db44-c842-11e1-9d60-001e101f57d0} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {caa6399e-c3ac-11e1-a668-001e101fb4df} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {caa639ab-c3ac-11e1-a668-001e101fb4df} - G:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {cb03bb30-c484-11e1-9a90-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {cc837f63-a422-11e3-b02a-af728eea65b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {cc837f6c-a422-11e3-b02a-af728eea65b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {cf791962-b0b5-11e3-a12a-93e0e4c756b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {cf791976-b0b5-11e3-a12a-93e0e4c756b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {cf791991-b0b5-11e3-a12a-93e0e4c756b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {d3df570b-a35a-11e3-b17e-93dc417e62b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {d3df5714-a35a-11e3-b17e-93dc417e62b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {d3df571d-a35a-11e3-b17e-93dc417e62b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {d3df5726-a35a-11e3-b17e-93dc417e62b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {d526a0a2-b7de-11e3-8da4-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {d62bf02c-c852-11e3-aa48-f877d36d41a6} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {de2bb7a0-615b-11e3-812b-85c4b82ae24f} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {de969121-b6ff-11e3-85b0-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {de96912e-b6ff-11e3-85b0-b0a9deaa044a} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {de969137-b6ff-11e3-85b0-b0a9deaa044a} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {df5340c3-c491-11e3-9dd7-d56831a907a4} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {df5340e4-c491-11e3-9dd7-d56831a907a4} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {e454522c-c45e-11e3-87b6-9cfffde3afb9} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {ea9464ca-b1c8-11e3-afa5-ec9f6c4558b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {ea9464dd-b1c8-11e3-afa5-ec9f6c4558b8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {eb23a3a9-ba20-11e3-8e92-d8b1d78bcdb8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {eb23a3b4-ba20-11e3-8e92-d8b1d78bcdb8} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {eb3230c5-c469-11e3-b7a3-a7a55d02c279} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {eb3230c9-c469-11e3-b7a3-a7a55d02c279} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {eb3230d6-c469-11e3-b7a3-a7a55d02c279} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {eb3230de-c469-11e3-b7a3-a7a55d02c279} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {ec86d4ab-bbb6-11e3-8a18-db4e44d79da6} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {ec86d4c6-bbb6-11e3-8a18-db4e44d79da6} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {ed2196ce-7237-11e3-b1f8-f9966fea75ac} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {ed2196e4-7237-11e3-b1f8-f9966fea75ac} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {f39629e6-b011-11e3-87e7-dd3b4861c9b1} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {f39629f3-b011-11e3-87e7-dd3b4861c9b1} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {f3962a00-b011-11e3-87e7-dd3b4861c9b1} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {f5a0dd70-a0f9-11e3-9b49-c910c86c159d} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {faa18b55-4d9c-11e2-aecc-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {fe65e621-5ab8-11e3-90c7-ac8112209281} - F:\AutoRun.exe
HKU\S-1-5-21-2196551083-3368854960-1698058853-1000\...\MountPoints2: {fe65e630-5ab8-11e3-90c7-ac8112209281} - F:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DSLMON.lnk
ShortcutTarget: DSLMON.lnk -> C:\Program Files (x86)\SAGEM\SAGEM F@st 800-840\dslmon.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {71B1211B-9353-4059-A415-93E2AEC42415} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {D511E4E9-05F1-41F2-9BF3-B15074BD9702} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {71B1211B-9353-4059-A415-93E2AEC42415} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {71B1211B-9353-4059-A415-93E2AEC42415} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2010-07-17] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.189.1
Tcpip\..\Interfaces\{BBDBC3D2-DF73-4BC4-A43E-39EF516C18E5}: [NameServer] 193.189.244.206 193.189.244.225

FireFox:
========
FF ProfilePath: C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\Extensions\abs@avira.com [2014-08-29]
FF Extension: HP Detect - C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2013-09-18]
FF Extension: Cliqz Beta - C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\Extensions\cliqz@cliqz.com.xpi [2014-06-30]
FF Extension: Adblock Plus - C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-05]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\G72B20SG\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\G72B20SG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-17]
CHR Extension: (Google Drive) - C:\Users\G72B20SG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-17]
CHR Extension: (YouTube) - C:\Users\G72B20SG\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-17]
CHR Extension: (Google Search) - C:\Users\G72B20SG\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-17]
CHR Extension: (Google Wallet) - C:\Users\G72B20SG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-17]
CHR Extension: (Gmail) - C:\Users\G72B20SG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393080 2012-10-25] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2012-10-25] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-07-02] ()
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-17] (Realtek Semiconductor Corp.) [File not signed]
R2 StarMoney 8.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 8.0 Commerzbank-Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2138936 2014-03-20] (TuneUp Software)
R2 WTGService; C:\Program Files (x86)\Verbindungsassistent\WTGService.exe [296400 2009-03-03] ()
S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [116096 2012-05-06] (AVM Berlin)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2012-10-25] (BlueStack Systems)
S1 DeskLock; C:\Windows\System32\drivers\DeskLock.sys [17920 2009-03-28] (TopLang Software) [File not signed]
S3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [115328 2008-07-24] (Huawei Technologies Co., Ltd.) [File not signed]
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-23] (Realtek Semiconductor Corp.)
S3 StMp3Recx64; C:\Windows\System32\Drivers\StMp3Recx64.sys [26112 2007-01-12] (Generic)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
S3 UsbEvdomAtc; C:\Windows\System32\DRIVERS\lgevdom64atc.sys [27136 2008-08-26] (LG Electronics Inc.)
S3 usbevdombus; C:\Windows\System32\DRIVERS\lgevdom64bus.sys [18432 2008-08-26] (LG Electronics Inc.)
S3 UsbEvdomDiag; C:\Windows\System32\DRIVERS\lgevdom64diag.sys [27136 2008-08-26] (LG Electronics Inc.)
S3 USBEVDOmModem; C:\Windows\System32\DRIVERS\lgevdom64modem.sys [29696 2008-08-26] (LG Electronics Inc.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-31 17:38 - 2014-08-31 17:38 - 02104320 _____ (Farbar) C:\Users\G72B20SG\Downloads\FRST64(2).exe
2014-08-31 17:35 - 2014-08-31 17:36 - 02104320 _____ (Farbar) C:\Users\G72B20SG\Downloads\FRST64(1).exe
2014-08-31 17:33 - 2014-08-31 17:32 - 00002685 _____ () C:\Users\G72B20SG\Desktop\JRT.txt
2014-08-31 17:26 - 2014-08-31 17:26 - 00000000 ____D () C:\Windows\ERUNT
2014-08-31 17:25 - 2014-08-31 17:25 - 01016261 _____ (Thisisu) C:\Users\G72B20SG\Downloads\JRT.exe
2014-08-31 17:10 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-31 17:09 - 2014-08-31 17:15 - 00000000 ____D () C:\AdwCleaner
2014-08-31 17:09 - 2014-08-31 17:09 - 01364531 _____ () C:\Users\G72B20SG\Downloads\adwcleaner_3.308.exe
2014-08-31 16:50 - 2014-08-31 16:50 - 00000000 ____D () C:\OETemp
2014-08-31 16:34 - 2014-08-31 16:35 - 00050581 _____ () C:\Users\G72B20SG\Downloads\Addition.txt
2014-08-31 16:33 - 2014-08-31 17:39 - 00041056 _____ () C:\Users\G72B20SG\Downloads\FRST.txt
2014-08-31 16:33 - 2014-08-31 17:39 - 00000000 ____D () C:\FRST
2014-08-31 16:32 - 2014-08-31 16:32 - 02104320 _____ (Farbar) C:\Users\G72B20SG\Downloads\FRST64.exe
2014-08-31 16:02 - 2014-08-31 16:14 - 00000478 _____ () C:\Users\G72B20SG\Downloads\defogger_disable.log
2014-08-31 16:02 - 2014-08-31 16:02 - 00000000 _____ () C:\Users\G72B20SG\defogger_reenable
2014-08-31 16:00 - 2014-08-31 16:00 - 00050477 _____ () C:\Users\G72B20SG\Downloads\Defogger.exe
2014-08-31 14:33 - 2014-08-31 14:33 - 00000000 ____D () C:\Users\G72B20SG\AppData\Local\Adobe
2014-08-30 19:28 - 2014-08-30 19:28 - 00000000 ____D () C:\Users\G72B20SG\AppData\Roaming\LavasoftStatistics
2014-08-30 19:26 - 2014-08-31 16:51 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-08-30 19:22 - 2014-08-30 19:22 - 02806920 _____ () C:\Users\G72B20SG\Downloads\Adaware_Installer.exe
2014-08-30 17:43 - 2014-08-31 17:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-30 17:41 - 2014-08-30 17:41 - 00000000 ____D () C:\Users\G72B20SG\AppData\Roaming\Malwarebytes
2014-08-30 17:28 - 2014-08-31 17:16 - 00313802 _____ () C:\Windows\PFRO.log
2014-08-30 17:28 - 2014-08-31 17:16 - 00000560 _____ () C:\Windows\setupact.log
2014-08-30 17:28 - 2014-08-30 17:28 - 00000000 ____D () C:\Intel
2014-08-30 17:28 - 2014-08-30 17:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-30 17:25 - 2014-08-30 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-08-30 17:25 - 2014-08-30 17:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-08-30 17:23 - 2014-08-30 17:23 - 00000000 ____D () C:\Users\G72B20SG\Downloads\malewarebytes
2014-08-30 17:22 - 2014-08-30 17:22 - 10282311 _____ () C:\Users\G72B20SG\Downloads\malewarebytes.rar
2014-08-30 15:48 - 2014-08-30 15:48 - 00000000 ____D () C:\SUPERDelete
2014-08-30 15:28 - 2014-08-30 17:39 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-30 15:27 - 2014-08-30 15:26 - 18767256 _____ (SUPERAntiSpyware) C:\Users\G72B20SG\Downloads\SUPERAntiSpyware_CB-DL-Manager [1].exe
2014-08-30 15:25 - 2014-08-30 15:26 - 00816064 _____ ( ) C:\Users\G72B20SG\Downloads\SUPERAntiSpyware_CB-DL-Manager(1).exe
2014-08-30 15:25 - 2014-08-30 15:25 - 00816064 _____ ( ) C:\Users\G72B20SG\Downloads\SUPERAntiSpyware_CB-DL-Manager.exe
2014-08-30 14:11 - 2014-08-30 14:11 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-30 14:11 - 2014-08-30 14:11 - 00000000 _____ () C:\autoexec.bat
2014-08-30 14:08 - 2014-08-30 17:18 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-30 14:06 - 2014-08-30 14:07 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\G72B20SG\Downloads\SpyHunter-Installer.exe
2014-08-28 17:07 - 2014-08-28 17:07 - 01101648 _____ () C:\Users\G72B20SG\Downloads\Windows Live Messenger 2012 Final - CHIP-Installer.exe
2014-08-28 16:59 - 2014-08-28 17:00 - 00000000 ____D () C:\Users\G72B20SG\AppData\Roaming\ICQ-Profile
2014-08-28 16:58 - 2014-08-28 16:59 - 35200008 _____ (ICQ) C:\Users\G72B20SG\Downloads\icq_rfrset.exe
2014-08-28 16:54 - 2014-08-28 16:54 - 01677928 _____ (Skype Technologies S.A.) C:\Users\G72B20SG\Downloads\SkypeSetup.exe
2014-08-20 08:21 - 2014-08-20 08:21 - 00000000 ____D () C:\Users\G72B20SG\Documents\My Cheat Tables
2014-08-20 08:20 - 2014-08-20 08:20 - 03520000 _____ () C:\Users\G72B20SG\Downloads\Fv2Trainer_2014.exe
2014-08-19 15:44 - 2014-01-06 19:55 - 00903168 _____ (Farm Ville 2 Hack) C:\Users\G72B20SG\Downloads\FarmVille 2 Hack.exe
2014-08-19 15:34 - 2014-08-19 15:35 - 00452096 _____ (Your Organization/Home Here) C:\Users\G72B20SG\Downloads\Farmville 2 Hack Tool 100% Working(1).exe
2014-08-19 15:31 - 2014-08-19 15:31 - 00452096 _____ (Your Organization/Home Here) C:\Users\G72B20SG\Downloads\Farmville 2 Hack Tool 100% Working.exe
2014-08-19 14:46 - 2014-08-19 14:46 - 00000000 ____D () C:\Users\G72B20SG\Downloads\FarmVille+2+Xtream+Pack
2014-08-19 14:26 - 2014-08-19 14:26 - 00708346 _____ () C:\Users\G72B20SG\Downloads\FarmVille+2+Xtream+Pack.rar

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-31 17:39 - 2014-08-31 16:33 - 00041056 _____ () C:\Users\G72B20SG\Downloads\FRST.txt
2014-08-31 17:39 - 2014-08-31 16:33 - 00000000 ____D () C:\FRST
2014-08-31 17:38 - 2014-08-31 17:38 - 02104320 _____ (Farbar) C:\Users\G72B20SG\Downloads\FRST64(2).exe
2014-08-31 17:37 - 2012-05-08 14:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-31 17:36 - 2014-08-31 17:35 - 02104320 _____ (Farbar) C:\Users\G72B20SG\Downloads\FRST64(1).exe
2014-08-31 17:32 - 2014-08-31 17:33 - 00002685 _____ () C:\Users\G72B20SG\Desktop\JRT.txt
2014-08-31 17:26 - 2014-08-31 17:26 - 00000000 ____D () C:\Windows\ERUNT
2014-08-31 17:25 - 2014-08-31 17:25 - 01016261 _____ (Thisisu) C:\Users\G72B20SG\Downloads\JRT.exe
2014-08-31 17:24 - 2009-07-14 06:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-31 17:24 - 2009-07-14 06:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-31 17:20 - 2010-12-24 17:09 - 01262317 _____ () C:\Windows\WindowsUpdate.log
2014-08-31 17:17 - 2014-08-30 17:43 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-31 17:17 - 2012-05-08 00:20 - 00000439 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-08-31 17:17 - 2011-09-24 20:37 - 00000000 ____D () C:\Users\G72B20SG\AppData\Roaming\Skype
2014-08-31 17:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-31 17:16 - 2014-08-30 17:28 - 00313802 _____ () C:\Windows\PFRO.log
2014-08-31 17:16 - 2014-08-30 17:28 - 00000560 _____ () C:\Windows\setupact.log
2014-08-31 17:15 - 2014-08-31 17:09 - 00000000 ____D () C:\AdwCleaner
2014-08-31 17:09 - 2014-08-31 17:09 - 01364531 _____ () C:\Users\G72B20SG\Downloads\adwcleaner_3.308.exe
2014-08-31 16:58 - 2013-07-26 13:48 - 00000000 ____D () C:\ProgramData\Avira
2014-08-31 16:58 - 2013-07-26 13:48 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-31 16:51 - 2014-08-30 19:26 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-08-31 16:51 - 2012-06-19 23:41 - 00000000 ____D () C:\Users\G72B20SG\AppData\Local\CrashDumps
2014-08-31 16:50 - 2014-08-31 16:50 - 00000000 ____D () C:\OETemp
2014-08-31 16:35 - 2014-08-31 16:34 - 00050581 _____ () C:\Users\G72B20SG\Downloads\Addition.txt
2014-08-31 16:32 - 2014-08-31 16:32 - 02104320 _____ (Farbar) C:\Users\G72B20SG\Downloads\FRST64.exe
2014-08-31 16:14 - 2014-08-31 16:02 - 00000478 _____ () C:\Users\G72B20SG\Downloads\defogger_disable.log
2014-08-31 16:02 - 2014-08-31 16:02 - 00000000 _____ () C:\Users\G72B20SG\defogger_reenable
2014-08-31 16:02 - 2011-03-26 15:31 - 00000000 ____D () C:\Users\G72B20SG
2014-08-31 16:00 - 2014-08-31 16:00 - 00050477 _____ () C:\Users\G72B20SG\Downloads\Defogger.exe
2014-08-31 14:33 - 2014-08-31 14:33 - 00000000 ____D () C:\Users\G72B20SG\AppData\Local\Adobe
2014-08-30 20:54 - 2014-05-23 18:37 - 00000000 ____D () C:\Users\G72B20SG\Desktop\Bami Goreng
2014-08-30 19:28 - 2014-08-30 19:28 - 00000000 ____D () C:\Users\G72B20SG\AppData\Roaming\LavasoftStatistics
2014-08-30 19:22 - 2014-08-30 19:22 - 02806920 _____ () C:\Users\G72B20SG\Downloads\Adaware_Installer.exe
2014-08-30 18:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-08-30 17:42 - 2014-05-18 10:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-30 17:41 - 2014-08-30 17:41 - 00000000 ____D () C:\Users\G72B20SG\AppData\Roaming\Malwarebytes
2014-08-30 17:39 - 2014-08-30 15:28 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-30 17:28 - 2014-08-30 17:28 - 00000000 ____D () C:\Intel
2014-08-30 17:28 - 2014-08-30 17:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-30 17:25 - 2014-08-30 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-08-30 17:25 - 2014-08-30 17:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-08-30 17:25 - 2014-05-18 10:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-30 17:23 - 2014-08-30 17:23 - 00000000 ____D () C:\Users\G72B20SG\Downloads\malewarebytes
2014-08-30 17:22 - 2014-08-30 17:22 - 10282311 _____ () C:\Users\G72B20SG\Downloads\malewarebytes.rar
2014-08-30 17:18 - 2014-08-30 14:08 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-30 15:48 - 2014-08-30 15:48 - 00000000 ____D () C:\SUPERDelete
2014-08-30 15:26 - 2014-08-30 15:27 - 18767256 _____ (SUPERAntiSpyware) C:\Users\G72B20SG\Downloads\SUPERAntiSpyware_CB-DL-Manager [1].exe
2014-08-30 15:26 - 2014-08-30 15:25 - 00816064 _____ ( ) C:\Users\G72B20SG\Downloads\SUPERAntiSpyware_CB-DL-Manager(1).exe
2014-08-30 15:25 - 2014-08-30 15:25 - 00816064 _____ ( ) C:\Users\G72B20SG\Downloads\SUPERAntiSpyware_CB-DL-Manager.exe
2014-08-30 14:11 - 2014-08-30 14:11 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-30 14:11 - 2014-08-30 14:11 - 00000000 _____ () C:\autoexec.bat
2014-08-30 14:07 - 2014-08-30 14:06 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\G72B20SG\Downloads\SpyHunter-Installer.exe
2014-08-28 17:07 - 2014-08-28 17:07 - 01101648 _____ () C:\Users\G72B20SG\Downloads\Windows Live Messenger 2012 Final - CHIP-Installer.exe
2014-08-28 17:00 - 2014-08-28 16:59 - 00000000 ____D () C:\Users\G72B20SG\AppData\Roaming\ICQ-Profile
2014-08-28 16:59 - 2014-08-28 16:58 - 35200008 _____ (ICQ) C:\Users\G72B20SG\Downloads\icq_rfrset.exe
2014-08-28 16:57 - 2014-03-02 10:38 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-28 16:56 - 2011-04-16 15:01 - 00000000 ____D () C:\ProgramData\Skype
2014-08-28 16:54 - 2014-08-28 16:54 - 01677928 _____ (Skype Technologies S.A.) C:\Users\G72B20SG\Downloads\SkypeSetup.exe
2014-08-27 14:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-26 10:14 - 2012-04-09 09:31 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-08-20 14:17 - 2013-04-27 14:08 - 00000000 ____D () C:\Users\G72B20SG\Desktop\Goldschrift HP
2014-08-20 10:25 - 2012-05-06 12:17 - 00000000 ____D () C:\Users\G72B20SG\AppData\Roaming\SoftGrid Client
2014-08-20 08:21 - 2014-08-20 08:21 - 00000000 ____D () C:\Users\G72B20SG\Documents\My Cheat Tables
2014-08-20 08:20 - 2014-08-20 08:20 - 03520000 _____ () C:\Users\G72B20SG\Downloads\Fv2Trainer_2014.exe
2014-08-19 15:35 - 2014-08-19 15:34 - 00452096 _____ (Your Organization/Home Here) C:\Users\G72B20SG\Downloads\Farmville 2 Hack Tool 100% Working(1).exe
2014-08-19 15:31 - 2014-08-19 15:31 - 00452096 _____ (Your Organization/Home Here) C:\Users\G72B20SG\Downloads\Farmville 2 Hack Tool 100% Working.exe
2014-08-19 14:46 - 2014-08-19 14:46 - 00000000 ____D () C:\Users\G72B20SG\Downloads\FarmVille+2+Xtream+Pack
2014-08-19 14:26 - 2014-08-19 14:26 - 00708346 _____ () C:\Users\G72B20SG\Downloads\FarmVille+2+Xtream+Pack.rar
2014-08-17 08:11 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-13 06:05 - 2012-05-08 14:54 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-13 06:04 - 2012-05-08 14:54 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-13 06:04 - 2011-09-25 20:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-08 05:45 - 2012-04-11 20:12 - 00000000 ____D () C:\Users\G72B20SG\AppData\Roaming\TeamViewer
2014-08-06 07:13 - 2012-12-26 09:42 - 00001062 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
2014-08-06 07:13 - 2012-12-26 09:42 - 00001050 _____ () C:\Users\Public\Desktop\TeamViewer 8.lnk
2014-08-05 09:20 - 2011-03-26 15:54 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\G72B20SG\AppData\Local\Temp\7b4a7b62-a14a-42a7-8304-4c3287f29317.exe
C:\Users\G72B20SG\AppData\Local\Temp\avgnt.exe
C:\Users\G72B20SG\AppData\Local\Temp\Quarantine.exe
C:\Users\G72B20SG\AppData\Local\Temp\SHSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-27 10:45

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Habe beim Scan diesmal nur FRST Logfile bekommen,aber nicht Addition.txt

Hier doch noch die Addition txt. ,hatte das Häckchen vergessen.

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2014 01
Ran by G72B20SG at 2014-08-31 18:39:05
Running from C:\Users\G72B20SG\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Aqua Real 2 (HKLM-x32\...\{8DB9EA6D-2D56-4392-85D6-5272CD95610A}) (Version:  - )
ATI Catalyst Install Manager (HKLM\...\{1795BAA8-65EC-66D0-9DA4-D4B1FBE7700E}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
AVM FRITZ!Box USB-Fernanschluss (HKCU\...\f018cf21c0452c64) (Version: 2.2.1.0 - AVM Berlin)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.7.7.813 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0621.2137.36973 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0621.2137.36973 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0621.2137.36973 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0621.2137.36973 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help English (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help French (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help German (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0621.2137.36973 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0621.2137.36973 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 7.0.3003 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4217 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.1.4217 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.2511 - CyberLink Corp.) Hidden
Desktop Lock 7.2 (HKLM-x32\...\Desktop Lock) (Version: 7.2 - TopLang Software)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Druckerdeinstallation für EPSON SX210 Series (HKLM\...\EPSON SX210 Series) (Version:  - SEIKO EPSON Corporation)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Free Audio Converter version 5.0.30.1029 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.30.1029 - DVDVideoSoft Ltd.)
Google Earth (HKLM-x32\...\{C1940CF0-E2DD-11E0-BB25-B8AC6F97B88E}) (Version: 6.1.0.4738 - Google)
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.4 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
HP Product Detection (HKLM-x32\...\{8A9FC225-75F6-4B5D-911C-0ED230565643}) (Version: 11.15.0009 - HP)
HP Quick Launch (HKLM-x32\...\{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM\...\{E342EC6B-5F25-47FE-B92C-DE616149B430}) (Version: 4.0.9.0 - Hewlett-Packard)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Internet Mobile (HKLM-x32\...\Internet Mobile) (Version: 11.302.09.01.162 - Huawei Technologies Co.,Ltd)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Java(TM) 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Jewel Quest II (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
LG EV-DOM USB MODEM (HKLM-x32\...\{3314870F-4DEB-4E38-A9D8-B978945CEF01}) (Version:  - )
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version:  - EasyBits Software AS)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 16.002.03.02.705 - Huawei Technologies Co.,Ltd)
MobileWiFi (HKLM-x32\...\MobileWiFi) (Version: TOOL-ConnLaucher_WIN1.09.02.00 - Huawei Technologies Co.,Ltd)
Modem LG LDU-1900D (HKLM-x32\...\{43DB077F-C85F-42CC-8302-17CBEE4A6BC6}) (Version: 1.00.0000 - LG Electronics)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Notification Center (HKLM-x32\...\{384FA0C0-BB19-4CA0-8DB4-5FD4E938277F}) (Version: 0.7.7.813 - BlueStack Systems, Inc.)
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6066 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
RtVOsd (HKLM\...\{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}) (Version: 1.0.3 - Realtek Semiconductor Corp.)
SAGEM F@st 800-840 (HKLM-x32\...\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}) (Version:  - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
StarMoney (x32 Version: 3.0.5.8 - StarFinanz) Hidden
StarMoney 8.0 Commerzbank-Edition (HKLM-x32\...\{B7E7F5E6-1E8C-49B6-97C0-78B97393354C}) (Version: 8.0 - Star Finanz GmbH)
Steinberg My MP3 Player 3.0 (HKLM-x32\...\Install Steinberg My MP3 Player 3.0) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.17.4 - Synaptics Incorporated)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
Tinypic 3.18 (HKLM-x32\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.275 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Verbindungsassistent (HKLM-x32\...\Verbindungsassistent) (Version: 2.1 - Verbindungsassistent)
VLC media player 1.1.9 (HKLM-x32\...\VLC media player) (Version: 1.1.9 - VideoLAN)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Xara 3D Maker 7 (HKLM-x32\...\MAGIX_{19B9DAD6-5E6E-4B80-8EFE-314B5638D6D4}) (Version: 7.0.0.442 - Xara Group Ltd)
Xara 3D Maker 7 (Version: 7.0.0.442 - Xara Group Ltd) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2196551083-3368854960-1698058853-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\G72B20SG\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2196551083-3368854960-1698058853-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\G72B20SG\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2196551083-3368854960-1698058853-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\G72B20SG\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2196551083-3368854960-1698058853-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\G72B20SG\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2196551083-3368854960-1698058853-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\G72B20SG\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0521AFA3-C84C-46C6-8429-97B54D3D3365} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {0F1E6911-DFCC-4EEE-9126-C3FE86F3CA92} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-03-20] (TuneUp Software)
Task: {169A690B-3778-4355-89D4-C1C73B1664B7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {178D960A-DB9F-480C-A953-943C8F66EC1B} - System32\Tasks\{5EA07D89-2AF2-4A59-A011-21F4F5BFFBF0} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.2.0.166.321/de/abandoninstall?page=tsDownload&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {18CD99E0-3F5C-4AF6-BC9B-39088E6E6BD4} - System32\Tasks\{BE6E5F12-9217-452C-B412-0A9F566B6B1D} => C:\Program Files (x86)\LG Electronics\LG EV-DO Rev.A USB Modem\Modem Software\IEUM.exe [2008-10-12] (LG Electronics)
Task: {2625AB9A-C548-4FFB-B51B-CB4D0E515EF0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {27FF9C15-22CB-4F85-AED5-8AE61AB80111} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {2D915D22-6721-4AAF-87B8-564B51B7865E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {69D74337-34E7-4375-936D-955B260A61D6} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe
Task: {7E55CC6F-2879-416E-8B3D-81C2263643D6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {8050E22F-F2E4-437F-8328-0B8DD886B1F3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {8469BB48-9881-4FDF-BD1F-0C62396AB9B2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2013-09-17] (Microsoft)
Task: {A9AC69D3-F3A9-4511-96B9-B1827583F871} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-13] (Adobe Systems Incorporated)
Task: {B007DE4E-5438-4A93-A8BA-35A9EA2AF4E3} - System32\Tasks\{F8EAEDB7-1F49-4E2E-8350-73080FF1591E} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.0.158.321/en/abandoninstall?page=tsMain
Task: {D644C257-BB29-46E9-900C-D8F0348B95FE} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-05-07] (Oracle Corporation)
Task: {F9AEC520-AE06-4E45-A2FB-BECF20AD477C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2008-09-08 10:19 - 2008-09-08 10:19 - 00022016 _____ () C:\Windows\System32\cl31cl6.dll
2010-07-02 11:51 - 2010-07-02 11:51 - 00027192 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
2011-03-14 17:27 - 2011-03-14 17:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2011-11-01 21:06 - 2006-06-13 14:04 - 00839680 _____ () C:\Program Files (x86)\SAGEM\SAGEM F@st 800-840\dslmon.exe
2011-11-01 21:06 - 2006-02-15 11:15 - 00176128 _____ () C:\Windows\autoclk.exe
2011-11-01 21:06 - 2006-02-16 08:44 - 00143360 _____ () C:\Windows\adiras.exe
2014-03-20 15:44 - 2014-03-20 15:44 - 00675640 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2012-06-22 06:15 - 2009-03-03 12:45 - 00296400 ____N () C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
2010-06-10 18:12 - 2010-06-10 18:12 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-06-21 22:36 - 2010-06-21 22:36 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-06-18 16:26 - 2010-06-18 16:26 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-06-18 16:26 - 2010-06-18 16:26 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2010-06-18 16:26 - 2010-06-18 16:26 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2011-11-01 21:06 - 2006-06-08 12:13 - 00094208 _____ () C:\Program Files (x86)\SAGEM\SAGEM F@st 800-840\Languages\German.dll
2013-04-18 13:53 - 2011-01-13 12:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 8.0 Commerzbank-Edition\ouservice\PATCHW32.dll
2013-09-20 11:11 - 2013-09-20 11:11 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9e5dc5d1c75de12100f8c1d8c65de002\IsdiInterop.ni.dll
2010-12-24 17:13 - 2010-04-13 10:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-07-26 22:22 - 2014-07-17 07:42 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: EPSON SX210 Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFDE.EXE /FU "C:\Windows\TEMP\E_SB6B3.tmp" /EF "HKCU"
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: iFunBox Price Watch => C:\Program Files (x86)\iFunbox 2014\iFunBox2014.exe /tray
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: Magic Desktop for HP notification => "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe"
MSCONFIG\startupreg: REVAService => C:\Program Files (x86)\LG Electronics\LG EV-DO Rev.A USB Modem\Modem Software\REVAService.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/31/2014 06:39:06 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
.


Vorgang:
   VSS-Server wird instanziiert

Error: (08/31/2014 06:39:06 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "IVssCoordinatorEx2" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
   VSS-Server wird instanziiert


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (08/31/2014 06:39:06 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   VSS-Server wird instanziiert

Error: (08/31/2014 06:39:06 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   VSS-Server wird instanziiert


CodeIntegrity Errors:
===================================
  Date: 2014-08-31 17:16:51.966
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\DeskLock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-31 17:16:51.872
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\DeskLock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-31 17:03:06.576
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\DeskLock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-31 17:03:06.482
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\DeskLock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-31 16:58:02.544
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\DeskLock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-31 16:58:02.466
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\DeskLock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-31 09:25:42.668
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\DeskLock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-31 09:25:42.574
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\DeskLock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-30 21:09:16.856
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\DeskLock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-30 21:09:16.763
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\DeskLock.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU P6100 @ 2.00GHz
Percentage of memory in use: 43%
Total physical RAM: 3893.86 MB
Available physical RAM: 2209.16 MB
Total Pagefile: 7785.86 MB
Available Pagefile: 5797.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:448.61 GB) (Free:343.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:16.86 GB) (Free:2.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 91CA769B)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=448.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================

cosinus · 31.08.2014, 23:10

Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Simi1961 · 01.09.2014, 06:27

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org


Protection, 01.09.2014 01:07:43, SYSTEM, G72B20SG-HP, Protection, Malware Protection, Starting, 
Protection, 01.09.2014 01:07:43, SYSTEM, G72B20SG-HP, Protection, Malware Protection, Started, 
Protection, 01.09.2014 01:07:43, SYSTEM, G72B20SG-HP, Protection, Malicious Website Protection, Starting, 
Protection, 01.09.2014 01:07:44, SYSTEM, G72B20SG-HP, Protection, Malicious Website Protection, Started, 
Update, 01.09.2014 01:07:50, SYSTEM, G72B20SG-HP, Manual, Rootkit Database, 2014.2.20.1, 2014.8.21.1, 
Update, 01.09.2014 01:08:02, SYSTEM, G72B20SG-HP, Manual, Malware Database, 2014.3.4.9, 2014.8.31.7, 
Protection, 01.09.2014 01:08:24, SYSTEM, G72B20SG-HP, Protection, Refresh, Starting, 
Protection, 01.09.2014 01:08:24, SYSTEM, G72B20SG-HP, Protection, Malicious Website Protection, Stopping, 
Protection, 01.09.2014 01:08:24, SYSTEM, G72B20SG-HP, Protection, Malicious Website Protection, Stopped, 
Protection, 01.09.2014 01:08:29, SYSTEM, G72B20SG-HP, Protection, Refresh, Success, 
Protection, 01.09.2014 01:08:29, SYSTEM, G72B20SG-HP, Protection, Malicious Website Protection, Starting, 
Protection, 01.09.2014 01:08:29, SYSTEM, G72B20SG-HP, Protection, Malicious Website Protection, Started, 
Protection, 01.09.2014 01:30:43, SYSTEM, G72B20SG-HP, Protection, Malware Protection, Starting, 
Protection, 01.09.2014 01:30:43, SYSTEM, G72B20SG-HP, Protection, Malware Protection, Started, 
Protection, 01.09.2014 01:30:43, SYSTEM, G72B20SG-HP, Protection, Malicious Website Protection, Starting, 
Protection, 01.09.2014 01:31:23, SYSTEM, G72B20SG-HP, Protection, Malicious Website Protection, Started, 

(end)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=32caabe3df30514baa6570b2bce2a24e
# engine=19930
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-01 03:31:08
# local_time=2014-09-01 05:31:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT 
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=781 16777213 100 100 25703 25746 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 28601 161172118 0 0
# scanned=201459
# found=22
# cleaned=0
# scan_time=10916
sh=AEC860E4CDE64D747F215B83C8DE70EE0EBCB3A0 ft=1 fh=cde73a4bb58c0fe9 vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir"
sh=FDF652F803592E6840E076A89A19BF655686B8A8 ft=1 fh=de76e936397b25d2 vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll.vir"
sh=9EA2EC35286E8B152E1B0FB0F7CB45ECE5DD1E94 ft=1 fh=1d1710bbc0b94508 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\Extensions\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}\ctypes\FirefoxCtype.dll.vir"
sh=E5893674EB5035340F082FF31ABEA60C87BC26E7 ft=1 fh=4a5efe03ccdce2f0 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\G72B20SG\AppData\Roaming\Mozilla\Firefox\Profiles\5tw0gy5k.default\Extensions\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}\Plugins\npFirefoxPlugin.dll.vir"
sh=12CE89F565F2366644D625B2E35AA3187821D1D0 ft=1 fh=285621c31b6a69e8 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Advanced Driver Updater\adu.exe"
sh=ECCB27329433180317656DE2A856EBDA18D7B95A ft=1 fh=375f8f154310f307 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\G72B20SG\AppData\Local\Temp\7b4a7b62-a14a-42a7-8304-4c3287f29317.exe"
sh=71FDDFE389D233FAC068F47FAFEE41A8EE760DFC ft=1 fh=86092238e0b901c0 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\G72B20SG\Desktop\Neuer Ordner (3)\SysTweak Advanced Driver Updater 2.1.1086.16024\adusetup.exe"
sh=12CE89F565F2366644D625B2E35AA3187821D1D0 ft=1 fh=285621c31b6a69e8 vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\G72B20SG\Desktop\Neuer Ordner (3)\SysTweak Advanced Driver Updater 2.1.1086.16024\crack\adu.exe"
sh=4E97792D076499058468EC7F6CA8F768E5F89419 ft=1 fh=c6c90b88ee11c8e5 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Users\G72B20SG\Desktop\Neuer Ordner (3)\SysTweak Regclean Pro 6.21.65.2942\sysrc_trial.exe"
sh=E14CF6FBFEFCCADE6B81D79C01C788EF3BEF52C2 ft=1 fh=9ab546ae166d8b57 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\G72B20SG\Downloads\CCleaner - CHIP-Downloader.exe"
sh=3ADDCD878A856CE5B28FE2FF96760A2F4109E575 ft=1 fh=a4f0a188e9df7adb vn="Variante von MSIL/Hoax.FakeHack.FT Anwendung" ac=I fn="C:\Users\G72B20SG\Downloads\Farmville 2 Hack Tool 100% Working(1).exe"
sh=3ADDCD878A856CE5B28FE2FF96760A2F4109E575 ft=1 fh=a4f0a188e9df7adb vn="Variante von MSIL/Hoax.FakeHack.FT Anwendung" ac=I fn="C:\Users\G72B20SG\Downloads\Farmville 2 Hack Tool 100% Working.exe"
sh=8BEE0744545D6888C06594BC7FCF105637C61DE8 ft=1 fh=01468c1cf7029717 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\G72B20SG\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe"
sh=16D84C4D6A1D9058820A7BE15E84EBFBF5A83017 ft=1 fh=9bc3e0baea4ea3a5 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\G72B20SG\Downloads\myMP3 Player - CHIP-Installer.exe"
sh=99B6C5544E40E0CD1C274648127943CE237AC1C0 ft=1 fh=8524188bd789beb7 vn="Variante von Win32/Speedchecker evtl. unerwünschte Anwendung" ac=I fn="C:\Users\G72B20SG\Downloads\pcbeschleunigen_e95c2585b2364f92b064aaf74009332a_(1).exe"
sh=99B6C5544E40E0CD1C274648127943CE237AC1C0 ft=1 fh=8524188bd789beb7 vn="Variante von Win32/Speedchecker evtl. unerwünschte Anwendung" ac=I fn="C:\Users\G72B20SG\Downloads\pcbeschleunigen_e95c2585b2364f92b064aaf74009332a_.exe"
sh=61FCFBE77F8C53C76DBE3C9144C6D6EDAD541EB7 ft=1 fh=97442b60441c7a99 vn="Variante von Win32/SlowPCfighter evtl. unerwünschte Anwendung" ac=I fn="C:\Users\G72B20SG\Downloads\slow-pcfighter_Web.exe"
sh=8A9FDAE808EE1213F0BBC9280FC1EF7D06EACD12 ft=1 fh=3b5c8de82cc0701c vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\G72B20SG\Downloads\Snipping Tool Plus - CHIP-Downloader.exe"
sh=E4E8550F4179740B4CA269CBF97374D88D6CEA23 ft=1 fh=dd2cc7a069f9e5d4 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\G72B20SG\Downloads\SpyBot Search Destroy - CHIP-Installer.exe"
sh=4AD54BDE56367B81CF76BE36DABF52D189C48204 ft=1 fh=7dcb11e9f02bb0b9 vn="Variante von Win32/InstallCore.QH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\G72B20SG\Downloads\SUPERAntiSpyware_CB-DL-Manager(1).exe"
sh=4AD54BDE56367B81CF76BE36DABF52D189C48204 ft=1 fh=7dcb11e9f02bb0b9 vn="Variante von Win32/InstallCore.QH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\G72B20SG\Downloads\SUPERAntiSpyware_CB-DL-Manager.exe"
sh=ADE1976B748BC2E9ED0A4293D54E48B26CC615D3 ft=1 fh=48c5cd39e027e719 vn="Variante von Win32/InstallIQ.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\G72B20SG\Pictures\Neuer Ordner (3)\von eigene dateien-laufw-c\Downloads\FinalMediaPlayer2011Setup.exe"

Was ist denn da heute los? Der Laptop ist noch langsamer geworden.Dauert ewig bis sich eine Seite aufbaut.Und das Logo von Eurer Seite hat sich auch verändert.Ich habe hier bei meinen Beiträgen auf einmal den roten Antivira Schirm drauf.Wie geht das,habe Antivira doch gelöscht.

Irgendwas arbeitet da im Hintergrund,der Laptop rauscht und rauscht.

Irgendwas arbeitet da im Hintergrund,der Laptop rauscht und rauscht.

cosinus · 01.09.2014, 08:35

Bitte das richtige Log von Malwarebytes posten

Simi1961 · 01.09.2014, 12:11

Soll ich ein neues machen?

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org


Protection, 01.09.2014 01:07:43, SYSTEM, G72B20SG-HP, Protection, Malware Protection, Starting, 
Protection, 01.09.2014 01:07:43, SYSTEM, G72B20SG-HP, Protection, Malware Protection, Started, 
Protection, 01.09.2014 01:07:43, SYSTEM, G72B20SG-HP, Protection, Malicious Website Protection, Starting, 
Protection, 01.09.2014 01:07:44, SYSTEM, G72B20SG-HP, Protection, Malicious Website Protection, Started, 
Update, 01.09.2014 01:07:50, SYSTEM, G72B20SG-HP, Manual, Rootkit Database, 2014.2.20.1, 2014.8.21.1, 
Update, 01.09.2014 01:08:02, SYSTEM, G72B20SG-HP, Manual, Malware Database, 2014.3.4.9, 2014.8.31.7, 
Protection, 01.09.2014 01:08:24, SYSTEM, G72B20SG-HP, Protection, Refresh, Starting, 
Protection, 01.09.2014 01:08:24, SYSTEM, G72B20SG-HP, Protection, Malicious Website Protection, Stopping, 
Protection, 01.09.2014 01:08:24, SYSTEM, G72B20SG-HP, Protection, Malicious Website Protection, Stopped, 
Protection, 01.09.2014 01:08:29, SYSTEM, G72B20SG-HP, Protection, Refresh, Success, 
Protection, 01.09.2014 01:08:29, SYSTEM, G72B20SG-HP, Protection, Malicious Website Protection, Starting, 
Protection, 01.09.2014 01:08:29, SYSTEM, G72B20SG-HP, Protection, Malicious Website Protection, Started, 
Protection, 01.09.2014 01:30:43, SYSTEM, G72B20SG-HP, Protection, Malware Protection, Starting, 
Protection, 01.09.2014 01:30:43, SYSTEM, G72B20SG-HP, Protection, Malware Protection, Started, 
Protection, 01.09.2014 01:30:43, SYSTEM, G72B20SG-HP, Protection, Malicious Website Protection, Starting, 
Protection, 01.09.2014 01:31:23, SYSTEM, G72B20SG-HP, Protection, Malicious Website Protection, Started, 

(end)

Sieht genauso aus wie das andere.Ist es möglich das man es nicht umbennen kann?Soll ich ein neues machen?

Jetzt hab ich es hinbekommen

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org


Protection, 01.09.2014 01:07:43, SYSTEM, G72B20SG-HP, Protection, Malware Protection, Starting, 
Protection, 01.09.2014 01:07:43, SYSTEM, G72B20SG-HP, Protection, Malware Protection, Started, 
Protection, 01.09.2014 01:07:43, SYSTEM, G72B20SG-HP, Protection, Malicious Website Protection, Starting, 
Protection, 01.09.2014 01:07:44, SYSTEM, G72B20SG-HP, Protection, Malicious Website Protection, Started, 
Update, 01.09.2014 01:07:50, SYSTEM, G72B20SG-HP, Manual, Rootkit Database, 2014.2.20.1, 2014.8.21.1, 
Update, 01.09.2014 01:08:02, SYSTEM, G72B20SG-HP, Manual, Malware Database, 2014.3.4.9, 2014.8.31.7, 
Protection, 01.09.2014 01:08:24, SYSTEM, G72B20SG-HP, Protection, Refresh, Starting, 
Protection, 01.09.2014 01:08:24, SYSTEM, G72B20SG-HP, Protection, Malicious Website Protection, Stopping, 
Protection, 01.09.2014 01:08:24, SYSTEM, G72B20SG-HP, Protection, Malicious Website Protection, Stopped, 
Protection, 01.09.2014 01:08:29, SYSTEM, G72B20SG-HP, Protection, Refresh, Success, 
Protection, 01.09.2014 01:08:29, SYSTEM, G72B20SG-HP, Protection, Malicious Website Protection, Starting, 
Protection, 01.09.2014 01:08:29, SYSTEM, G72B20SG-HP, Protection, Malicious Website Protection, Started, 
Protection, 01.09.2014 01:30:43, SYSTEM, G72B20SG-HP, Protection, Malware Protection, Starting, 
Protection, 01.09.2014 01:30:43, SYSTEM, G72B20SG-HP, Protection, Malware Protection, Started, 
Protection, 01.09.2014 01:30:43, SYSTEM, G72B20SG-HP, Protection, Malicious Website Protection, Starting, 
Protection, 01.09.2014 01:31:23, SYSTEM, G72B20SG-HP, Protection, Malicious Website Protection, Started, 
Protection, 01.09.2014 02:22:50, SYSTEM, G72B20SG-HP, Protection, Malicious Website Protection, Stopping, 
Protection, 01.09.2014 02:22:51, SYSTEM, G72B20SG-HP, Protection, Malicious Website Protection, Stopped, 
Protection, 01.09.2014 02:22:51, SYSTEM, G72B20SG-HP, Protection, Malware Protection, Stopping, 
Protection, 01.09.2014 02:23:10, SYSTEM, G72B20SG-HP, Protection, Malware Protection, Stopped, 
Protection, 01.09.2014 06:08:12, SYSTEM, G72B20SG-HP, Protection, Malware Protection, Starting, 
Protection, 01.09.2014 06:08:13, SYSTEM, G72B20SG-HP, Protection, Malware Protection, Started, 
Protection, 01.09.2014 06:08:13, SYSTEM, G72B20SG-HP, Protection, Malicious Website Protection, Starting, 
Protection, 01.09.2014 06:09:11, SYSTEM, G72B20SG-HP, Protection, Malicious Website Protection, Started, 
Protection, 01.09.2014 06:57:41, SYSTEM, G72B20SG-HP, Protection, Malware Protection, Starting, 
Protection, 01.09.2014 06:57:41, SYSTEM, G72B20SG-HP, Protection, Malware Protection, Started, 
Protection, 01.09.2014 06:57:41, SYSTEM, G72B20SG-HP, Protection, Malicious Website Protection, Starting, 
Protection, 01.09.2014 06:58:12, SYSTEM, G72B20SG-HP, Protection, Malicious Website Protection, Started, 
Update, 01.09.2014 07:08:19, SYSTEM, G72B20SG-HP, Scheduler, Malware Database, 2014.8.31.7, 2014.9.1.1, 
Protection, 01.09.2014 07:08:28, SYSTEM, G72B20SG-HP, Protection, Refresh, Starting, 
Protection, 01.09.2014 07:08:28, SYSTEM, G72B20SG-HP, Protection, Malicious Website Protection, Stopping, 
Protection, 01.09.2014 07:08:28, SYSTEM, G72B20SG-HP, Protection, Malicious Website Protection, Stopped, 
Protection, 01.09.2014 07:08:34, SYSTEM, G72B20SG-HP, Protection, Refresh, Success, 
Protection, 01.09.2014 07:08:34, SYSTEM, G72B20SG-HP, Protection, Malicious Website Protection, Starting, 
Protection, 01.09.2014 07:08:34, SYSTEM, G72B20SG-HP, Protection, Malicious Website Protection, Started, 
Protection, 01.09.2014 11:56:55, SYSTEM, G72B20SG-HP, Protection, Malware Protection, Starting, 
Protection, 01.09.2014 11:56:55, SYSTEM, G72B20SG-HP, Protection, Malware Protection, Started, 
Protection, 01.09.2014 11:56:55, SYSTEM, G72B20SG-HP, Protection, Malicious Website Protection, Starting, 
Protection, 01.09.2014 11:57:43, SYSTEM, G72B20SG-HP, Protection, Malicious Website Protection, Started, 

(end)

cosinus · 01.09.2014, 12:25

Anleitung bitte richtig lesen:

Zitat:

Wähle das neueste Suchlauf-Protokoll aus

31.08.2014, 15:23	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Ich finde täglich neue Viren Ich möchte die Logs vollständig sehen. Außerdem brauch ich Logs von FRST. __________________ Logfiles bitte immer in CODE-Tags posten

01.09.2014, 08:35	#13
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Ich finde täglich neue Viren Bitte das richtige Log von Malwarebytes posten __________________ Logfiles bitte immer in CODE-Tags posten

Ich finde täglich neue Viren

Log-Analyse und Auswertung: Ich finde täglich neue Viren