Windows 7 schwarzer Bildschirm, keine Taskleiste aber Fenster "Computer" geöffnet 3

JOP · 14.12.2014, 21:40

Guten Tag,

ich habe das gleiche Problem, das hier bereits vor einigen Tagen geschildert wurde.
Nach dem starten von Windows 7 kann ich mich anmelden, doch dann kommt ein schwarzer Bildschirm davor das Fenster "Computer" und keine Taskleiste.
Ich kann den taskmanager öffnen (strg+alt+entf) und dann alle Programme aus dem task manager öffnen, auch chrome und bin sogar im internet. Der Rechner scheint sich also im WLAN anzumelden etc.
Ich komme auch an das Startmenü im explorer: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
Somit kann ich im Prinzip alles ausführen.

Wie bekomme ich meinen Desktop-Bildschirm und das Startmenü wieder?

Hier der FRST scan

HTML-Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014
Ran by JOP (administrator) on JOP-PC on 14-12-2014 21:33:38
Running from C:\Users\JOP\Downloads
Loaded Profiles: UpdatusUser & JOP (Available profiles: UpdatusUser & JOP)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Bdrive Inc.) C:\Program Files\NetDrive\ndsvc.exe
() C:\Windows\SysWOW64\NMSAccess32.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2712360 2011-03-24] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-08-25] (Lenovo)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789920 2011-08-25] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9745312 2011-08-25] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5374880 2011-08-25] (Lenovo(beijing) Limited)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2011-08-25] (Lenovo)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-06] (Geek Software GmbH)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-05] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-05] (CyberLink)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [STO Launcher Service] => C:\Program Files (x86)\SmarThru Office\x64\LegacyLauncher.exe [405624 2012-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [STO Backup Service] => C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe [199800 2012-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\windows\Samsung\PanelMgr\ssmmgr.exe [698984 2013-10-24] ()
HKLM-x32\...\Run: [NSU_agent] => C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe [190768 2012-02-28] ()
HKLM-x32\...\Run: [NetDrive] => C:\Program Files\NetDrive\NetDrive.exe [3620864 2014-05-07] (Bdrive Inc.)
HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [336384 2009-12-28] (Lenovo)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2010-09-27] (Vimicro)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2723766367-1274792045-57920043-1000\...\Run: [FactoryTest] => C:\Windows\Test.bat
HKU\S-1-5-21-2723766367-1274792045-57920043-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-08-25] (Google Inc.)
HKU\S-1-5-21-2723766367-1274792045-57920043-1000\...\Run: [Power2GoExpress] => NA
HKU\S-1-5-21-2723766367-1274792045-57920043-1001\...\Run: [Google Update] => C:\Users\JOP\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-04] (Google Inc.)
HKU\S-1-5-21-2723766367-1274792045-57920043-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-2723766367-1274792045-57920043-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-2723766367-1274792045-57920043-1001\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\windows\system32\eed_ec.dll,SpeedLauncher
HKU\S-1-5-21-2723766367-1274792045-57920043-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-2723766367-1274792045-57920043-1001\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2012-05-04] (TrueCrypt Foundation)
HKU\S-1-5-21-2723766367-1274792045-57920043-1001\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\JOP\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [27311232 2011-06-29] (Gemalto N.V.)
HKU\S-1-5-21-2723766367-1274792045-57920043-1001\...\Run: [Samsung Drive Manager] => C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe [5798008 2012-05-11] (Clarus, Inc.)
HKU\S-1-5-21-2723766367-1274792045-57920043-1001\...\Run: [Remote Control Editor] => C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe [1834496 2012-05-14] (Elgato Systems)
HKU\S-1-5-21-2723766367-1274792045-57920043-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-27] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2723766367-1274792045-57920043-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S7].txt [4712 2014-12-14] ()
HKU\S-1-5-21-2723766367-1274792045-57920043-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-18\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\windows\system32\eed_ec.dll,SpeedLauncher
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [226920 2011-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [192616 2011-03-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk
ShortcutTarget: Samsung Drive Manager Real-Time.lnk -> C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe (Clarus, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk
ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (Samsung Electronics Co., Ltd.)
Startup: C:\Users\JOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140831174457455.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140831174457455.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140831174457455.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140831174457455.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140831174457455.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140831174457455.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140831174457455.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140831174457455.dll (1&1 Mail & Media GmbH)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-2723766367-1274792045-57920043-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.lenovo.com
HKU\S-1-5-21-2723766367-1274792045-57920043-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-2723766367-1274792045-57920043-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKU\S-1-5-21-2723766367-1274792045-57920043-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2723766367-1274792045-57920043-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2723766367-1274792045-57920043-1001 -> {74216CC7-FD64-4645-B276-EC3DCFDD23E1} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2723766367-1274792045-57920043-1001 -> {E9DB9E7B-A275-41D1-8158-D0423FBEBDEB} URL = hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&cof=&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
Toolbar: HKLM-x32 - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2723766367-1274792045-57920043-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2723766367-1274792045-57920043-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\JOP\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2723766367-1274792045-57920043-1001: @talk.google.com/O1DPlugin -> C:\Users\JOP\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2723766367-1274792045-57920043-1001: @tools.google.com/Google Update;version=3 -> C:\Users\JOP\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2723766367-1274792045-57920043-1001: @tools.google.com/Google Update;version=9 -> C:\Users\JOP\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\JOP\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\JOP\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\searchplugins\yahoo_ff.xml
FF Extension: Avira Browser Safety - C:\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\Extensions\abs@avira.com [2014-08-31]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-08-31]

Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Send using Gmailâ„¢ (no button)) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahldefgplekckalfcolhhnljbbgaiboc [2012-05-07]
CHR Extension: (Google Drive) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (Adblock Plus) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-10-31]
CHR Extension: (Google Kalender) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2012-05-07]
CHR Extension: (Avira Browserschutz) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-20]
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2012-06-05]
CHR Extension: (Google Kalender (von Google)) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2012-05-07]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-08]
CHR Extension: (Boomerang for Gmail) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2014-12-07]
CHR Extension: (Google Mail-Checker) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-04-21]
CHR Extension: (Hangouts) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2013-04-21]
CHR Extension: (Webutation) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfclfmabiojpommfcalfdgjjeaahnjbj [2013-09-15]
CHR Extension: (Google Wallet) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2012-05-07]
CHR Profile: C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4
CHR Extension: (Google Präsentationen) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-09]
CHR Extension: (Google Docs) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-09]
CHR Extension: (Google Drive) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-09]
CHR Extension: (YouTube) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-09]
CHR Extension: (Google-Suche) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-09]
CHR Extension: (Google Tabellen) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-09]
CHR Extension: (Avira Browserschutz) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-09]
CHR Extension: (Skype Click to Call) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-12-09]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-09]
CHR Extension: (Google Wallet) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-09]
CHR Extension: (Google Mail) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-09]
CHR HKU\S-1-5-21-2723766367-1274792045-57920043-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\JOP\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-20]
CHR HKU\S-1-5-21-2723766367-1274792045-57920043-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [bbecdmcnlcoebdcidcfdkoimbjkcegbc] - C:\Users\JOP\AppData\Roaming\Browser Extensions\amazonsh_1.0.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [993584 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953632 2010-12-14] (Broadcom Corporation.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [441176 2014-08-27] (Garmin Ltd or its subsidiaries)
R2 ndsvc; C:\Program Files\NetDrive\ndsvc.exe [2789376 2013-03-01] (Bdrive Inc.) [File not signed]
R2 NMSAccess; C:\windows\SysWOW64\NMSAccess32.exe [71096 2009-01-12] ()
R2 Samsung Network Fax Server; C:\windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [508464 2013-07-01] (Samsung Electronics Co., Ltd.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 SZDrvSvc; C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe [19456 2012-05-11] (Clarus, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-30] (Avira Operations GmbH & Co. KG)
S2 DgiVecp; C:\windows\system32\Drivers\DgiVecp.sys [53816 2009-10-06] (Samsung Electronics Co., Ltd.)
R3 mdf16; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [22336 2011-03-23] ()
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [632616 2012-09-20] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [25000 2012-09-20] (DiBcom S.A.)
R3 mvd23; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [101184 2011-05-19] ()
S3 ndfs; C:\Program Files\NetDrive\ndfs.sys [63712 2013-02-01] (Bdrive Inc.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
R4 truecrypt; C:\Program Files\TrueCrypt\truecrypt-x64.sys [231376 2012-05-04] (TrueCrypt Foundation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [228224 2010-09-27] (Vimicro Corporation)
R3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-09-27] (Vimicro Corporation)
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
S2 Dokan_NetDrive2; \??\C:\Program Files\NetDrive2\dokan.sys [X]
U2 DriverService; No ImagePath
U2 IAStorDataMgrSvc; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
U2 Stereo Service; No ImagePath
S1 Vsdatant; system32\DRIVERS\vsdatant.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-14 21:33 - 2014-12-14 21:35 - 00031838 _____ () C:\Users\JOP\Downloads\FRST.txt
2014-12-14 21:22 - 2014-12-14 21:22 - 00001551 _____ () C:\Users\JOP\Desktop\Programs - Verknüpfung.lnk
2014-12-14 21:06 - 2014-12-14 21:33 - 00000000 ____D () C:\FRST
2014-12-14 21:05 - 2014-12-14 21:05 - 02119680 _____ (Farbar) C:\Users\JOP\Downloads\FRST64.exe
2014-12-14 20:57 - 2014-12-14 20:57 - 02166272 _____ () C:\Users\JOP\Downloads\adwcleaner_4.105 (1).exe
2014-12-14 20:51 - 2014-12-14 20:51 - 00000318 _____ () C:\windows\PFRO.log
2014-12-14 20:47 - 2014-12-14 20:47 - 02166272 _____ () C:\Users\JOP\Downloads\adwcleaner_4.105.exe
2014-12-14 20:14 - 2014-12-14 20:56 - 00016204 _____ () C:\windows\WindowsUpdate.log
2014-12-14 20:10 - 2014-12-14 20:51 - 00000168 _____ () C:\windows\setupact.log
2014-12-14 20:10 - 2014-12-14 20:10 - 00000000 _____ () C:\windows\setuperr.log
2014-12-12 00:31 - 2014-12-12 00:31 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-11 22:56 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-11 22:56 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-11 22:56 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-12-11 22:56 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2014-12-11 22:56 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2014-12-11 22:56 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2014-12-11 22:56 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2014-12-11 22:56 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2014-12-11 22:56 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2014-12-11 22:56 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2014-12-11 22:37 - 2014-11-24 23:12 - 17874432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-11 22:37 - 2014-11-24 22:59 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-12-11 22:37 - 2014-11-24 22:54 - 10921984 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-11 22:37 - 2014-11-24 22:53 - 02339840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-11 22:37 - 2014-11-24 22:47 - 01392128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-11 22:37 - 2014-11-24 22:47 - 01388032 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-11 22:37 - 2014-11-24 22:45 - 01494016 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-11 22:37 - 2014-11-24 22:45 - 00237056 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-12-11 22:37 - 2014-11-24 22:45 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-11 22:37 - 2014-11-24 22:44 - 02157056 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-11 22:37 - 2014-11-24 22:44 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-12-11 22:37 - 2014-11-24 22:44 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-11 22:37 - 2014-11-24 22:44 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-11 22:37 - 2014-11-24 22:44 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-11 22:37 - 2014-11-24 22:44 - 00282112 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-11 22:37 - 2014-11-24 22:44 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-11 22:37 - 2014-11-24 22:44 - 00055296 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-12-11 22:37 - 2014-11-24 22:44 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-12-11 22:37 - 2014-11-24 22:43 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-11 22:37 - 2014-11-24 22:43 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-11 22:37 - 2014-11-24 22:43 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-12-11 22:37 - 2014-11-24 22:42 - 00248320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-11 22:37 - 2014-11-24 21:44 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2014-12-11 22:37 - 2014-11-24 21:41 - 12369920 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-11 22:37 - 2014-11-24 21:40 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-11 22:37 - 2014-11-24 21:37 - 09740800 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-11 22:37 - 2014-11-24 21:35 - 01139712 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-11 22:37 - 2014-11-24 21:35 - 01129472 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-11 22:37 - 2014-11-24 21:34 - 01427968 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-11 22:37 - 2014-11-24 21:34 - 00231936 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-12-11 22:37 - 2014-11-24 21:33 - 01802752 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-11 22:37 - 2014-11-24 21:33 - 00717824 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-12-11 22:37 - 2014-11-24 21:33 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-11 22:37 - 2014-11-24 21:33 - 00421376 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-11 22:37 - 2014-11-24 21:33 - 00142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-11 22:37 - 2014-11-24 21:33 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-11 22:37 - 2014-11-24 21:33 - 00041472 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-12-11 22:37 - 2014-11-24 21:32 - 02382848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-11 22:37 - 2014-11-24 21:32 - 00353792 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-11 22:37 - 2014-11-24 21:32 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-11 22:37 - 2014-11-24 21:32 - 00176640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-11 22:37 - 2014-11-24 21:32 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-11 22:37 - 2014-11-24 21:32 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-12-11 22:37 - 2014-11-24 21:32 - 00010752 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-12-11 22:36 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-11 22:36 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-11 22:36 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-11 22:36 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-11 22:36 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-11 22:36 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-11 22:36 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-11 22:36 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2014-12-11 22:36 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-11 22:36 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-11 22:36 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-11 22:36 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-11 22:36 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-11 22:36 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-11 22:36 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-11 22:36 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-11 22:36 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-11 22:36 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-11 22:36 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-11 22:36 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-11 22:36 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-11 22:36 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-11 22:36 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2014-12-11 22:33 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-11 22:33 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-08 21:29 - 2014-12-08 21:29 - 00000000 ____D () C:\ProgramData\NetDrive2
2014-12-07 23:27 - 2014-12-07 23:27 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-07 23:25 - 2014-12-07 23:25 - 05162080 _____ (Piriform Ltd) C:\Users\JOP\Downloads\ccsetup500.exe
2014-12-07 23:18 - 2014-12-07 23:18 - 02739280 _____ (1&1 Mail & Media GmbH) C:\Users\JOP\Downloads\webde_onlinespeicher_setup.exe
2014-12-07 21:05 - 2014-12-07 21:05 - 00001464 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2014-12-07 21:01 - 2014-12-07 21:03 - 77872808 _____ (Landesfinanzdirektion Thüringen) C:\Users\JOP\Downloads\ElsterFormular-15.3.20141106p.exe
2014-11-29 20:04 - 2014-11-29 20:04 - 00000000 ____D () C:\Users\JOP\Documents\Fax
2014-11-29 20:03 - 2013-12-08 17:43 - 00001097 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 Creator.lnk
2014-11-23 17:09 - 2014-11-23 17:10 - 00000000 ____D () C:\Users\JOP\Documents\FilmScripte
2014-11-23 17:02 - 2014-11-23 22:55 - 00001162 _____ () C:\Users\JOP\Desktop\JOP - Verknüpfung.lnk
2014-11-22 20:58 - 2014-11-22 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-11-19 22:09 - 2014-11-19 22:10 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-11-19 22:09 - 2014-11-19 22:09 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-11-19 22:09 - 2014-11-19 22:09 - 00000000 ____D () C:\Users\JOP\AppData\Roaming\TuneUp Software
2014-11-19 22:09 - 2014-11-19 22:09 - 00000000 ____D () C:\Users\JOP\AppData\Local\TuneUp Software
2014-11-19 22:07 - 2014-11-19 22:15 - 00000000 ____D () C:\Program Files (x86)\Free M4a to MP3 Converter
2014-11-19 22:07 - 2014-11-19 22:15 - 00000000 ____D () C:\Program Files (x86)\File Type Advisor
2014-11-18 21:32 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-18 21:32 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-18 21:32 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-18 21:32 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-11-15 23:29 - 2014-11-15 23:29 - 00000000 ____D () C:\Program Files\Common Files\Common Desktop Agent
2014-11-15 23:28 - 2014-11-15 23:28 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Samsung
2014-11-15 23:28 - 2014-11-15 23:28 - 00000000 ____D () C:\Users\fbwuser\AppData\Roaming\Samsung
2014-11-15 11:16 - 2014-11-15 11:19 - 00000000 ____D () C:\Program Files (x86)\GUM902E.tmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-14 21:32 - 2014-01-26 19:37 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-14 21:21 - 2011-08-25 04:16 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-14 21:19 - 2011-08-25 04:24 - 02917623 _____ () C:\FaceProv.log
2014-12-14 20:59 - 2011-08-25 11:35 - 00699682 _____ () C:\windows\system32\perfh007.dat
2014-12-14 20:59 - 2011-08-25 11:35 - 00149790 _____ () C:\windows\system32\perfc007.dat
2014-12-14 20:59 - 2009-07-14 06:13 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-14 20:59 - 2009-07-14 05:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-14 20:59 - 2009-07-14 05:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-14 20:52 - 2012-05-28 18:44 - 00999768 _____ () C:\ndsvc.log
2014-12-14 20:52 - 2011-08-25 04:18 - 00135797 _____ () C:\windows\system32\fastboot.set
2014-12-14 20:51 - 2011-08-25 04:16 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-14 20:51 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-14 20:50 - 2013-10-14 00:00 - 00000000 ____D () C:\AdwCleaner
2014-12-14 20:47 - 2012-07-03 20:08 - 00000000 ____D () C:\Users\JOP\Desktop\cleaning
2014-12-14 20:38 - 2012-06-24 19:47 - 00001112 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723766367-1274792045-57920043-1001UA.job
2014-12-14 20:35 - 2014-02-04 23:44 - 00000000 ____D () C:\windows\pss
2014-12-14 20:27 - 2012-12-02 15:06 - 00113152 ___SH () C:\Users\JOP\Documents\Thumbs.db
2014-12-12 00:31 - 2014-05-06 22:08 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-12 00:31 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\AppCompat
2014-12-11 23:06 - 2013-08-16 23:50 - 00000000 ____D () C:\windows\system32\MRT
2014-12-11 22:58 - 2012-06-27 19:22 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-11 22:38 - 2012-06-24 19:47 - 00001060 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723766367-1274792045-57920043-1001Core.job
2014-12-11 22:38 - 2012-05-07 14:58 - 00010468 _____ () C:\Users\JOP\AppData\Roaming\SmarThruOptions.xml
2014-12-11 22:16 - 2014-10-12 16:43 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-11 22:14 - 2013-05-20 19:55 - 00000000 ___RD () C:\Users\JOP\Google Drive
2014-12-11 22:13 - 2011-08-25 04:24 - 00000000 ____D () C:\ProgramData\VeriFace
2014-12-09 22:32 - 2014-01-26 19:37 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-12-09 22:32 - 2013-03-02 09:23 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 22:32 - 2013-03-02 09:23 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-09 21:50 - 2012-05-04 22:01 - 00000000 ____D () C:\Users\JOP\AppData\Roaming\TrueCrypt
2014-12-08 22:20 - 2012-09-27 22:51 - 00000000 ____D () C:\Users\JOP\Documents\Youcam
2014-12-08 21:44 - 2014-11-08 19:22 - 00000000 ____D () C:\Users\JOP\Desktop\SCAN
2014-12-08 21:36 - 2014-11-06 23:50 - 00000000 ____D () C:\Users\JOP\Documents\Scan
2014-12-08 21:16 - 2014-11-06 23:35 - 00000072 _____ () C:\Users\Public\LMDebug.log
2014-12-07 23:31 - 2013-03-23 21:50 - 00000000 ____D () C:\windows\Minidump
2014-12-07 23:27 - 2012-05-04 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-07 23:27 - 2012-05-04 21:54 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-07 23:20 - 2013-06-30 20:14 - 00000000 ____D () C:\Users\JOP\AppData\Local\WEB.DE Application {sync-000021}
2014-12-07 23:04 - 2012-05-05 20:46 - 00000000 ____D () C:\Users\JOP\AppData\Roaming\Dropbox
2014-12-07 23:03 - 2012-05-05 20:46 - 00000000 ____D () C:\Users\JOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-07 21:45 - 2012-05-04 21:41 - 00000000 ____D () C:\Users\JOP
2014-12-07 21:05 - 2013-10-08 12:46 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-12-07 17:38 - 2012-11-04 16:55 - 00000000 ____D () C:\Users\JOP\Documents\JOP
2014-12-07 12:10 - 2012-05-04 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-12-07 12:09 - 2012-05-04 22:54 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-11-23 22:37 - 2012-05-05 21:29 - 00000000 ____D () C:\Users\JOP\AppData\Roaming\Skype
2014-11-23 18:41 - 2012-10-28 20:44 - 00000000 ____D () C:\ProgramData\tmp
2014-11-23 12:52 - 2012-09-15 16:13 - 00000000 ____D () C:\Users\JOP\AppData\Roaming\vlc
2014-11-22 20:58 - 2014-08-03 17:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-22 20:58 - 2012-05-05 21:29 - 00000000 ____D () C:\ProgramData\Skype
2014-11-16 16:19 - 2012-11-12 21:09 - 00000000 ____D () C:\Users\JOP\Documents\GARMIN
2014-11-16 11:01 - 2013-02-02 12:26 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-15 23:31 - 2014-11-06 23:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2014-11-15 23:29 - 2014-11-06 23:32 - 00000000 ____D () C:\ProgramData\Samsung
2014-11-15 22:58 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2014-11-15 12:26 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2014-11-15 11:16 - 2011-08-25 04:16 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-15 11:16 - 2011-08-25 04:16 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 20:33 - 2009-07-14 05:45 - 00382352 _____ () C:\windows\system32\FNTCACHE.DAT

Some content of TEMP:
====================
C:\Users\JOP\AppData\Local\Temp\Quarantine.exe
C:\Users\JOP\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-07 13:19

==================== End Of Log ============================

und der additional FRST scan

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014
Ran by JOP at 2014-12-14 21:36:03
Running from C:\Users\JOP\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AllDup 3.4.24 (HKLM-x32\...\AllDup_is1) (Version: 3.4.24 - Michael Thummerer Software Design)
AMR to MP3 Converter 1.4 (HKLM-x32\...\{C615B4A6-DDE8-4325-BCF8-E53E913D95E9}_is1) (Version:  - amrtomp3converter.com)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Any Video Converter 5.6.6 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Arizona Topo Map (HKLM-x32\...\Arizona Topo) (Version: 2.11 - GPSFileDepot.com)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
Atheros Client Installation Program (HKLM-x32\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
Benutzerhandbuch (x32 Version: 1.0.0.6 - Lenovo) Hidden
Benutzerhandbuch anzeigen (HKLM-x32\...\View User Guide) (Version: 3.60.30 - )
calibre 64bit (HKLM\...\{16B9E87F-260D-4FA9-B3ED-7049655C2E31}) (Version: 1.33.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
cGPSmapper Free 0100d (HKLM-x32\...\cGPSmapper Free_is1) (Version:  - cGPSmapper)
Cinergy DT USB XS Diversity (MKII) V3.12.00.00a (HKLM-x32\...\Cinergy DT USB XS Diversity (MKII)) (Version: 3.12.00.00a - )
Cinergy DT USB XS Diversity V3.12.00.00a (HKLM-x32\...\Cinergy DT USB XS Diversity) (Version: 3.12.00.00a - )
COLORADO TOPO 2011 (HKLM-x32\...\cotopo11) (Version:  - )
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Desert Southwest Topo (HKLM-x32\...\DesertSouthwest) (Version:  - )
Designer 2.0 (HKLM-x32\...\Designer 2.0_is1) (Version: 7.9.3 - Fomanu AG)
Dropbox (HKU\S-1-5-21-2723766367-1274792045-57920043-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
EasyCash&Tax 2.14 (HKLM-x32\...\EasyCash&Tax_is1) (Version:  - tm)
Elevated Installer (x32 Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
Elster-Export 1.14 (HKLM-x32\...\Elster-Export Plugin für EasyCash&Tax_is1) (Version:  - tm)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.1.6 - Lenovo)
Energy Management (x32 Version: 6.0.1.6 - Lenovo) Hidden
EPS Viewer (HKLM-x32\...\{32E05824-A0AC-4DFE-B965-5F52C28FBE9F}_is1) (Version:  - IdeaMK)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
Evernote v. 4.6.5 (HKLM-x32\...\{F47455A0-B827-11E2-870C-984BE15F174E}) (Version: 4.6.5.8353 - Evernote Corp.)
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Foto-Mosaik-Edda Standard V6.7.12231.1 (HKLM-x32\...\{A2D6ECD0-7E52-42B7-9236-DB2951436616}_is1) (Version:  - Steffen Schirmer)
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Garmin BaseCamp (HKLM-x32\...\{BC8E822D-0C54-4426-B7D3-876CFC47EFEC}) (Version: 4.4.4 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{13F054F3-0B07-4D15-9E80-C55B496AB557}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{22939821-cd61-449c-8a03-cff0af03c156}) (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin MapInstall (HKLM-x32\...\{0FBAFFD8-BCBA-4631-97E8-433DE7D1D753}) (Version: 4.0.1 - Garmin Ltd or its subsidiaries)
Garmin Training Center (HKLM-x32\...\{7D542452-84EB-47C0-97BA-735C523AB555}) (Version: 3.6.5 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
GMapTool 0.8.143 (HKLM-x32\...\{1873789F-59D5-4002-8A2F-60A827B78F98}_is1) (Version:  - AP)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
GPSBabel 1.4.3 (HKLM-x32\...\{1B8FE958-A304-4902-BF7A-4E2F0F5B7017}_is1) (Version:  - GPSBabel)
GSview 5.0 (HKLM-x32\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 3.2.2 - Kobo Inc.)
LAV Filters 0.53.2 (HKLM-x32\...\lavfilters_is1) (Version: 0.53.2 - Hendrik Leppkes)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7400 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.10.1201.1 - Vimicro)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.5 - Lenovo)
Lenovo Games Console (HKLM-x32\...\Lenovo Games Console) (Version: 1.2.6.436 - Oberon Media Inc.)
Lenovo MuteSync (HKLM-x32\...\InstallShield_{C39EF9B4-0C4F-4D48-8665-8FD45BFF3961}) (Version: 1.0.0.3 - Lenovo)
Lenovo MuteSync (x32 Version: 1.0.0.3 - Lenovo) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3603 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3603 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NetDrive (HKLM-x32\...\NetDrive) (Version: 1.3.2.0 - Bdrive Inc.)
New Mexico Topo Map (HKLM-x32\...\New Mexico Topo) (Version: 1.50 - GPSFileDepot.com)
Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden
Nokia Software Updater (HKLM-x32\...\{7130468A-F53F-4698-8C09-A339EA3B05E6}) (Version: 3.0.655 - Nokia Corporation)
NVIDIA Grafiktreiber 267.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.53 - NVIDIA Corporation)
OLYMPUS Digital Camera Updater (HKLM-x32\...\{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}) (Version: 1.0.3 - OLYMPUS IMAGING CORP.)
OLYMPUS Viewer 2 (HKLM-x32\...\{AEE39224-92BE-4389-9493-E57FF73BB96A}) (Version: 1.3.1 - OLYMPUS IMAGING CORP.)
Onekey Theater (HKLM-x32\...\InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}) (Version: 2.0.2.8 - Lenovo)
Onekey Theater (x32 Version: 2.0.2.8 - Lenovo) Hidden
OnlineFotoservice (HKLM-x32\...\OnlineFotoservice) (Version: 6.0.0 - CEWE Stiftung u Co. KGaA)
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
PDF reDirect (remove only) (HKLM-x32\...\PDF reDirect) (Version: v2.5.2 - EXP Systems LLC)
PDF24 Creator 6.1.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
Readiris Pro 10 (HKLM-x32\...\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}) (Version:  - )
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6301 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10010 - Realtek Semiconductor Corp.)
Samsung Drive Manager (HKLM-x32\...\{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}) (Version: 1.0.148 - Clarus)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.05.87 (08.09.2013) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.03.77.00(24.10.2013) - Samsung Electronics Co., Ltd.)
Samsung M267x 287x Series (HKLM-x32\...\Samsung M267x 287x Series) (Version: 1.24 (18.12.2013) - Samsung Electronics Co., Ltd.)
Samsung Network PC Fax (HKLM-x32\...\Samsung Network PC Fax) (Version: 1.10.11 (01.07.2013) - Samsung Electronics Co., Ltd.)
Samsung OCR Software (HKLM-x32\...\Samsung OCR Software) (Version: 1.00.14 (02.08.2013) - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (x32 Version: 1.01.12.00 - Samsung Electronics Co., Ltd.) Hidden
Samsung SCX-4200 Series (HKLM-x32\...\Samsung SCX-4200 Series) (Version:  - Samsung Electronics CO.,LTD)
SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-2723766367-1274792045-57920043-1001\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19269 - Gemalto N.V.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SmarThru 4 (HKLM-x32\...\{90F1943D-EA4A-4460-B59F-30023F3BA69A}) (Version:  - )
SmarThru Office (HKLM-x32\...\{9BC1E722-AE07-46A3-B7A6-556DBE18E22A}) (Version: 2.10.000 - Samsung Electronics Co., Ltd.)
Snapform Viewer 1.7.36 (HKLM-x32\...\2841-5017-1617-4151) (Version: 1.7.36 - Ringler Informatik AG)
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
SRS Premium Sound Control Panel (HKLM\...\{F3C66EC8-2F33-452D-9CFF-E8C886B3ECC4}) (Version: 1.11.0000 - SRS Labs, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.16.4 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TERRATEC Cinergy DT USB XS Diversity (64 Bit) (HKLM-x32\...\{715544BD-B49A-40A0-938B-152C5A1D99C3}) (Version: 3.12.00.00 - TERRATEC Electronic GmbH)
TerraTec Home Cinema (HKLM-x32\...\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}) (Version: 6.27.4 - )
TerraTec Remote Control (HKLM-x32\...\{483213DE-E8FC-44D9-8826-11D480BEE38D}) (Version: 5.53 - )
THC Codec Patch (HKLM-x32\...\{03DF2CB2-FF23-47F7-8754-8C3938A5F44C}) (Version: 1.00.0000 - )
THC codec patch (HKLM-x32\...\{667774E0-26BB-4194-9854-656A8DC5337B}) (Version: 1.00.0000 - TERRATEC)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UTAH TOPO 2011 (HKLM-x32\...\uttopo11) (Version:  - )
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.1.0126 - Lenovo)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WEB.DE Online-Speicher 1.8.3649.0 (HKU\S-1-5-21-2723766367-1274792045-57920043-1001\...\WEB.DE Application {sync-000021}) (Version: 1.8.3649.0 - 1&1 Mail & Media GmbH)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows-Treiberpaket - TerraTec  (mod7700) Media  (05/10/2009 3.12.0.0) (HKLM\...\2FAC7F7117585E142DED89EB34FB4C6D8A98A092) (Version: 05/10/2009 3.12.0.0 - TerraTec )
Windows-Treiberpaket - TerraTec  (mod7700) Media  (05/23/2009 3.12.0.0) (HKLM\...\2515928E07E927502134BBB67FFBDA000C7CE116) (Version: 05/23/2009 3.12.0.0 - TerraTec )
WinHTTrack Website Copier 3.46-1 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.46.1 - HTTrack)
Z-DBackup (HKLM-x32\...\{F2DA54F3-F7FB-4AE8-9B33-BEA5391E4A03}) (Version: 6.0.0.9 - IMU Andreas Baumann)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2723766367-1274792045-57920043-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\JOP\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2723766367-1274792045-57920043-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\JOP\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2723766367-1274792045-57920043-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723766367-1274792045-57920043-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723766367-1274792045-57920043-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723766367-1274792045-57920043-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723766367-1274792045-57920043-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723766367-1274792045-57920043-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723766367-1274792045-57920043-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723766367-1274792045-57920043-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

18-11-2014 21:57:15 Windows Update
19-11-2014 21:12:47 TuneUp Utilities 2014 wird entfernt
19-11-2014 21:13:41 TuneUp Utilities 2014 (de-DE) wird entfernt
19-11-2014 21:30:40 Windows Update
29-11-2014 15:31:29 Geplanter Prüfpunkt
07-12-2014 19:16:41 Geplanter Prüfpunkt
11-12-2014 21:55:22 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A5DC558-03CB-41D8-B4C4-AA6C5F07DAF4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2723766367-1274792045-57920043-1001UA => C:\Users\JOP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-04] (Google Inc.)
Task: {0D732FB0-77B3-4EAD-AF71-25256917754C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {182CF09D-7675-4C3B-ACED-91B5AED09086} - \Plus-HD-1.6-chromeinstaller No Task File <==== ATTENTION
Task: {1A18CA75-456B-40A5-88F2-CBFDDDAE22D8} - \LyricsSay-16-codedownloader No Task File <==== ATTENTION
Task: {24E9C19B-3798-48BF-83DD-AB1B348D61CE} - \LyricsSay-16-enabler No Task File <==== ATTENTION
Task: {561369E8-7B83-441D-97C2-D3E8831B48AC} - \LyricsSay-16-firefoxinstaller No Task File <==== ATTENTION
Task: {57404217-126E-407E-A06E-03CE963E5538} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {64213143-2E73-4859-893F-F806978FBE65} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-05] (CyberLink)
Task: {68664F5E-56EB-4AFC-A012-A11E6F1E259C} - System32\Tasks\{41B213FE-0594-4FC9-80A1-37C14C2ECEFD} => pcalua.exe -a C:\Users\JOP\Downloads\irfanview_plugins_433_setup.exe -d C:\Users\JOP\Downloads
Task: {70710D6A-F64C-4F85-8AD1-4386661B78BB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {70C31B96-4CE5-49E9-94A2-DC5DB40E644C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {7A6220FF-06E6-485E-8E4D-FD858B0C75D3} - System32\Tasks\{26DEFFE2-5541-4D0D-BABB-C8F6AB45D6F6} => pcalua.exe -a C:\Users\JOP\Downloads\garmin\Setup.exe -d C:\Users\JOP\Downloads\garmin
Task: {7DE4D5E9-E318-457C-B036-A9346CFDC1F3} - \LyricsSay-16-updater No Task File <==== ATTENTION
Task: {9B5BDCEC-DEEC-43FA-9C77-B8A8F73FFE38} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-27] ()
Task: {A498B4F4-E2CC-4E8B-9CE2-1FB8C9956A76} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {A6E19942-0F48-4EC5-810E-65ADE541D288} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {C4008950-BA6F-4EB7-B717-EF845A456A53} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2723766367-1274792045-57920043-1001Core => C:\Users\JOP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-04] (Google Inc.)
Task: {C59EF970-BA15-4669-8FA1-BC5B1E2FDE07} - \Plus-HD-1.6-firefoxinstaller No Task File <==== ATTENTION
Task: {D68CCC94-0AE1-42FB-8C6A-C5E2769F7770} - \LyricsSay-16-chromeinstaller No Task File <==== ATTENTION
Task: {EE7DB1A4-D8DC-4638-B8FD-C899027A1CC5} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {FED2073E-6458-45E6-96F6-192526A2AC46} - System32\Tasks\{2D61B20A-AB15-414D-8FA8-29E3E93C599D} => pcalua.exe -a C:\Users\JOP\Downloads\MapSource_6163.exe -d C:\Users\JOP\Downloads
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723766367-1274792045-57920043-1001Core.job => C:\Users\JOP\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723766367-1274792045-57920043-1001UA.job => C:\Users\JOP\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-06-06 15:20 - 2010-06-06 15:20 - 00065344 _____ () C:\windows\System32\PDFreDirectMon64.dll
2014-11-06 23:31 - 2012-11-14 17:43 - 00034304 _____ () C:\windows\System32\ssa6mlm.dll
2009-11-19 02:34 - 2009-11-19 02:34 - 00022016 _____ () C:\windows\System32\suge1l6.dll
2011-03-22 09:08 - 2011-03-22 09:08 - 00161280 _____ () C:\Program Files\NetDrive\libexpat.dll
2011-05-27 08:59 - 2009-01-12 07:15 - 00071096 _____ () C:\windows\SysWOW64\NMSAccess32.exe
2011-08-25 04:24 - 2011-08-25 04:23 - 00628064 _____ () C:\windows\system32\SimpleExt.dll
2013-02-02 12:26 - 2012-11-13 14:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-02-02 12:26 - 2012-11-13 14:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-02-02 12:26 - 2012-11-13 14:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-02-02 12:26 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-02-02 12:26 - 2012-11-13 14:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2014-12-14 20:23 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-14 20:23 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-14 20:23 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-14 20:23 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2013-02-02 12:26 - 2012-11-13 14:06 - 00554400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2013-10-07 20:21 - 2013-10-07 20:21 - 01777664 _____ () C:\Program Files (x86)\Google\Google Earth\client\QtCore4.dll
2013-10-07 20:24 - 2013-10-07 20:24 - 01224192 _____ () C:\Program Files (x86)\Google\Google Earth\client\IGCore.dll
2013-10-07 20:24 - 2013-10-07 20:24 - 00290816 _____ () C:\Program Files (x86)\Google\Google Earth\client\IGUtils.DLL
2013-10-07 20:24 - 2013-10-07 20:24 - 00631808 _____ () C:\Program Files (x86)\Google\Google Earth\client\IGMath.dll
2013-10-07 20:24 - 2013-10-07 20:24 - 01393664 _____ () C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\IGSg.dll
2013-10-07 20:24 - 2013-10-07 20:24 - 00751104 _____ () C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\IGAttrs.dll
2013-10-07 20:24 - 2013-10-07 20:24 - 03105280 _____ () C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\IGGfx.dll
2013-10-07 20:24 - 2013-10-07 20:24 - 00059392 _____ () C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\libEGL.dll
2013-10-07 20:24 - 2013-10-07 20:24 - 00519168 _____ () C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\libGLESv2.dll
2013-10-07 20:52 - 2013-10-07 20:52 - 17652224 _____ () C:\Program Files (x86)\Google\Google Earth\client\googleearth_free.dll
2013-10-07 20:24 - 2013-10-07 20:24 - 00726016 _____ () C:\Program Files (x86)\Google\Google Earth\client\IGExportCommon.dll
2013-10-07 20:24 - 2013-10-07 20:24 - 01050624 _____ () C:\Program Files (x86)\Google\Google Earth\client\IGOpt.dll
2013-10-07 20:32 - 2013-10-07 20:32 - 00015872 _____ () C:\Program Files (x86)\Google\Google Earth\client\alchemyext.dll
2013-10-07 20:21 - 2013-10-07 20:21 - 07877632 _____ () C:\Program Files (x86)\Google\Google Earth\client\QtWebKit4.dll
2013-10-07 20:21 - 2013-10-07 20:21 - 06174208 _____ () C:\Program Files (x86)\Google\Google Earth\client\QtGui4.dll
2013-10-07 20:21 - 2013-10-07 20:21 - 00518656 _____ () C:\Program Files (x86)\Google\Google Earth\client\QtNetwork4.dll
2013-10-07 20:28 - 2013-10-07 20:28 - 00086528 _____ () C:\Program Files (x86)\Google\Google Earth\client\ge_expat.dll
2013-10-07 20:21 - 2013-10-07 20:21 - 00018944 _____ () C:\Program Files (x86)\Google\Google Earth\client\imageformats\qgif4.dll
2013-10-07 20:21 - 2013-10-07 20:21 - 00158208 _____ () C:\Program Files (x86)\Google\Google Earth\client\imageformats\qjpeg4.dll
2013-10-07 20:24 - 2013-10-07 20:24 - 00145408 _____ () C:\Program Files (x86)\Google\Google Earth\client\alchemy\optimizations\IGOptExtension.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5F64C164

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2723766367-1274792045-57920043-500 - Administrator - Disabled)
Gast (S-1-5-21-2723766367-1274792045-57920043-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2723766367-1274792045-57920043-1003 - Limited - Enabled)
JOP (S-1-5-21-2723766367-1274792045-57920043-1001 - Administrator - Enabled) => C:\Users\JOP
UpdatusUser (S-1-5-21-2723766367-1274792045-57920043-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Zone Alarm Firewall Driver
Description: Zone Alarm Firewall Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Vsdatant
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/14/2014 09:19:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.18517, Zeitstempel: 0x53aa2e07
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000050506
ID des fehlerhaften Prozesses: 0x65c
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3

Error: (12/14/2014 08:52:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/14/2014 08:37:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/14/2014 08:12:34 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/14/2014 08:12:34 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/14/2014 08:12:34 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/14/2014 08:12:34 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/14/2014 08:12:34 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (12/14/2014 08:12:32 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/14/2014 08:12:32 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexserver kann wegen eines Datenbankfehlers keine Daten aktualisieren oder auf sie zugreifen. Beenden Sie den Suchdienst, und starten Sie ihn erneut. Wenn das Problem weiterhin besteht, setzen Sie den Inhaltsindex zurück, und crawlen Sie ihn erneut. In manchen Fällen muss der Inhaltsindex möglicherweise gelöscht und erneut erstellt werden.  (HRESULT : 0x8004117f) (0x8004117f)


System errors:
=============
Error: (12/14/2014 08:52:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
Vsdatant

Error: (12/14/2014 08:51:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%20

Error: (12/14/2014 08:50:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (12/14/2014 08:50:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/14/2014 08:50:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/14/2014 08:50:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/14/2014 08:50:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (12/14/2014 08:50:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Management and Security Application Local Management Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/14/2014 08:50:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/14/2014 08:50:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (12/14/2014 09:19:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.1.7601.175674d672ee4SHELL32.dll6.1.7601.1851753aa2e07c0000005000000000005050665c01d017d7641ffb1aC:\windows\explorer.exeC:\windows\system32\SHELL32.dll71a1dae3-83ce-11e4-88b2-e89a8f6ee3d3

Error: (12/14/2014 08:52:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/14/2014 08:37:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/14/2014 08:12:34 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (12/14/2014 08:12:34 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/14/2014 08:12:34 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/14/2014 08:12:34 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/14/2014 08:12:34 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (12/14/2014 08:12:32 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (12/14/2014 08:12:32 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexserver kann wegen eines Datenbankfehlers keine Daten aktualisieren oder auf sie zugreifen. Beenden Sie den Suchdienst, und starten Sie ihn erneut. Wenn das Problem weiterhin besteht, setzen Sie den Inhaltsindex zurück, und crawlen Sie ihn erneut. In manchen Fällen muss der Inhaltsindex möglicherweise gelöscht und erneut erstellt werden.  (HRESULT : 0x8004117f) (0x8004117f)


CodeIntegrity Errors:
===================================
  Date: 2012-07-08 20:39:54.841
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-08 20:00:50.410
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-08 19:29:58.480
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-08 01:56:01.518
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-07 18:59:27.740
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-07 18:29:19.314
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-07 15:38:22.912
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-07 15:30:43.638
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-07 15:22:12.602
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-07 15:01:08.213
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz
Percentage of memory in use: 71%
Total physical RAM: 4000.49 MB
Available physical RAM: 1139.05 MB
Total Pagefile: 7999.16 MB
Available Pagefile: 4392.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:653 GB) (Free:380.17 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:30.69 GB) (Free:13.87 GB) NTFS
Drive y: () (Fixed) (Total:29.97 GB) (Free:27.44 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 3689DBF2)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=653 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30.7 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

==================== End Of Log ============================

Viele Grüße und vielen Dank
JOP

schrauber · 14.12.2014, 23:20

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

JOP · 15.12.2014, 00:52

Hier das log file:

Code:

ATTFilter

ComboFix 14-12-14.01 - JOP 15.12.2014   0:06.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4000.820 [GMT 1:00]
ausgeführt von:: c:\users\JOP\Downloads\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\#Short company name#
c:\programdata\#Short company name#\#settings_subfolder#\Timerlist.xml
c:\users\JOP\AppData\Roaming\#Short company name#
c:\users\JOP\AppData\Roaming\#Short company name#\#settings_subfolder#\#dvr.ini
c:\windows\s.bat
c:\windows\tmp
c:\windows\tmp\dd_vcredistMSI5978.txt
c:\windows\tmp\dd_vcredistUI5978.txt
c:\windows\tmp\qtsingleapp-koboex-7d5-1-lockfile
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-11-14 bis 2014-12-14  ))))))))))))))))))))))))))))))
.
.
2014-12-14 23:33 . 2014-12-14 23:33	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-12-14 23:33 . 2014-12-14 23:33	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-12-14 20:06 . 2014-12-14 20:36	--------	d-----w-	C:\FRST
2014-12-11 23:31 . 2014-12-11 23:31	--------	d-----w-	c:\windows\system32\appraiser
2014-12-11 21:56 . 2014-10-18 01:33	3209728	----a-w-	c:\windows\SysWow64\mf.dll
2014-12-11 21:56 . 2014-07-07 02:06	206848	----a-w-	c:\windows\system32\mfps.dll
2014-12-11 21:56 . 2014-07-07 02:06	55808	----a-w-	c:\windows\system32\rrinstaller.exe
2014-12-11 21:56 . 2014-07-07 02:06	24576	----a-w-	c:\windows\system32\mfpmp.exe
2014-12-11 21:56 . 2014-07-07 02:02	2048	----a-w-	c:\windows\system32\mferror.dll
2014-12-11 21:56 . 2014-07-07 01:40	103424	----a-w-	c:\windows\SysWow64\mfps.dll
2014-12-11 21:56 . 2014-07-07 01:39	50176	----a-w-	c:\windows\SysWow64\rrinstaller.exe
2014-12-11 21:56 . 2014-07-07 01:39	23040	----a-w-	c:\windows\SysWow64\mfpmp.exe
2014-12-11 21:56 . 2014-07-07 01:37	2048	----a-w-	c:\windows\SysWow64\mferror.dll
2014-12-11 21:56 . 2014-10-18 02:05	4121600	----a-w-	c:\windows\system32\mf.dll
2014-12-11 21:36 . 2014-12-01 23:28	1232040	----a-w-	c:\windows\system32\aitstatic.exe
2014-12-11 21:33 . 2014-11-08 03:16	2048	----a-w-	c:\windows\system32\tzres.dll
2014-12-11 21:33 . 2014-11-08 02:45	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2014-12-08 20:29 . 2014-12-08 20:29	--------	d-----w-	c:\programdata\NetDrive2
2014-11-22 19:58 . 2014-11-22 19:58	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2014-11-19 21:09 . 2014-11-19 21:09	--------	d-----w-	c:\users\JOP\AppData\Local\TuneUp Software
2014-11-19 21:09 . 2014-11-19 21:09	--------	d-----w-	c:\users\JOP\AppData\Roaming\TuneUp Software
2014-11-19 21:09 . 2014-11-19 21:10	--------	d-----w-	c:\programdata\TuneUp Software
2014-11-19 21:09 . 2014-11-19 21:09	--------	d-sh--w-	c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-11-19 21:09 . 2014-11-19 21:09	--------	d--h--w-	c:\programdata\Common Files
2014-11-19 21:07 . 2014-11-19 21:15	--------	d-----w-	c:\program files (x86)\File Type Advisor
2014-11-19 21:07 . 2014-11-19 21:15	--------	d-----w-	c:\program files (x86)\Free M4a to MP3 Converter
2014-11-18 20:32 . 2014-11-11 03:08	241152	----a-w-	c:\windows\system32\pku2u.dll
2014-11-18 20:32 . 2014-11-11 03:08	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-11-18 20:32 . 2014-11-11 02:44	186880	----a-w-	c:\windows\SysWow64\pku2u.dll
2014-11-18 20:32 . 2014-11-11 02:44	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-11-15 22:29 . 2014-11-15 22:29	--------	d-----w-	c:\program files\Common Files\Common Desktop Agent
2014-11-15 22:29 . 2014-11-15 22:29	--------	d-----w-	c:\program files (x86)\Common Files\Common Desktop Agent
2014-11-15 22:28 . 2014-11-15 22:28	--------	d-----w-	c:\users\UpdatusUser\AppData\Roaming\Samsung
2014-11-15 22:28 . 2014-11-15 22:28	--------	d-----w-	c:\users\fbwuser\AppData\Roaming\Samsung
2014-11-15 10:16 . 2014-11-15 10:19	--------	d-----w-	c:\program files (x86)\GUM902E.tmp
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-11 21:58 . 2012-06-27 18:22	112710672	----a-w-	c:\windows\system32\MRT.exe
2014-12-09 21:32 . 2013-03-02 08:23	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-09 21:32 . 2013-03-02 08:23	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-25 01:57 . 2014-11-13 21:05	77824	----a-w-	c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-13 21:05	67584	----a-w-	c:\windows\SysWow64\packager.dll
2014-10-19 17:03 . 2013-08-16 17:53	43064	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2014-10-19 17:03 . 2013-08-16 17:52	131608	----a-w-	c:\windows\system32\drivers\avipbb.sys
2014-10-19 17:03 . 2013-08-16 17:52	119272	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-10-18 02:05 . 2014-11-13 21:05	861696	----a-w-	c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-13 21:05	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
2014-10-16 21:51 . 2014-10-22 20:08	215912	----a-w-	c:\windows\system32\NetDrive2.nd2np.dll
2014-10-16 21:51 . 2014-10-22 20:08	186728	----a-w-	c:\windows\SysWow64\NetDrive2.nd2np.dll
2014-10-14 02:16 . 2014-11-13 21:08	155064	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-13 21:08	683520	----a-w-	c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-13 21:05	3241984	----a-w-	c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-13 21:08	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-13 21:08	146432	----a-w-	c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-13 21:08	681984	----a-w-	c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-13 21:08	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-13 21:05	2363904	----a-w-	c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-13 21:08	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-13 21:08	146432	----a-w-	c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-13 21:08	681984	----a-w-	c:\windows\SysWow64\adtschema.dll
2014-10-10 00:57 . 2014-11-13 21:05	3198976	----a-w-	c:\windows\system32\win32k.sys
2014-10-03 02:12 . 2014-11-13 21:06	500224	----a-w-	c:\windows\system32\AUDIOKSE.dll
2014-10-03 02:11 . 2014-11-13 21:06	284672	----a-w-	c:\windows\system32\EncDump.dll
2014-10-03 02:11 . 2014-11-13 21:06	680960	----a-w-	c:\windows\system32\audiosrv.dll
2014-10-03 02:11 . 2014-11-13 21:06	440832	----a-w-	c:\windows\system32\AudioEng.dll
2014-10-03 02:11 . 2014-11-13 21:06	296448	----a-w-	c:\windows\system32\AudioSes.dll
2014-10-03 01:44 . 2014-11-13 21:06	442880	----a-w-	c:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44 . 2014-11-13 21:06	374784	----a-w-	c:\windows\SysWow64\AudioEng.dll
2014-10-03 01:44 . 2014-11-13 21:06	195584	----a-w-	c:\windows\SysWow64\AudioSes.dll
2014-09-25 02:08 . 2014-10-03 15:41	371712	----a-w-	c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-03 15:41	519680	----a-w-	c:\windows\SysWow64\qdvd.dll
2014-09-19 09:42 . 2014-11-13 21:06	210944	----a-w-	c:\windows\system32\wdigest.dll
2014-09-19 09:42 . 2014-11-13 21:06	86528	----a-w-	c:\windows\system32\TSpkg.dll
2014-09-19 09:42 . 2014-11-13 21:06	342016	----a-w-	c:\windows\system32\schannel.dll
2014-09-19 09:42 . 2014-11-13 21:06	314880	----a-w-	c:\windows\system32\msv1_0.dll
2014-09-19 09:42 . 2014-11-13 21:06	309760	----a-w-	c:\windows\system32\ncrypt.dll
2014-09-19 09:42 . 2014-11-13 21:06	22016	----a-w-	c:\windows\system32\credssp.dll
2014-09-19 09:23 . 2014-11-13 21:06	172032	----a-w-	c:\windows\SysWow64\wdigest.dll
2014-09-19 09:23 . 2014-11-13 21:06	65536	----a-w-	c:\windows\SysWow64\TSpkg.dll
2014-09-19 09:23 . 2014-11-13 21:06	248832	----a-w-	c:\windows\SysWow64\schannel.dll
2014-09-19 09:23 . 2014-11-13 21:06	221184	----a-w-	c:\windows\SysWow64\ncrypt.dll
2014-09-19 09:23 . 2014-11-13 21:06	259584	----a-w-	c:\windows\SysWow64\msv1_0.dll
2014-09-19 09:23 . 2014-11-13 21:06	17408	----a-w-	c:\windows\SysWow64\credssp.dll
2013-12-07 23:55 . 2013-12-07 23:55	49940480	----a-w-	c:\program files (x86)\GUT278A.tmp
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ 1&1 Sync Overlay 1]
@="{02B2B772-B8A8-4DA4-9B18-42551A54A1A8}"
[HKEY_CLASSES_ROOT\CLSID\{02B2B772-B8A8-4DA4-9B18-42551A54A1A8}]
2014-06-04 16:12	345088	----a-w-	c:\program files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140831174457455.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ 1&1 Sync Overlay 2]
@="{0575AB16-E932-4160-8936-4DBE195BDBD7}"
[HKEY_CLASSES_ROOT\CLSID\{0575AB16-E932-4160-8936-4DBE195BDBD7}]
2014-06-04 16:12	345088	----a-w-	c:\program files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140831174457455.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ 1&1 Sync Overlay 3]
@="{0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E}"
[HKEY_CLASSES_ROOT\CLSID\{0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E}]
2014-06-04 16:12	345088	----a-w-	c:\program files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140831174457455.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ 1&1 Sync Overlay 4]
@="{1A4AFFE1-B2F9-483D-B627-D9A339DBFD34}"
[HKEY_CLASSES_ROOT\CLSID\{1A4AFFE1-B2F9-483D-B627-D9A339DBFD34}]
2014-06-04 16:12	345088	----a-w-	c:\program files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140831174457455.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09	131480	----a-w-	c:\users\JOP\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09	131480	----a-w-	c:\users\JOP\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09	131480	----a-w-	c:\users\JOP\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-10-21 22869088]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-11-21 7063832]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2012-05-04 1516496]
"SanDiskSecureAccess_Manager.exe"="c:\users\JOP\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe" [2011-06-29 27311232]
"Samsung Drive Manager"="c:\program files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe" [2012-05-11 5798008]
"Remote Control Editor"="c:\program files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe" [2012-05-14 1834496]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-08-27 688984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-08-25 329056]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-11-18 703736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2013-12-06 186408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-03 1021128]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-10-22 124208]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2010-12-05 224352]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-05 136488]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"STO Launcher Service"="c:\program files (x86)\SmarThru Office\x64\LegacyLauncher.exe" [2012-07-25 405624]
"STO Backup Service"="c:\program files (x86)\SmarThru Office\BackUpSvr.exe" [2012-07-25 199800]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2013-10-24 698984]
"NSU_agent"="c:\program files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2012-02-28 190768]
"NetDrive"="c:\program files\NetDrive\NetDrive.exe" [2014-05-07 3620864]
"MuteSync"="c:\progra~2\Lenovo\LENOVO~1\MuteSync.exe" [2009-12-28 336384]
"331BigDog"="c:\program files (x86)\USB Camera\VM331_STI.EXE" [2010-09-27 536576]
.
c:\users\JOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-5-8 1089888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Samsung Drive Manager Real-Time.lnk - c:\program files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe [2012-7-28 135168]
Samsung Network PC Fax.lnk - c:\windows\System32\spool\drivers\x64\3\NetFaxTray64.exe [2014-11-6 380976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Dokan_NetDrive2;Dokan_NetDrive2;c:\program files\NetDrive2\dokan.sys;c:\program files\NetDrive2\dokan.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 MODRC;Cinergy DT USB XS Diversity (MKII) IR Service;c:\windows\system32\DRIVERS\modrc.sys;c:\windows\SYSNATIVE\DRIVERS\modrc.sys [x]
R3 ndfs;ndfs;c:\program files\NetDrive\ndfs.sys;c:\program files\NetDrive\ndfs.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 ndsvc;NetDrive Service;c:\program files\NetDrive\ndsvc.exe;c:\program files\NetDrive\ndsvc.exe [x]
S2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\x64\3\NetFaxServer64.exe;c:\windows\SYSNATIVE\spool\drivers\x64\3\NetFaxServer64.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 SZDrvSvc;Samsung Drive Manager Service;c:\program files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe;c:\program files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 mdf16;mdf16;c:\program files (x86)\Clarus\Samsung Drive Manager\mdf16.sys;c:\program files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [x]
S3 mvd23;mvd23;c:\program files (x86)\Clarus\Samsung Drive Manager\mvd23.sys;c:\program files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x]
S3 vmuvcflt;Vimicro USB Camera Filter;c:\windows\system32\Drivers\vmuvcflt.sys;c:\windows\SYSNATIVE\Drivers\vmuvcflt.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - TRUECRYPT
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-14 19:23	1087816	----a-w-	c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-12-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-02 20:33]
.
2014-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-25 16:57]
.
2014-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-25 16:57]
.
2014-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723766367-1274792045-57920043-1001Core.job
- c:\users\JOP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-24 20:48]
.
2014-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723766367-1274792045-57920043-1001UA.job
- c:\users\JOP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-24 20:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ 1&1 Sync Overlay 1]
@="{02B2B772-B8A8-4DA4-9B18-42551A54A1A8}"
[HKEY_CLASSES_ROOT\CLSID\{02B2B772-B8A8-4DA4-9B18-42551A54A1A8}]
2014-06-04 16:12	373248	----a-w-	c:\program files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140831174457455.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ 1&1 Sync Overlay 2]
@="{0575AB16-E932-4160-8936-4DBE195BDBD7}"
[HKEY_CLASSES_ROOT\CLSID\{0575AB16-E932-4160-8936-4DBE195BDBD7}]
2014-06-04 16:12	373248	----a-w-	c:\program files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140831174457455.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ 1&1 Sync Overlay 3]
@="{0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E}"
[HKEY_CLASSES_ROOT\CLSID\{0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E}]
2014-06-04 16:12	373248	----a-w-	c:\program files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140831174457455.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ 1&1 Sync Overlay 4]
@="{1A4AFFE1-B2F9-483D-B627-D9A339DBFD34}"
[HKEY_CLASSES_ROOT\CLSID\{1A4AFFE1-B2F9-483D-B627-D9A339DBFD34}]
2014-06-04 16:12	373248	----a-w-	c:\program files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140831174457455.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10	164760	----a-w-	c:\users\JOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10	164760	----a-w-	c:\users\JOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10	164760	----a-w-	c:\users\JOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10	164760	----a-w-	c:\users\JOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-10-21 16:52	777032	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-10-21 16:52	777032	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-10-21 16:52	777032	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-10-21 16:52	777032	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-10-21 16:52	777032	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-10-21 16:52	777032	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-08-25 03:23	1508192	----a-w-	c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-08-25 114688]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-08-25 789920]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-08-25 9745312]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-08-25 5374880]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-26 11775592]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2012-03-09 462712]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2012-05-22 980920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Auswahl speichern - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Bild ausschneiden - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Diese Seite ausschneiden - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Neue Notiz - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: SmarThru4 Als HTML speichern - c:\program files (x86)\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Auswahl erfassen - c:\program files (x86)\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Capture Selection - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll2.htm
IE: SmarThru4 Markierten Text speichern - c:\program files (x86)\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Save as HTML - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files (x86)\SmarThru 4\WebCapture.dll
IE: URL notieren - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-EEDSpeedLauncher - c:\windows\system32\eed_ec.dll
Wow6432Node-HKU-Default-Run-EEDSpeedLauncher - c:\windows\system32\eed_ec.dll
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-12-15  00:42:03
ComboFix-quarantined-files.txt  2014-12-14 23:42
.
Vor Suchlauf: 28 Verzeichnis(se), 408.028.274.688 Bytes frei
Nach Suchlauf: 34 Verzeichnis(se), 407.886.807.040 Bytes frei
.
- - End Of File - - FCBD821251F29A324AE1936B491FE8AE

schrauber · 15.12.2014, 19:46

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

JOP · 15.12.2014, 22:42

Hi,
scheint alles wieder ok. Vielen Dank für die Hilfe.

mbam.txt

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 15.12.2014
Suchlauf-Zeit: 21:40:52
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2014.12.15.05
Rootkit Datenbank: v2014.12.14.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: JOP

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 421598
Verstrichene Zeit: 28 Min, 44 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 1
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bbecdmcnlcoebdcidcfdkoimbjkcegbc, , [021fd68d5428979f76fc9ad709fa60a0], 

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 1
PUP.Optional.CrossRider.A, C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh, , [7ca5303381fb48ee0be55ed325de4cb4], 

Dateien: 13
PUP.Optional.OneClickDownloader.A, C:\Users\JOP\Downloads\download_torntv (3).exe, , [bf62c59e2d4f2f07f47583ac0ff2c739], 
PUP.Optional.SweetIM, C:\Users\JOP\Downloads\sweetimsetup.exe, , [ef32263d4b3187af3b9a6e2732d34ab6], 
PUP.Optional.Installcore, C:\Users\JOP\Downloads\ImageEditorSetup.exe, , [fa273330017b979f72e98f8ee42125db], 
PUP.Optional.Firseria, C:\Users\JOP\Downloads\InfraRecorder.exe, , [a879ee75f28a52e42682504756af51af], 
PUP.Optional.CrossRider.A, C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh\000005.sst, , [7ca5303381fb48ee0be55ed325de4cb4], 
PUP.Optional.CrossRider.A, C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh\000014.sst, , [7ca5303381fb48ee0be55ed325de4cb4], 
PUP.Optional.CrossRider.A, C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh\000017.sst, , [7ca5303381fb48ee0be55ed325de4cb4], 
PUP.Optional.CrossRider.A, C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh\000018.log, , [7ca5303381fb48ee0be55ed325de4cb4], 
PUP.Optional.CrossRider.A, C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh\CURRENT, , [7ca5303381fb48ee0be55ed325de4cb4], 
PUP.Optional.CrossRider.A, C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh\LOCK, , [7ca5303381fb48ee0be55ed325de4cb4], 
PUP.Optional.CrossRider.A, C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh\LOG, , [7ca5303381fb48ee0be55ed325de4cb4], 
PUP.Optional.CrossRider.A, C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh\LOG.old, , [7ca5303381fb48ee0be55ed325de4cb4], 
PUP.Optional.CrossRider.A, C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh\MANIFEST-000016, , [7ca5303381fb48ee0be55ed325de4cb4], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)

ADwCleaner.txt

Code:

ATTFilter

# AdwCleaner v4.105 - Bericht erstellt am 15/12/2014 um 22:16:17
# Aktualisiert 08/12/2014 von Xplode
# Database : 2014-12-13.4 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : JOP - JOP-PC
# Gestartet von : C:\Users\JOP\Desktop\cleaning\adwcleaner_4.105.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16599


-\\ Mozilla Firefox v29.0.1 (de)


-\\ Google Chrome v39.0.2171.95


*************************

AdwCleaner[R0].txt - [2689 octets] - [14/10/2013 00:01:00]
AdwCleaner[R10].txt - [1901 octets] - [15/12/2014 22:13:55]
AdwCleaner[R1].txt - [33424 octets] - [27/10/2013 19:13:43]
AdwCleaner[R2].txt - [10280 octets] - [31/10/2013 21:42:32]
AdwCleaner[R3].txt - [1504 octets] - [31/10/2013 22:16:12]
AdwCleaner[R4].txt - [1407 octets] - [24/11/2013 01:33:38]
AdwCleaner[R5].txt - [3430 octets] - [30/12/2013 02:12:27]
AdwCleaner[R6].txt - [1715 octets] - [03/05/2014 19:49:20]
AdwCleaner[R7].txt - [3658 octets] - [01/06/2014 19:13:56]
AdwCleaner[R8].txt - [3636 octets] - [01/06/2014 19:21:16]
AdwCleaner[R9].txt - [5185 octets] - [14/12/2014 20:47:52]
AdwCleaner[S0].txt - [2628 octets] - [14/10/2013 00:02:36]
AdwCleaner[S1].txt - [33252 octets] - [27/10/2013 19:15:11]
AdwCleaner[S2].txt - [10342 octets] - [31/10/2013 21:45:26]
AdwCleaner[S3].txt - [1565 octets] - [31/10/2013 22:16:57]
AdwCleaner[S4].txt - [3493 octets] - [30/12/2013 02:13:17]
AdwCleaner[S5].txt - [1776 octets] - [03/05/2014 19:50:17]
AdwCleaner[S6].txt - [3577 octets] - [01/06/2014 19:22:36]
AdwCleaner[S7].txt - [4712 octets] - [14/12/2014 20:50:32]
AdwCleaner[S8].txt - [1822 octets] - [15/12/2014 22:16:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [1882 octets] ##########

JRT.txt

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by JOP on 15.12.2014 at 22:24:04,85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\JOP\AppData\Roaming\mozilla\firefox\profiles\dehvhf1a.default\minidumps [5 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.12.2014 at 22:28:09,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by JOP (administrator) on JOP-PC on 15-12-2014 22:29:13
Running from C:\Users\JOP\Downloads
Loaded Profiles: UpdatusUser & JOP (Available profiles: UpdatusUser & JOP)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Bdrive Inc.) C:\Program Files\NetDrive\ndsvc.exe
() C:\Windows\SysWOW64\NMSAccess32.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SmarThru Office\x64\LegacyLauncher.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2712360 2011-03-24] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-08-25] (Lenovo)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789920 2011-08-25] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9745312 2011-08-25] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5374880 2011-08-25] (Lenovo(beijing) Limited)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [336384 2009-12-28] (Lenovo)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2010-09-27] (Vimicro)
HKLM-x32\...\Run: [STO Launcher Service] => C:\Program Files (x86)\SmarThru Office\x64\LegacyLauncher.exe [405624 2012-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2723766367-1274792045-57920043-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [FactoryTest] => C:\Windows\Test.bat
HKU\S-1-5-21-2723766367-1274792045-57920043-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-08-25] (Google Inc.)
HKU\S-1-5-21-2723766367-1274792045-57920043-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Power2GoExpress] => NA
HKU\S-1-5-21-2723766367-1274792045-57920043-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-2723766367-1274792045-57920043-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-2723766367-1274792045-57920043-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-2723766367-1274792045-57920043-1001\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2012-05-04] (TrueCrypt Foundation)
HKU\S-1-5-21-2723766367-1274792045-57920043-1001\...\Run: [Samsung Drive Manager] => C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe [5798008 2012-05-11] (Clarus, Inc.)
HKU\S-1-5-21-2723766367-1274792045-57920043-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [226920 2011-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [192616 2011-03-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk
ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (Samsung Electronics Co., Ltd.)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140831174457455.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140831174457455.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140831174457455.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140831174457455.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140831174457455.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140831174457455.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140831174457455.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140831174457455.dll (1&1 Mail & Media GmbH)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2723766367-1274792045-57920043-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2723766367-1274792045-57920043-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKU\S-1-5-21-2723766367-1274792045-57920043-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKU\S-1-5-21-2723766367-1274792045-57920043-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKU\S-1-5-21-2723766367-1274792045-57920043-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.lenovo.com
HKU\S-1-5-21-2723766367-1274792045-57920043-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-2723766367-1274792045-57920043-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2723766367-1274792045-57920043-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2723766367-1274792045-57920043-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2723766367-1274792045-57920043-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2723766367-1274792045-57920043-1001 -> {74216CC7-FD64-4645-B276-EC3DCFDD23E1} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2723766367-1274792045-57920043-1001 -> {E9DB9E7B-A275-41D1-8158-D0423FBEBDEB} URL = hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&cof=&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
Toolbar: HKLM-x32 - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2723766367-1274792045-57920043-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2723766367-1274792045-57920043-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\JOP\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2723766367-1274792045-57920043-1001: @talk.google.com/O1DPlugin -> C:\Users\JOP\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2723766367-1274792045-57920043-1001: @tools.google.com/Google Update;version=3 -> C:\Users\JOP\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2723766367-1274792045-57920043-1001: @tools.google.com/Google Update;version=9 -> C:\Users\JOP\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\JOP\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\JOP\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\searchplugins\yahoo_ff.xml
FF Extension: Avira Browser Safety - C:\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\Extensions\abs@avira.com [2014-08-31]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-08-31]

Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Send using Gmailâ„¢ (no button)) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahldefgplekckalfcolhhnljbbgaiboc [2012-05-07]
CHR Extension: (Google Drive) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (Adblock Plus) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-10-31]
CHR Extension: (Google Kalender) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2012-05-07]
CHR Extension: (Avira Browserschutz) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-20]
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2012-06-05]
CHR Extension: (Google Kalender (von Google)) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2012-05-07]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-08]
CHR Extension: (Boomerang for Gmail) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2014-12-07]
CHR Extension: (Google Mail-Checker) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-04-21]
CHR Extension: (Hangouts) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2013-04-21]
CHR Extension: (Webutation) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfclfmabiojpommfcalfdgjjeaahnjbj [2013-09-15]
CHR Extension: (Google Wallet) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2012-05-07]
CHR Profile: C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4
CHR Extension: (Google Präsentationen) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-09]
CHR Extension: (Google Docs) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-09]
CHR Extension: (Google Drive) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-09]
CHR Extension: (YouTube) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-09]
CHR Extension: (Google-Suche) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-09]
CHR Extension: (Google Tabellen) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-09]
CHR Extension: (Avira Browserschutz) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-09]
CHR Extension: (Skype Click to Call) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-12-09]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-09]
CHR Extension: (Google Wallet) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-09]
CHR Extension: (Google Mail) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-09]
CHR HKU\S-1-5-21-2723766367-1274792045-57920043-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\JOP\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-20]
CHR HKU\S-1-5-21-2723766367-1274792045-57920043-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [993584 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953632 2010-12-14] (Broadcom Corporation.)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [441176 2014-08-27] (Garmin Ltd or its subsidiaries)
R2 ndsvc; C:\Program Files\NetDrive\ndsvc.exe [2789376 2013-03-01] (Bdrive Inc.) [File not signed]
R2 NMSAccess; C:\windows\SysWOW64\NMSAccess32.exe [71096 2009-01-12] ()
R2 Samsung Network Fax Server; C:\windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [508464 2013-07-01] (Samsung Electronics Co., Ltd.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 SZDrvSvc; C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe [19456 2012-05-11] (Clarus, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-30] (Avira Operations GmbH & Co. KG)
S2 DgiVecp; C:\windows\system32\Drivers\DgiVecp.sys [53816 2009-10-06] (Samsung Electronics Co., Ltd.)
R3 mdf16; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [22336 2011-03-23] ()
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [632616 2012-09-20] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [25000 2012-09-20] (DiBcom S.A.)
R3 mvd23; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [101184 2011-05-19] ()
S3 ndfs; C:\Program Files\NetDrive\ndfs.sys [63712 2013-02-01] (Bdrive Inc.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
R4 truecrypt; C:\Program Files\TrueCrypt\truecrypt-x64.sys [231376 2012-05-04] (TrueCrypt Foundation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [228224 2010-09-27] (Vimicro Corporation)
R3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-09-27] (Vimicro Corporation)
U3 BcmSqlStartupSvc; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
S2 Dokan_NetDrive2; \??\C:\Program Files\NetDrive2\dokan.sys [X]
U2 DriverService; No ImagePath
U2 IAStorDataMgrSvc; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
U2 Stereo Service; No ImagePath
S1 Vsdatant; system32\DRIVERS\vsdatant.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-15 22:29 - 2014-12-15 22:29 - 00000000 ____D () C:\Users\JOP\Downloads\FRST-OlderVersion
2014-12-15 22:28 - 2014-12-15 22:28 - 00000752 _____ () C:\Users\JOP\Desktop\JRT.txt
2014-12-15 22:24 - 2014-12-15 22:24 - 00000000 ____D () C:\windows\ERUNT
2014-12-15 22:22 - 2014-12-15 22:22 - 00000020 ___SH () C:\Users\TEMP\ntuser.ini
2014-12-15 22:22 - 2014-12-15 22:22 - 00000000 _SHDL () C:\Users\TEMP\Vorlagen
2014-12-15 22:22 - 2014-12-15 22:22 - 00000000 _SHDL () C:\Users\TEMP\Startmenü
2014-12-15 22:22 - 2014-12-15 22:22 - 00000000 _SHDL () C:\Users\TEMP\Netzwerkumgebung
2014-12-15 22:22 - 2014-12-15 22:22 - 00000000 _SHDL () C:\Users\TEMP\Lokale Einstellungen
2014-12-15 22:22 - 2014-12-15 22:22 - 00000000 _SHDL () C:\Users\TEMP\Eigene Dateien
2014-12-15 22:22 - 2014-12-15 22:22 - 00000000 _SHDL () C:\Users\TEMP\Druckumgebung
2014-12-15 22:22 - 2014-12-15 22:22 - 00000000 _SHDL () C:\Users\TEMP\Documents\Eigene Musik
2014-12-15 22:22 - 2014-12-15 22:22 - 00000000 _SHDL () C:\Users\TEMP\Documents\Eigene Bilder
2014-12-15 22:22 - 2014-12-15 22:22 - 00000000 _SHDL () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-15 22:22 - 2014-12-15 22:22 - 00000000 _SHDL () C:\Users\TEMP\AppData\Local\Verlauf
2014-12-15 22:22 - 2014-12-15 22:22 - 00000000 _SHDL () C:\Users\TEMP\AppData\Local\Anwendungsdaten
2014-12-15 22:22 - 2014-12-15 22:22 - 00000000 _SHDL () C:\Users\TEMP\Anwendungsdaten
2014-12-15 22:22 - 2014-12-15 22:22 - 00000000 ____D () C:\Users\TEMP
2014-12-15 22:22 - 2012-06-02 11:50 - 00000000 ____D () C:\Users\TEMP\AppData\LocalGoogle
2014-12-15 22:22 - 2012-06-02 11:50 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Google
2014-12-15 22:22 - 2011-08-25 04:32 - 00002104 _____ () C:\Users\TEMP\Desktop\OneKey Recovery.lnk
2014-12-15 22:22 - 2011-08-25 04:32 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-12-15 22:22 - 2011-08-25 04:26 - 00001136 _____ () C:\Users\TEMP\Desktop\Cyberlink Power2Go.lnk
2014-12-15 22:22 - 2010-12-19 06:31 - 00000189 _____ () C:\Users\TEMP\Desktop\Lenovo Telephony Start Now.url
2014-12-15 22:22 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-15 22:22 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-15 22:21 - 2014-12-15 22:21 - 00001962 _____ () C:\Users\JOP\Desktop\AdwCleaner[S8].txt
2014-12-15 22:11 - 2014-12-15 22:11 - 00003616 _____ () C:\Users\JOP\Desktop\mbam.txt
2014-12-15 21:40 - 2014-12-15 21:40 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-15 21:40 - 2014-12-15 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-15 21:40 - 2014-12-15 21:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-15 21:40 - 2014-12-15 21:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-15 21:40 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-12-15 21:40 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-12-15 21:40 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-12-15 21:38 - 2014-12-15 21:39 - 01707646 _____ (Thisisu) C:\Users\JOP\Downloads\JRT.exe
2014-12-15 21:37 - 2014-12-15 21:38 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\JOP\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-15 01:45 - 2014-12-15 01:47 - 00001376 _____ () C:\Users\JOP\Desktop\TrueCrypt.exe.lnk
2014-12-15 00:48 - 2014-12-15 00:48 - 00000002 _____ () C:\MyDrive1GB.log
2014-12-15 00:43 - 2014-12-15 00:43 - 00003226 _____ () C:\windows\System32\Tasks\SidebarExecute
2014-12-15 00:43 - 2014-12-15 00:43 - 00000000 ____D () C:\Users\JOP\My Vaults
2014-12-15 00:42 - 2014-12-15 00:42 - 00037139 _____ () C:\ComboFix.txt
2014-12-15 00:00 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2014-12-15 00:00 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2014-12-15 00:00 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-12-15 00:00 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-12-15 00:00 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-12-15 00:00 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2014-12-15 00:00 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2014-12-15 00:00 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2014-12-14 23:53 - 2014-12-15 00:42 - 00000000 ____D () C:\Qoobox
2014-12-14 23:49 - 2014-12-15 00:36 - 00000000 ____D () C:\windows\erdnt
2014-12-14 23:48 - 2014-12-14 23:48 - 05601641 ____R (Swearware) C:\Users\JOP\Downloads\ComboFix.exe
2014-12-14 21:36 - 2014-12-14 21:36 - 00048243 _____ () C:\Users\JOP\Downloads\Addition.txt
2014-12-14 21:33 - 2014-12-15 22:29 - 00031024 _____ () C:\Users\JOP\Downloads\FRST.txt
2014-12-14 21:32 - 2014-12-14 21:32 - 00005354 _____ () C:\Users\JOP\JOPAirports.kmz
2014-12-14 21:22 - 2014-12-14 21:22 - 00001551 _____ () C:\Users\JOP\Desktop\Programs - Verknüpfung.lnk
2014-12-14 21:06 - 2014-12-15 22:29 - 00000000 ____D () C:\FRST
2014-12-14 21:05 - 2014-12-15 22:29 - 02119168 _____ (Farbar) C:\Users\JOP\Downloads\FRST64.exe
2014-12-14 20:57 - 2014-12-14 20:57 - 02166272 _____ () C:\Users\JOP\Downloads\adwcleaner_4.105 (1).exe
2014-12-14 20:51 - 2014-12-15 22:17 - 00006302 _____ () C:\windows\PFRO.log
2014-12-14 20:47 - 2014-12-14 20:47 - 02166272 _____ () C:\Users\JOP\Downloads\adwcleaner_4.105.exe
2014-12-14 20:14 - 2014-12-15 22:25 - 00067910 _____ () C:\windows\WindowsUpdate.log
2014-12-14 20:10 - 2014-12-15 22:18 - 00000392 _____ () C:\windows\setupact.log
2014-12-14 20:10 - 2014-12-14 20:10 - 00000000 _____ () C:\windows\setuperr.log
2014-12-12 00:31 - 2014-12-12 00:31 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-11 22:56 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-11 22:56 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-11 22:56 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-12-11 22:56 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2014-12-11 22:56 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2014-12-11 22:56 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2014-12-11 22:56 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2014-12-11 22:56 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2014-12-11 22:56 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2014-12-11 22:56 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2014-12-11 22:37 - 2014-11-24 23:12 - 17874432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-11 22:37 - 2014-11-24 22:59 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-12-11 22:37 - 2014-11-24 22:54 - 10921984 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-11 22:37 - 2014-11-24 22:53 - 02339840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-11 22:37 - 2014-11-24 22:47 - 01392128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-11 22:37 - 2014-11-24 22:47 - 01388032 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-11 22:37 - 2014-11-24 22:45 - 01494016 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-11 22:37 - 2014-11-24 22:45 - 00237056 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-12-11 22:37 - 2014-11-24 22:45 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-11 22:37 - 2014-11-24 22:44 - 02157056 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-11 22:37 - 2014-11-24 22:44 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-12-11 22:37 - 2014-11-24 22:44 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-11 22:37 - 2014-11-24 22:44 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-11 22:37 - 2014-11-24 22:44 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-11 22:37 - 2014-11-24 22:44 - 00282112 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-11 22:37 - 2014-11-24 22:44 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-11 22:37 - 2014-11-24 22:44 - 00055296 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-12-11 22:37 - 2014-11-24 22:44 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-12-11 22:37 - 2014-11-24 22:43 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-11 22:37 - 2014-11-24 22:43 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-11 22:37 - 2014-11-24 22:43 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-12-11 22:37 - 2014-11-24 22:42 - 00248320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-11 22:37 - 2014-11-24 21:44 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2014-12-11 22:37 - 2014-11-24 21:41 - 12369920 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-11 22:37 - 2014-11-24 21:40 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-11 22:37 - 2014-11-24 21:37 - 09740800 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-11 22:37 - 2014-11-24 21:35 - 01139712 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-11 22:37 - 2014-11-24 21:35 - 01129472 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-11 22:37 - 2014-11-24 21:34 - 01427968 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-11 22:37 - 2014-11-24 21:34 - 00231936 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-12-11 22:37 - 2014-11-24 21:33 - 01802752 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-11 22:37 - 2014-11-24 21:33 - 00717824 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-12-11 22:37 - 2014-11-24 21:33 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-11 22:37 - 2014-11-24 21:33 - 00421376 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-11 22:37 - 2014-11-24 21:33 - 00142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-11 22:37 - 2014-11-24 21:33 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-11 22:37 - 2014-11-24 21:33 - 00041472 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-12-11 22:37 - 2014-11-24 21:32 - 02382848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-11 22:37 - 2014-11-24 21:32 - 00353792 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-11 22:37 - 2014-11-24 21:32 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-11 22:37 - 2014-11-24 21:32 - 00176640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-11 22:37 - 2014-11-24 21:32 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-11 22:37 - 2014-11-24 21:32 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-12-11 22:37 - 2014-11-24 21:32 - 00010752 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-12-11 22:36 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-11 22:36 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-11 22:36 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-11 22:36 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-11 22:36 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-11 22:36 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-11 22:36 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-11 22:36 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2014-12-11 22:36 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-11 22:36 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-11 22:36 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-11 22:36 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-11 22:36 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-11 22:36 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-11 22:36 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-11 22:36 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-11 22:36 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-11 22:36 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-11 22:36 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-11 22:36 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-11 22:36 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-11 22:36 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-11 22:36 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2014-12-11 22:33 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-11 22:33 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-08 21:29 - 2014-12-08 21:29 - 00000000 ____D () C:\ProgramData\NetDrive2
2014-12-07 23:27 - 2014-12-07 23:27 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-07 23:25 - 2014-12-07 23:25 - 05162080 _____ (Piriform Ltd) C:\Users\JOP\Downloads\ccsetup500.exe
2014-12-07 23:18 - 2014-12-07 23:18 - 02739280 _____ (1&1 Mail & Media GmbH) C:\Users\JOP\Downloads\webde_onlinespeicher_setup.exe
2014-12-07 21:05 - 2014-12-07 21:05 - 00001464 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2014-12-07 21:01 - 2014-12-07 21:03 - 77872808 _____ (Landesfinanzdirektion Thüringen) C:\Users\JOP\Downloads\ElsterFormular-15.3.20141106p.exe
2014-11-29 20:04 - 2014-11-29 20:04 - 00000000 ____D () C:\Users\JOP\Documents\Fax
2014-11-29 20:03 - 2013-12-08 17:43 - 00001097 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 Creator.lnk
2014-11-23 17:09 - 2014-11-23 17:10 - 00000000 ____D () C:\Users\JOP\Documents\FilmScripte
2014-11-23 17:02 - 2014-11-23 22:55 - 00001162 _____ () C:\Users\JOP\Desktop\JOP - Verknüpfung.lnk
2014-11-22 20:58 - 2014-11-22 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-11-19 22:09 - 2014-11-19 22:10 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-11-19 22:09 - 2014-11-19 22:09 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-11-19 22:09 - 2014-11-19 22:09 - 00000000 ____D () C:\Users\JOP\AppData\Roaming\TuneUp Software
2014-11-19 22:09 - 2014-11-19 22:09 - 00000000 ____D () C:\Users\JOP\AppData\Local\TuneUp Software
2014-11-19 22:07 - 2014-11-19 22:15 - 00000000 ____D () C:\Program Files (x86)\Free M4a to MP3 Converter
2014-11-19 22:07 - 2014-11-19 22:15 - 00000000 ____D () C:\Program Files (x86)\File Type Advisor
2014-11-18 21:32 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-18 21:32 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-18 21:32 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-18 21:32 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-11-15 23:29 - 2014-11-15 23:29 - 00000000 ____D () C:\Program Files\Common Files\Common Desktop Agent
2014-11-15 23:28 - 2014-11-15 23:28 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Samsung
2014-11-15 23:28 - 2014-11-15 23:28 - 00000000 ____D () C:\Users\fbwuser\AppData\Roaming\Samsung
2014-11-15 11:16 - 2014-11-15 11:19 - 00000000 ____D () C:\Program Files (x86)\GUM902E.tmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-15 22:28 - 2009-07-14 05:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-15 22:28 - 2009-07-14 05:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-15 22:26 - 2011-08-25 11:35 - 00699682 _____ () C:\windows\system32\perfh007.dat
2014-12-15 22:26 - 2011-08-25 11:35 - 00149790 _____ () C:\windows\system32\perfc007.dat
2014-12-15 22:26 - 2009-07-14 06:13 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-15 22:21 - 2013-05-20 19:55 - 00000000 ___RD () C:\Users\JOP\Google Drive
2014-12-15 22:21 - 2011-08-25 04:16 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-15 22:20 - 2011-08-25 04:18 - 00138177 _____ () C:\windows\system32\fastboot.set
2014-12-15 22:19 - 2012-05-28 18:44 - 01004210 _____ () C:\ndsvc.log
2014-12-15 22:19 - 2011-08-25 04:24 - 02929998 _____ () C:\FaceProv.log
2014-12-15 22:18 - 2011-08-25 04:16 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-15 22:18 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-15 22:16 - 2013-10-14 00:00 - 00000000 ____D () C:\AdwCleaner
2014-12-15 21:44 - 2012-07-03 20:08 - 00000000 ____D () C:\Users\JOP\Desktop\cleaning
2014-12-15 21:38 - 2012-06-24 19:47 - 00001112 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723766367-1274792045-57920043-1001UA.job
2014-12-15 21:32 - 2014-01-26 19:37 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-15 01:47 - 2014-11-04 21:53 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-12-15 01:47 - 2014-08-16 13:14 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-15 01:47 - 2013-08-16 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-15 01:47 - 2012-07-01 10:07 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-15 01:47 - 2012-05-28 13:49 - 00000000 ____D () C:\Users\JOP\AppData\Local\Eraser 6
2014-12-15 01:44 - 2012-05-04 22:00 - 00000000 ____D () C:\Program Files\TrueCrypt
2014-12-15 01:33 - 2014-02-04 23:44 - 00000000 ____D () C:\windows\pss
2014-12-15 01:27 - 2011-08-25 04:24 - 00000000 ____D () C:\ProgramData\VeriFace
2014-12-15 01:03 - 2009-07-14 03:34 - 00000687 _____ () C:\windows\win.ini
2014-12-15 00:45 - 2012-05-28 18:44 - 00000000 ____D () C:\Program Files\NetDrive
2014-12-15 00:43 - 2012-05-04 21:41 - 00000000 ____D () C:\Users\JOP
2014-12-15 00:42 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-12-15 00:33 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
2014-12-14 23:10 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2014-12-14 23:05 - 2012-06-24 19:47 - 00001060 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723766367-1274792045-57920043-1001Core.job
2014-12-14 20:27 - 2012-12-02 15:06 - 00113152 ___SH () C:\Users\JOP\Documents\Thumbs.db
2014-12-12 00:31 - 2014-05-06 22:08 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-12 00:31 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\AppCompat
2014-12-11 23:06 - 2013-08-16 23:50 - 00000000 ____D () C:\windows\system32\MRT
2014-12-11 22:58 - 2012-06-27 19:22 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-11 22:38 - 2012-05-07 14:58 - 00010468 _____ () C:\Users\JOP\AppData\Roaming\SmarThruOptions.xml
2014-12-11 22:16 - 2014-10-12 16:43 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-09 22:32 - 2014-01-26 19:37 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-12-09 22:32 - 2013-03-02 09:23 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 22:32 - 2013-03-02 09:23 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-09 21:50 - 2012-05-04 22:01 - 00000000 ____D () C:\Users\JOP\AppData\Roaming\TrueCrypt
2014-12-08 22:20 - 2012-09-27 22:51 - 00000000 ____D () C:\Users\JOP\Documents\Youcam
2014-12-08 21:44 - 2014-11-08 19:22 - 00000000 ____D () C:\Users\JOP\Desktop\SCAN
2014-12-08 21:36 - 2014-11-06 23:50 - 00000000 ____D () C:\Users\JOP\Documents\Scan
2014-12-08 21:16 - 2014-11-06 23:35 - 00000072 _____ () C:\Users\Public\LMDebug.log
2014-12-07 23:31 - 2013-03-23 21:50 - 00000000 ____D () C:\windows\Minidump
2014-12-07 23:27 - 2012-05-04 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-07 23:27 - 2012-05-04 21:54 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-07 23:20 - 2013-06-30 20:14 - 00000000 ____D () C:\Users\JOP\AppData\Local\WEB.DE Application {sync-000021}
2014-12-07 23:04 - 2012-05-05 20:46 - 00000000 ____D () C:\Users\JOP\AppData\Roaming\Dropbox
2014-12-07 23:03 - 2012-05-05 20:46 - 00000000 ____D () C:\Users\JOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-07 21:05 - 2013-10-08 12:46 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-12-07 17:38 - 2012-11-04 16:55 - 00000000 ____D () C:\Users\JOP\Documents\JOP
2014-12-07 12:10 - 2012-05-04 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-12-07 12:09 - 2012-05-04 22:54 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-11-23 22:37 - 2012-05-05 21:29 - 00000000 ____D () C:\Users\JOP\AppData\Roaming\Skype
2014-11-23 18:41 - 2012-10-28 20:44 - 00000000 ____D () C:\ProgramData\tmp
2014-11-23 12:52 - 2012-09-15 16:13 - 00000000 ____D () C:\Users\JOP\AppData\Roaming\vlc
2014-11-22 20:58 - 2014-08-03 17:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-22 20:58 - 2012-05-05 21:29 - 00000000 ____D () C:\ProgramData\Skype
2014-11-16 16:19 - 2012-11-12 21:09 - 00000000 ____D () C:\Users\JOP\Documents\GARMIN
2014-11-16 11:01 - 2013-02-02 12:26 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-15 23:31 - 2014-11-06 23:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2014-11-15 23:29 - 2014-11-06 23:32 - 00000000 ____D () C:\ProgramData\Samsung
2014-11-15 22:58 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2014-11-15 11:16 - 2011-08-25 04:16 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-15 11:16 - 2011-08-25 04:16 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\JOP\AppData\Local\Temp\avgnt.exe
C:\Users\JOP\AppData\Local\Temp\Quarantine.exe
C:\Users\JOP\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-07 13:19

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

FRST additional ? Hab ich nicht gefunden

Auf Wiedersehen
JOP

schrauber · 16.12.2014, 21:13

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

JOP · 21.12.2014, 15:29

Guten Tag,

es sind keine weiteren Probleme aufgetreten.

hier ESET log.file:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=672ed0eec33b7e4e8b3a51661a5da63d
# engine=21647
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-20 09:17:17
# local_time=2014-12-20 10:17:17 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 10604 163662415 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 30780647 170740087 0 0
# scanned=259868
# found=154
# cleaned=0
# scan_time=9973
sh=C297FC9CA87EFE0A265BABF4C09E341B924BC5B1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-16\44158.crx.vir"
sh=21AF927A0DACEC433BD143A83EAF98E8451CD565 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-16\44158.xpi.vir"
sh=EA8A5C549E7FD2531B3ED07D545226D631823058 ft=1 fh=8724547904ec51d1 vn="Variante von Win32/Toolbar.CrossRider.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-16\LyricsSay-16-bg.exe.vir"
sh=9559F6FE3458F55F0733D9DA88FDC1744D6E3F5D ft=1 fh=c71c0011e57c62f3 vn="Variante von Win32/Toolbar.CrossRider.V evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-16\LyricsSay-16-bho.dll.vir"
sh=8EA14885BB227D078962AD4EE7701598FA98C7CE ft=1 fh=4b65056554b9be50 vn="Variante von Win64/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-16\LyricsSay-16-bho64.dll.vir"
sh=442C1E6FC62EF994314BB8F04B942A85CC7775FC ft=1 fh=c71c0011f64d866a vn="Variante von Win32/Toolbar.CrossRider.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-16\LyricsSay-16-buttonutil.dll.vir"
sh=33CE28C36795486CDEE9816F8D58C5CFB72241D5 ft=1 fh=82fab2e97e8ff8eb vn="Variante von Win32/Toolbar.CrossRider.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-16\LyricsSay-16-buttonutil.exe.vir"
sh=A5A4181EBE6A67A7FA91511B982269E143C6FE22 ft=1 fh=a6fa3a054bc4702d vn="Variante von Win64/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-16\LyricsSay-16-buttonutil64.dll.vir"
sh=3AFF9F7D2AC4591A20403760C8C75FCE228FC001 ft=1 fh=528e0feebbc1a61a vn="Variante von Win64/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-16\LyricsSay-16-buttonutil64.exe.vir"
sh=A55CDA22C69DEC56A0241CA8872AB580D1B25350 ft=1 fh=dfded0cc82cbca54 vn="Variante von Win32/Toolbar.CrossRider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-16\LyricsSay-16-chromeinstaller.exe.vir"
sh=9E525305961F390FF1F4512DD9D6033C55168DFF ft=1 fh=68e522a33f493cb7 vn="Variante von Win32/Toolbar.CrossRider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-16\LyricsSay-16-codedownloader.exe.vir"
sh=77D59D1C898525E32227A2EDEC6E21A4E0D2F81F ft=1 fh=275cdbc31e613de5 vn="Variante von Win32/Toolbar.CrossRider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-16\LyricsSay-16-enabler.exe.vir"
sh=6C954FBE311133300EF19785CDBEC6A922F74DAF ft=1 fh=f049fd34f143ba87 vn="Variante von Win32/Toolbar.CrossRider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-16\LyricsSay-16-firefoxinstaller.exe.vir"
sh=D9A27B7670A86006A2DC0BBF5510C61E1481337B ft=1 fh=cfb3072a1d620199 vn="Variante von Win32/Toolbar.CrossRider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-16\LyricsSay-16-updater.exe.vir"
sh=C339BDB326AD53E7A3A32C4734F4DFAF46350E32 ft=1 fh=a8821c23e3c0d6c0 vn="Win32/Packed.VMDetector.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-16\utils.exe.vir"
sh=57A26C387B2D9ACE6B1456F49A9EB60AEFD8B874 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\32002.crx.vir"
sh=A8963129231E47B780ECB02F276C2841DD602A9B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\32002.xpi.vir"
sh=7A15A61A5A418ADAAB89623FEAF84E23B08BB806 ft=1 fh=7ce459c8d9c51e6d vn="Variante von Win32/Toolbar.CrossRider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe.vir"
sh=108326418F6D9D26A7A016E22B7246BBAB148C37 ft=1 fh=4045259a36fb0c2f vn="Variante von Win32/Toolbar.CrossRider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-firefoxinstaller.exe.vir"
sh=1F08C4166547F9A95C6B36C5D2E2E10579BD1366 ft=1 fh=e4f100e9489a4ea9 vn="Win32/Packed.VMDetector.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\utils.exe.vir"
sh=E21B3507208808596F7FD41C5D637DFE2E8F2FB9 ft=1 fh=5d027b3a7f09e7d3 vn="Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe.vir"
sh=B78410FBC2505058EBC075260692728719B9D2ED ft=1 fh=08cc097d6c7648f2 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\ytd video downloader\ytd_installer.exe.vir"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.14_0\extensionData\plugins\101_cortica_m.js.vir"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.14_0\extensionData\plugins\102_dealply_m.js.vir"
sh=C55A202FEE216E4A5FB843D48CC75DDDBB0C1BE5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.14_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.14_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.14_0\extensionData\plugins\105_corticas_m.js.vir"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.14_0\extensionData\plugins\107_coupish_m.js.vir"
sh=07F6431EB47DB9C74AB0392D7025E1FBB7DEBCE4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.14_0\extensionData\plugins\108_icm_m.js.vir"
sh=8931C4A3E28C60A387C2D6BD62AAE882E7EEB4B4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.14_0\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=F145F1BB3F8BD942AFC979948E10171FD7618EEB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.14_0\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.14_0\extensionData\plugins\119_similar_web_m.js.vir"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.14_0\extensionData\plugins\120_luck_m.js.vir"
sh=B985E49C6E0E423954A36327BE2EA87F0F287145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.14_0\extensionData\plugins\123_intext_adv_m.js.vir"
sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.14_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.14_0\extensionData\plugins\125_arcadi2_m.js.vir"
sh=DE28BC6EB32E9BE0F1B49FD072CB2752B6406232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.14_0\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=ABBB2B3D882FD4FEAEE91557BEDED276666370C3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.14_0\extensionData\plugins\127_revizer_p_m.js.vir"
sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.14_0\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.14_0\extensionData\plugins\129_widdit_m.js.vir"
sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.14_0\extensionData\plugins\135_arcadi3_m.js.vir"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.14_0\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.14_0\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.14_0\extensionData\plugins\142_intext_fa_m.js.vir"
sh=5925EABD04108D9E7E0BF8A0ECBAEC38DE8BFFEC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.14_0\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=A1EDC3417EC0ACCE0AA4152FE6BCF6E77F520599 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.14_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=18C46AE5CB67274764D17F8A40975EEB5C67F795 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.14_0\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=3A3ECFE1A94B59A3BB1E1296A2122CCC0FFE82EC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.14_0\extensionData\plugins\170_icm1_5_m.js.vir"
sh=81C3B657563171D65FE42C52872ECF8EB7924C86 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.14_0\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=FAD5F9E3F4DA8ED3ACC760906893EC897A53D622 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.14_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir"
sh=4E5B8A8330F3EDB3D0FEBB9B81E108EA09F44FD8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.14_0\extensionData\plugins\175_coolmirage_m.js.vir"
sh=92DD07C2421C2C5A4996E399DB6707B4707488F7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.14_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.14_0\extensionData\plugins\92_superfish_m.js.vir"
sh=543DE9DC0BE89820EDA9EE328FECAE10831BFBC0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhhdakpodeopjboaakapkhakhlbmlfd\1.25.14_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.86_0\extensionData\plugins\101_cortica_m.js.vir"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.86_0\extensionData\plugins\102_dealply_m.js.vir"
sh=17F6E2411B6C3A285257D050832B0890BBEC046F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.86_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.86_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.86_0\extensionData\plugins\105_corticas_m.js.vir"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.86_0\extensionData\plugins\107_coupish_m.js.vir"
sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.86_0\extensionData\plugins\108_icm_m.js.vir"
sh=F0D9BB17EC343592F74C53A4E3E5E460B90DD3E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.86_0\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=DFB11E05B62F57EDA18112BC002C17EAFD79BEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.86_0\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.86_0\extensionData\plugins\119_similar_web_m.js.vir"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.86_0\extensionData\plugins\120_luck_m.js.vir"
sh=B985E49C6E0E423954A36327BE2EA87F0F287145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.86_0\extensionData\plugins\123_intext_adv_m.js.vir"
sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.86_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.86_0\extensionData\plugins\125_arcadi2_m.js.vir"
sh=C6936530686054A048C83CF221AE9CF15430256E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.86_0\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=FBCA935E295A6F9DD0A6118DAE63ADB15EC5F2DD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.86_0\extensionData\plugins\127_revizer_p_m.js.vir"
sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.86_0\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.86_0\extensionData\plugins\129_widdit_m.js.vir"
sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.86_0\extensionData\plugins\135_arcadi3_m.js.vir"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.86_0\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.86_0\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.86_0\extensionData\plugins\142_intext_fa_m.js.vir"
sh=5925EABD04108D9E7E0BF8A0ECBAEC38DE8BFFEC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.86_0\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=A28CB6571CE8071F7AC0A6BA249259A684E96292 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.86_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=18C46AE5CB67274764D17F8A40975EEB5C67F795 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.86_0\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=83049A36E01F304F22C9A582B5826457E2B8BF0F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.86_0\extensionData\plugins\170_icm1_5_m.js.vir"
sh=81C3B657563171D65FE42C52872ECF8EB7924C86 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.86_0\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=FAD5F9E3F4DA8ED3ACC760906893EC897A53D622 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.86_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir"
sh=92DD07C2421C2C5A4996E399DB6707B4707488F7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.86_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.86_0\extensionData\plugins\92_superfish_m.js.vir"
sh=5CFBC7AED79FF8B602282A33D42FC9102DA53294 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.86_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=58C3F42D04D646EB15C73F8558B7A6FC8CE26A8C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.98_0\extensionData\plugins\101_cortica_m.js.vir"
sh=369E0570D8284B62130829FEAA58CF7549D37B77 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.98_0\extensionData\plugins\102_dealply_m.js.vir"
sh=FC28D62EDB6C0C353E97185BB4B6DC87F5EDED14 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.98_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=FE775821297F89614F92855C4A4FF790E918D91E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.98_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=0B21E41A47E579081215969619861996F43524B1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.98_0\extensionData\plugins\105_corticas_m.js.vir"
sh=A7499156AD57FA5B388C06DBB5C4290830E0C76F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.98_0\extensionData\plugins\107_coupish_m.js.vir"
sh=0C73DFF84107BBD9D48873EEEEB9D06434C08DB2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.98_0\extensionData\plugins\108_icm_m.js.vir"
sh=6EF5B1448DE7B0A1263E32EBA7DC2AFE502C8FB4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.98_0\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=7F7359D9F0900191297BFDF5B85D5CDF588CD9EA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.98_0\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=FE3704EEF2BFB9DCA552518E7AEC9D6AFC1ED15C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.98_0\extensionData\plugins\119_similar_web_m.js.vir"
sh=1A9BCED07CCAC5AABE7F80BB199360D125E6F268 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.98_0\extensionData\plugins\120_luck_m.js.vir"
sh=0CE44D7F4F3469C96749E6220CA51CB96B0CFA1F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.98_0\extensionData\plugins\123_intext_adv_m.js.vir"
sh=B0DF9F21E3E69C188775A6F9C466B19932C9238A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.98_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=D295E3F253D0942BD3114F61DEF5D78DD0FC5BFB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.98_0\extensionData\plugins\125_arcadi2_m.js.vir"
sh=42038488433BD2EDA15729B41E640063BA73498F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.98_0\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=5E8BD66A546A7B973A0EB199D9B0579B386571A1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.98_0\extensionData\plugins\127_revizer_p_m.js.vir"
sh=28ECD06AF56EB424F74BB63563BC79E57C15C2D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.98_0\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=05480BD17A63333789D1E425879FBF083C177A99 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.98_0\extensionData\plugins\129_widdit_m.js.vir"
sh=BB2946641B9FEB2F76D281220A52220336E454E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.98_0\extensionData\plugins\135_arcadi3_m.js.vir"
sh=8BD506BDCB470B73FE581B4DA1769AD9FBCAF0D8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.98_0\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.98_0\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.98_0\extensionData\plugins\142_intext_fa_m.js.vir"
sh=943F60E8E3F306CF4EE6E844D06FAC7552EE1856 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.98_0\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=57BEA512DC282A65B570E4AA967C32B5FDE9F8FA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.98_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=441E98540BDEC21B7E534C2B317AE91925F6CEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.98_0\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=C8B01A1511A63AEC3D40B1D045034D76B1E85EFD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.98_0\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=078C314715CCC0DE7547172AD4B810FD754115C6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.98_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir"
sh=BFC63EDA305E7C49CEC0E46C8007EE2AE61C2CFC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.98_0\extensionData\plugins\175_coolmirage_m.js.vir"
sh=5F529B04C168DB005F6CCD2FAC411E70EABBE917 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.98_0\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir"
sh=7B8FEA3BDDE03D052148BF762F99140DEA075946 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.98_0\extensionData\plugins\179_revizer_p_dynamic_m.js.vir"
sh=92DD07C2421C2C5A4996E399DB6707B4707488F7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.98_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.98_0\extensionData\plugins\92_superfish_m.js.vir"
sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.98_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=99F97AD369E8621AB4D17DF53E80E60FEE99C727 ft=1 fh=42567613b862d846 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\101_cortica_m.js.vir"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\102_dealply_m.js.vir"
sh=C55A202FEE216E4A5FB843D48CC75DDDBB0C1BE5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\103_intext_5_m.js.vir"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\104_jollywallet_m.js.vir"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\105_corticas_m.js.vir"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\107_coupish_m.js.vir"
sh=07F6431EB47DB9C74AB0392D7025E1FBB7DEBCE4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\108_icm_m.js.vir"
sh=8931C4A3E28C60A387C2D6BD62AAE882E7EEB4B4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=F145F1BB3F8BD942AFC979948E10171FD7618EEB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\119_similar_web_m.js.vir"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\120_luck_m.js.vir"
sh=B985E49C6E0E423954A36327BE2EA87F0F287145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\123_intext_adv_m.js.vir"
sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\125_arcadi2_m.js.vir"
sh=DE28BC6EB32E9BE0F1B49FD072CB2752B6406232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=ABBB2B3D882FD4FEAEE91557BEDED276666370C3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\127_revizer_p_m.js.vir"
sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\129_widdit_m.js.vir"
sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\135_arcadi3_m.js.vir"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\142_intext_fa_m.js.vir"
sh=5925EABD04108D9E7E0BF8A0ECBAEC38DE8BFFEC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=A1EDC3417EC0ACCE0AA4152FE6BCF6E77F520599 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=18C46AE5CB67274764D17F8A40975EEB5C67F795 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=3A3ECFE1A94B59A3BB1E1296A2122CCC0FFE82EC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\170_icm1_5_m.js.vir"
sh=81C3B657563171D65FE42C52872ECF8EB7924C86 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=FAD5F9E3F4DA8ED3ACC760906893EC897A53D622 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir"
sh=4E5B8A8330F3EDB3D0FEBB9B81E108EA09F44FD8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\175_coolmirage_m.js.vir"
sh=92DD07C2421C2C5A4996E399DB6707B4707488F7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\92_superfish_m.js.vir"
sh=543DE9DC0BE89820EDA9EE328FECAE10831BFBC0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\Extensions\f7926b91-8f4c-40c2-919d-101d71251081@b6001269-bdb7-41fd-ac74-ffc0e92f20b9.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=BE34EAE683470FB2F2E69BAEA7F9B1EEC58E73A2 ft=0 fh=0000000000000000 vn="JS/Adware.Spigot.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\Extensions\savingsslider@mybrowserbar.com\chrome\content\spigot.js.vir"
sh=311437CF4EC68FC9E3F298BBF883F8D286FB793C ft=1 fh=6d2ccfecc66b253f vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JOP\AppData\Roaming\OpenCandy\1BD774B94DF2443B8C45E53342954BA9\13443.exe.vir"
sh=8CE1C6F5413318BD6D14A442239AE6495F9008F8 ft=1 fh=7c64a6004741fe19 vn="Variante von Win32/InstallShare.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\JOP\Downloads\amrtomp3converter_setup.exe"

hier security check

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Java 7 Update 55  
 Java version 32-bit out of Date! 
  Adobe Flash Player 15.0.0.246 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox 29.0.1 Firefox out of Date!  
 Mozilla Thunderbird (24.6.0) 
 Google Chrome (39.0.2171.71) 
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

Alles scheint gut zu laufen.
FRST kommt gleich

Vielen Dank

JOP

JOP · 21.12.2014, 15:31

Hi,

jetzt kommen noch die FRSTs:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-12-2014 01
Ran by JOP (administrator) on JOP-PC on 21-12-2014 15:10:49
Running from C:\Users\JOP\Desktop\cleaning
Loaded Profiles: UpdatusUser & JOP (Available profiles: UpdatusUser & JOP)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Bdrive Inc.) C:\Program Files\NetDrive\ndsvc.exe
() C:\Windows\SysWOW64\NMSAccess32.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SmarThru Office\x64\LegacyLauncher.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Mirko Böer) C:\Program Files (x86)\AmP\AmP.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\JOP\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2712360 2011-03-24] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-08-25] (Lenovo)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789920 2011-08-25] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9745312 2011-08-25] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5374880 2011-08-25] (Lenovo(beijing) Limited)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [336384 2009-12-28] (Lenovo)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2010-09-27] (Vimicro)
HKLM-x32\...\Run: [STO Launcher Service] => C:\Program Files (x86)\SmarThru Office\x64\LegacyLauncher.exe [405624 2012-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2723766367-1274792045-57920043-1000\...\Run: [FactoryTest] => C:\Windows\Test.bat
HKU\S-1-5-21-2723766367-1274792045-57920043-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-08-25] (Google Inc.)
HKU\S-1-5-21-2723766367-1274792045-57920043-1000\...\Run: [Power2GoExpress] => NA
HKU\S-1-5-21-2723766367-1274792045-57920043-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-2723766367-1274792045-57920043-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-2723766367-1274792045-57920043-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-2723766367-1274792045-57920043-1001\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2012-05-04] (TrueCrypt Foundation)
HKU\S-1-5-21-2723766367-1274792045-57920043-1001\...\Run: [Samsung Drive Manager] => C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe [5798008 2012-05-11] (Clarus, Inc.)
HKU\S-1-5-21-2723766367-1274792045-57920043-1001\...\RunOnce: [Adobe Speed Launcher] => 1419169310
HKU\S-1-5-21-2723766367-1274792045-57920043-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [226920 2011-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [192616 2011-03-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk
ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (Samsung Electronics Co., Ltd.)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140831174457455.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140831174457455.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140831174457455.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140831174457455.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140831174457455.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140831174457455.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140831174457455.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140831174457455.dll (1&1 Mail & Media GmbH)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2723766367-1274792045-57920043-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2723766367-1274792045-57920043-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.lenovo.com
HKU\S-1-5-21-2723766367-1274792045-57920043-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-2723766367-1274792045-57920043-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2723766367-1274792045-57920043-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2723766367-1274792045-57920043-1001 -> {74216CC7-FD64-4645-B276-EC3DCFDD23E1} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2723766367-1274792045-57920043-1001 -> {E9DB9E7B-A275-41D1-8158-D0423FBEBDEB} URL = hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&cof=&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
Toolbar: HKLM-x32 - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2723766367-1274792045-57920043-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2723766367-1274792045-57920043-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\JOP\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2723766367-1274792045-57920043-1001: @talk.google.com/O1DPlugin -> C:\Users\JOP\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2723766367-1274792045-57920043-1001: @tools.google.com/Google Update;version=3 -> C:\Users\JOP\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2723766367-1274792045-57920043-1001: @tools.google.com/Google Update;version=9 -> C:\Users\JOP\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\JOP\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\JOP\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\searchplugins\yahoo_ff.xml
FF Extension: Avira Browser Safety - C:\Users\JOP\AppData\Roaming\Mozilla\Firefox\Profiles\dehvhf1a.default\Extensions\abs@avira.com [2014-08-31]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-08-31]

Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Send using Gmailâ„¢ (no button)) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahldefgplekckalfcolhhnljbbgaiboc [2012-05-07]
CHR Extension: (Google Drive) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (Adblock Plus) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-10-31]
CHR Extension: (Google Kalender) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2012-05-07]
CHR Extension: (Avira Browserschutz) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-20]
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2012-06-05]
CHR Extension: (Google Kalender (von Google)) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2012-05-07]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-08]
CHR Extension: (Boomerang for Gmail) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2014-12-07]
CHR Extension: (Google Mail-Checker) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-04-21]
CHR Extension: (Hangouts) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2013-04-21]
CHR Extension: (Webutation) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfclfmabiojpommfcalfdgjjeaahnjbj [2013-09-15]
CHR Extension: (Google Wallet) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2012-05-07]
CHR Profile: C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4
CHR Extension: (Google Präsentationen) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-09]
CHR Extension: (Google Docs) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-09]
CHR Extension: (Google Drive) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-09]
CHR Extension: (YouTube) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-09]
CHR Extension: (Google-Suche) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-09]
CHR Extension: (Google Tabellen) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-09]
CHR Extension: (Avira Browserschutz) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-09]
CHR Extension: (Skype Click to Call) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-12-09]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-09]
CHR Extension: (Google Wallet) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-09]
CHR Extension: (Google Mail) - C:\Users\JOP\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-09]
CHR HKU\S-1-5-21-2723766367-1274792045-57920043-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\JOP\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-20]
CHR HKU\S-1-5-21-2723766367-1274792045-57920043-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-20] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953632 2010-12-14] (Broadcom Corporation.)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [441176 2014-08-27] (Garmin Ltd or its subsidiaries)
R2 ndsvc; C:\Program Files\NetDrive\ndsvc.exe [2789376 2013-03-01] (Bdrive Inc.) [File not signed]
R2 NMSAccess; C:\windows\SysWOW64\NMSAccess32.exe [71096 2009-01-12] ()
R2 Samsung Network Fax Server; C:\windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [508464 2013-07-01] (Samsung Electronics Co., Ltd.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 SZDrvSvc; C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe [19456 2012-05-11] (Clarus, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-30] (Avira Operations GmbH & Co. KG)
S2 DgiVecp; C:\windows\system32\Drivers\DgiVecp.sys [53816 2009-10-06] (Samsung Electronics Co., Ltd.)
R3 mdf16; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [22336 2011-03-23] ()
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [632616 2012-09-20] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [25000 2012-09-20] (DiBcom S.A.)
R3 mvd23; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [101184 2011-05-19] ()
S3 ndfs; C:\Program Files\NetDrive\ndfs.sys [63712 2013-02-01] (Bdrive Inc.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
R4 truecrypt; C:\Program Files\TrueCrypt\truecrypt-x64.sys [231376 2012-05-04] (TrueCrypt Foundation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [228224 2010-09-27] (Vimicro Corporation)
R3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-09-27] (Vimicro Corporation)
U3 BcmSqlStartupSvc; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
S2 Dokan_NetDrive2; \??\C:\Program Files\NetDrive2\dokan.sys [X]
U2 DriverService; No ImagePath
U2 IAStorDataMgrSvc; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
U2 Stereo Service; No ImagePath
S1 Vsdatant; system32\DRIVERS\vsdatant.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-21 15:05 - 2014-12-21 15:05 - 00852505 _____ () C:\Users\JOP\Downloads\SecurityCheck.exe
2014-12-21 14:42 - 2014-12-21 14:42 - 00000000 ____D () C:\Users\JOP\AppData\Local\CrashRpt
2014-12-20 19:26 - 2014-12-20 19:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-20 19:25 - 2014-12-20 19:26 - 02347384 _____ (ESET) C:\Users\JOP\Downloads\esetsmartinstaller_deu.exe
2014-12-15 22:31 - 2014-12-15 22:31 - 00056571 _____ () C:\Users\JOP\Desktop\FRST.txt
2014-12-15 22:29 - 2014-12-15 22:29 - 00000000 ____D () C:\Users\JOP\Downloads\FRST-OlderVersion
2014-12-15 22:28 - 2014-12-15 22:28 - 00000752 _____ () C:\Users\JOP\Desktop\JRT.txt
2014-12-15 22:24 - 2014-12-15 22:24 - 00000000 ____D () C:\windows\ERUNT
2014-12-15 22:21 - 2014-12-15 22:21 - 00001962 _____ () C:\Users\JOP\Desktop\AdwCleaner[S8].txt
2014-12-15 22:11 - 2014-12-15 22:11 - 00003616 _____ () C:\Users\JOP\Desktop\mbam.txt
2014-12-15 21:40 - 2014-12-15 21:40 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-15 21:40 - 2014-12-15 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-15 21:40 - 2014-12-15 21:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-15 21:40 - 2014-12-15 21:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-15 21:40 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-12-15 21:40 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-12-15 21:40 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-12-15 21:37 - 2014-12-15 21:38 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\JOP\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-15 01:45 - 2014-12-15 01:47 - 00001376 _____ () C:\Users\JOP\Desktop\TrueCrypt.exe.lnk
2014-12-15 00:48 - 2014-12-15 00:48 - 00000002 _____ () C:\MyDrive1GB.log
2014-12-15 00:43 - 2014-12-15 00:43 - 00003226 _____ () C:\windows\System32\Tasks\SidebarExecute
2014-12-15 00:43 - 2014-12-15 00:43 - 00000000 ____D () C:\Users\JOP\My Vaults
2014-12-15 00:42 - 2014-12-15 00:42 - 00037139 _____ () C:\ComboFix.txt
2014-12-15 00:00 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2014-12-15 00:00 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2014-12-15 00:00 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-12-15 00:00 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-12-15 00:00 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-12-15 00:00 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2014-12-15 00:00 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2014-12-15 00:00 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2014-12-14 23:53 - 2014-12-15 00:42 - 00000000 ____D () C:\Qoobox
2014-12-14 23:49 - 2014-12-15 00:36 - 00000000 ____D () C:\windows\erdnt
2014-12-14 21:36 - 2014-12-14 21:36 - 00048243 _____ () C:\Users\JOP\Downloads\Addition.txt
2014-12-14 21:33 - 2014-12-15 22:41 - 00056658 _____ () C:\Users\JOP\Downloads\FRST.txt
2014-12-14 21:32 - 2014-12-14 21:32 - 00005354 _____ () C:\Users\JOP\JOPAirports.kmz
2014-12-14 21:22 - 2014-12-14 21:22 - 00001551 _____ () C:\Users\JOP\Desktop\Programs - Verknüpfung.lnk
2014-12-14 21:06 - 2014-12-21 15:10 - 00000000 ____D () C:\FRST
2014-12-14 20:57 - 2014-12-14 20:57 - 02166272 _____ () C:\Users\JOP\Downloads\adwcleaner_4.105 (1).exe
2014-12-14 20:51 - 2014-12-20 19:11 - 00006660 _____ () C:\windows\PFRO.log
2014-12-14 20:47 - 2014-12-14 20:47 - 02166272 _____ () C:\Users\JOP\Downloads\adwcleaner_4.105.exe
2014-12-14 20:14 - 2014-12-21 14:38 - 00116310 _____ () C:\windows\WindowsUpdate.log
2014-12-14 20:10 - 2014-12-21 14:29 - 00000560 _____ () C:\windows\setupact.log
2014-12-14 20:10 - 2014-12-14 20:10 - 00000000 _____ () C:\windows\setuperr.log
2014-12-12 00:31 - 2014-12-12 00:31 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-11 22:56 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-11 22:56 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-11 22:56 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-12-11 22:56 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2014-12-11 22:56 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2014-12-11 22:56 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2014-12-11 22:56 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2014-12-11 22:56 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2014-12-11 22:56 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2014-12-11 22:56 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2014-12-11 22:37 - 2014-11-24 23:12 - 17874432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-11 22:37 - 2014-11-24 22:59 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-12-11 22:37 - 2014-11-24 22:54 - 10921984 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-11 22:37 - 2014-11-24 22:53 - 02339840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-11 22:37 - 2014-11-24 22:47 - 01392128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-11 22:37 - 2014-11-24 22:47 - 01388032 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-11 22:37 - 2014-11-24 22:45 - 01494016 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-11 22:37 - 2014-11-24 22:45 - 00237056 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-12-11 22:37 - 2014-11-24 22:45 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-11 22:37 - 2014-11-24 22:44 - 02157056 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-11 22:37 - 2014-11-24 22:44 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-12-11 22:37 - 2014-11-24 22:44 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-11 22:37 - 2014-11-24 22:44 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-11 22:37 - 2014-11-24 22:44 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-11 22:37 - 2014-11-24 22:44 - 00282112 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-11 22:37 - 2014-11-24 22:44 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-11 22:37 - 2014-11-24 22:44 - 00055296 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-12-11 22:37 - 2014-11-24 22:44 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-12-11 22:37 - 2014-11-24 22:43 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-11 22:37 - 2014-11-24 22:43 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-11 22:37 - 2014-11-24 22:43 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-12-11 22:37 - 2014-11-24 22:42 - 00248320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-11 22:37 - 2014-11-24 21:44 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2014-12-11 22:37 - 2014-11-24 21:41 - 12369920 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-11 22:37 - 2014-11-24 21:40 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-11 22:37 - 2014-11-24 21:37 - 09740800 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-11 22:37 - 2014-11-24 21:35 - 01139712 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-11 22:37 - 2014-11-24 21:35 - 01129472 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-11 22:37 - 2014-11-24 21:34 - 01427968 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-11 22:37 - 2014-11-24 21:34 - 00231936 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-12-11 22:37 - 2014-11-24 21:33 - 01802752 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-11 22:37 - 2014-11-24 21:33 - 00717824 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-12-11 22:37 - 2014-11-24 21:33 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-11 22:37 - 2014-11-24 21:33 - 00421376 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-11 22:37 - 2014-11-24 21:33 - 00142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-11 22:37 - 2014-11-24 21:33 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-11 22:37 - 2014-11-24 21:33 - 00041472 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-12-11 22:37 - 2014-11-24 21:32 - 02382848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-11 22:37 - 2014-11-24 21:32 - 00353792 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-11 22:37 - 2014-11-24 21:32 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-11 22:37 - 2014-11-24 21:32 - 00176640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-11 22:37 - 2014-11-24 21:32 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-11 22:37 - 2014-11-24 21:32 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-12-11 22:37 - 2014-11-24 21:32 - 00010752 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-12-11 22:36 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-11 22:36 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-11 22:36 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-11 22:36 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-11 22:36 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-11 22:36 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-11 22:36 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-11 22:36 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2014-12-11 22:36 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-11 22:36 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-11 22:36 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-11 22:36 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-11 22:36 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-11 22:36 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-11 22:36 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-11 22:36 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-11 22:36 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-11 22:36 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-11 22:36 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-11 22:36 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-11 22:36 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-11 22:36 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-11 22:36 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2014-12-11 22:33 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-11 22:33 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-08 21:29 - 2014-12-08 21:29 - 00000000 ____D () C:\ProgramData\NetDrive2
2014-12-07 23:27 - 2014-12-07 23:27 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-07 23:25 - 2014-12-07 23:25 - 05162080 _____ (Piriform Ltd) C:\Users\JOP\Downloads\ccsetup500.exe
2014-12-07 23:18 - 2014-12-07 23:18 - 02739280 _____ (1&1 Mail & Media GmbH) C:\Users\JOP\Downloads\webde_onlinespeicher_setup.exe
2014-12-07 21:05 - 2014-12-07 21:05 - 00001464 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2014-12-07 21:01 - 2014-12-07 21:03 - 77872808 _____ (Landesfinanzdirektion Thüringen) C:\Users\JOP\Downloads\ElsterFormular-15.3.20141106p.exe
2014-11-29 20:04 - 2014-11-29 20:04 - 00000000 ____D () C:\Users\JOP\Documents\Fax
2014-11-29 20:03 - 2013-12-08 17:43 - 00001097 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 Creator.lnk
2014-11-23 17:09 - 2014-11-23 17:10 - 00000000 ____D () C:\Users\JOP\Documents\FilmScripte
2014-11-23 17:02 - 2014-11-23 22:55 - 00001162 _____ () C:\Users\JOP\Desktop\JOP - Verknüpfung.lnk
2014-11-22 20:58 - 2014-11-22 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-21 15:10 - 2012-07-03 20:08 - 00000000 ____D () C:\Users\JOP\Desktop\cleaning
2014-12-21 14:50 - 2011-08-25 11:35 - 00699682 _____ () C:\windows\system32\perfh007.dat
2014-12-21 14:50 - 2011-08-25 11:35 - 00149790 _____ () C:\windows\system32\perfc007.dat
2014-12-21 14:50 - 2009-07-14 06:13 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-21 14:39 - 2012-06-24 19:47 - 00001112 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723766367-1274792045-57920043-1001UA.job
2014-12-21 14:39 - 2009-07-14 05:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-21 14:39 - 2009-07-14 05:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-21 14:32 - 2014-01-26 19:37 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-21 14:32 - 2013-05-20 19:55 - 00000000 ___RD () C:\Users\JOP\Google Drive
2014-12-21 14:30 - 2012-05-28 18:44 - 01005308 _____ () C:\ndsvc.log
2014-12-21 14:30 - 2011-08-25 04:24 - 02937775 _____ () C:\FaceProv.log
2014-12-21 14:30 - 2011-08-25 04:18 - 00137891 _____ () C:\windows\system32\fastboot.set
2014-12-21 14:30 - 2011-08-25 04:16 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-21 14:29 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-21 00:40 - 2011-08-25 04:16 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-20 22:38 - 2012-06-24 19:47 - 00001060 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723766367-1274792045-57920043-1001Core.job
2014-12-20 19:21 - 2012-05-04 22:00 - 00000000 ____D () C:\Program Files\TrueCrypt
2014-12-20 19:11 - 2009-07-14 06:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-12-15 22:16 - 2013-10-14 00:00 - 00000000 ____D () C:\AdwCleaner
2014-12-15 01:47 - 2014-11-04 21:53 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-12-15 01:47 - 2014-08-16 13:14 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-15 01:47 - 2013-08-16 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-15 01:47 - 2012-07-01 10:07 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-15 01:47 - 2012-05-28 13:49 - 00000000 ____D () C:\Users\JOP\AppData\Local\Eraser 6
2014-12-15 01:33 - 2014-02-04 23:44 - 00000000 ____D () C:\windows\pss
2014-12-15 01:27 - 2011-08-25 04:24 - 00000000 ____D () C:\ProgramData\VeriFace
2014-12-15 01:03 - 2009-07-14 03:34 - 00000687 _____ () C:\windows\win.ini
2014-12-15 00:45 - 2012-05-28 18:44 - 00000000 ____D () C:\Program Files\NetDrive
2014-12-15 00:43 - 2012-05-04 21:41 - 00000000 ____D () C:\Users\JOP
2014-12-15 00:42 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-12-15 00:33 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
2014-12-14 23:10 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2014-12-14 20:27 - 2012-12-02 15:06 - 00113152 ___SH () C:\Users\JOP\Documents\Thumbs.db
2014-12-12 00:31 - 2014-05-06 22:08 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-12 00:31 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\AppCompat
2014-12-11 23:06 - 2013-08-16 23:50 - 00000000 ____D () C:\windows\system32\MRT
2014-12-11 22:58 - 2012-06-27 19:22 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-11 22:38 - 2012-05-07 14:58 - 00010468 _____ () C:\Users\JOP\AppData\Roaming\SmarThruOptions.xml
2014-12-11 22:16 - 2014-10-12 16:43 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-09 22:32 - 2014-01-26 19:37 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-12-09 22:32 - 2013-03-02 09:23 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 22:32 - 2013-03-02 09:23 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-09 21:50 - 2012-05-04 22:01 - 00000000 ____D () C:\Users\JOP\AppData\Roaming\TrueCrypt
2014-12-08 22:20 - 2012-09-27 22:51 - 00000000 ____D () C:\Users\JOP\Documents\Youcam
2014-12-08 21:44 - 2014-11-08 19:22 - 00000000 ____D () C:\Users\JOP\Desktop\SCAN
2014-12-08 21:36 - 2014-11-06 23:50 - 00000000 ____D () C:\Users\JOP\Documents\Scan
2014-12-08 21:16 - 2014-11-06 23:35 - 00000072 _____ () C:\Users\Public\LMDebug.log
2014-12-07 23:31 - 2013-03-23 21:50 - 00000000 ____D () C:\windows\Minidump
2014-12-07 23:27 - 2012-05-04 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-07 23:27 - 2012-05-04 21:54 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-07 23:20 - 2013-06-30 20:14 - 00000000 ____D () C:\Users\JOP\AppData\Local\WEB.DE Application {sync-000021}
2014-12-07 23:04 - 2012-05-05 20:46 - 00000000 ____D () C:\Users\JOP\AppData\Roaming\Dropbox
2014-12-07 23:03 - 2012-05-05 20:46 - 00000000 ____D () C:\Users\JOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-07 21:05 - 2013-10-08 12:46 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-12-07 17:38 - 2012-11-04 16:55 - 00000000 ____D () C:\Users\JOP\Documents\JOP
2014-12-07 12:10 - 2012-05-04 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-12-07 12:09 - 2012-05-04 22:54 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-11-23 22:37 - 2012-05-05 21:29 - 00000000 ____D () C:\Users\JOP\AppData\Roaming\Skype
2014-11-23 18:41 - 2012-10-28 20:44 - 00000000 ____D () C:\ProgramData\tmp
2014-11-23 12:52 - 2012-09-15 16:13 - 00000000 ____D () C:\Users\JOP\AppData\Roaming\vlc
2014-11-22 20:58 - 2014-08-03 17:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-22 20:58 - 2012-05-05 21:29 - 00000000 ____D () C:\ProgramData\Skype

Some content of TEMP:
====================
C:\Users\JOP\AppData\Local\Temp\avgnt.exe
C:\Users\JOP\AppData\Local\Temp\Quarantine.exe
C:\Users\JOP\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-20 22:34

==================== End Of Log ============================

--- --- ---

--- --- ---

und FRST add

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2014 01
Ran by JOP at 2014-12-21 15:12:18
Running from C:\Users\JOP\Desktop\cleaning
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AllDup 3.4.24 (HKLM-x32\...\AllDup_is1) (Version: 3.4.24 - Michael Thummerer Software Design)
AMR to MP3 Converter 1.4 (HKLM-x32\...\{C615B4A6-DDE8-4325-BCF8-E53E913D95E9}_is1) (Version:  - amrtomp3converter.com)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Any Video Converter 5.6.6 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Arizona Topo Map (HKLM-x32\...\Arizona Topo) (Version: 2.11 - GPSFileDepot.com)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
Atheros Client Installation Program (HKLM-x32\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Benutzerhandbuch (x32 Version: 1.0.0.6 - Lenovo) Hidden
Benutzerhandbuch anzeigen (HKLM-x32\...\View User Guide) (Version: 3.60.30 - )
calibre 64bit (HKLM\...\{16B9E87F-260D-4FA9-B3ED-7049655C2E31}) (Version: 1.33.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
cGPSmapper Free 0100d (HKLM-x32\...\cGPSmapper Free_is1) (Version:  - cGPSmapper)
Cinergy DT USB XS Diversity (MKII) V3.12.00.00a (HKLM-x32\...\Cinergy DT USB XS Diversity (MKII)) (Version: 3.12.00.00a - )
Cinergy DT USB XS Diversity V3.12.00.00a (HKLM-x32\...\Cinergy DT USB XS Diversity) (Version: 3.12.00.00a - )
COLORADO TOPO 2011 (HKLM-x32\...\cotopo11) (Version:  - )
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Desert Southwest Topo (HKLM-x32\...\DesertSouthwest) (Version:  - )
Designer 2.0 (HKLM-x32\...\Designer 2.0_is1) (Version: 7.9.3 - Fomanu AG)
Dropbox (HKU\S-1-5-21-2723766367-1274792045-57920043-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
EasyCash&Tax 2.14 (HKLM-x32\...\EasyCash&Tax_is1) (Version:  - tm)
Elevated Installer (x32 Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
Elster-Export 1.14 (HKLM-x32\...\Elster-Export Plugin für EasyCash&Tax_is1) (Version:  - tm)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.1.6 - Lenovo)
Energy Management (x32 Version: 6.0.1.6 - Lenovo) Hidden
EPS Viewer (HKLM-x32\...\{32E05824-A0AC-4DFE-B965-5F52C28FBE9F}_is1) (Version:  - IdeaMK)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Evernote v. 4.6.5 (HKLM-x32\...\{F47455A0-B827-11E2-870C-984BE15F174E}) (Version: 4.6.5.8353 - Evernote Corp.)
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Foto-Mosaik-Edda Standard V6.7.12231.1 (HKLM-x32\...\{A2D6ECD0-7E52-42B7-9236-DB2951436616}_is1) (Version:  - Steffen Schirmer)
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Garmin BaseCamp (HKLM-x32\...\{BC8E822D-0C54-4426-B7D3-876CFC47EFEC}) (Version: 4.4.4 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{13F054F3-0B07-4D15-9E80-C55B496AB557}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{22939821-cd61-449c-8a03-cff0af03c156}) (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin MapInstall (HKLM-x32\...\{0FBAFFD8-BCBA-4631-97E8-433DE7D1D753}) (Version: 4.0.1 - Garmin Ltd or its subsidiaries)
Garmin Training Center (HKLM-x32\...\{7D542452-84EB-47C0-97BA-735C523AB555}) (Version: 3.6.5 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
GMapTool 0.8.143 (HKLM-x32\...\{1873789F-59D5-4002-8A2F-60A827B78F98}_is1) (Version:  - AP)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
GPSBabel 1.4.3 (HKLM-x32\...\{1B8FE958-A304-4902-BF7A-4E2F0F5B7017}_is1) (Version:  - GPSBabel)
GSview 5.0 (HKLM-x32\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 3.2.2 - Kobo Inc.)
LAV Filters 0.53.2 (HKLM-x32\...\lavfilters_is1) (Version: 0.53.2 - Hendrik Leppkes)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7400 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.10.1201.1 - Vimicro)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.5 - Lenovo)
Lenovo Games Console (HKLM-x32\...\Lenovo Games Console) (Version: 1.2.6.436 - Oberon Media Inc.)
Lenovo MuteSync (HKLM-x32\...\InstallShield_{C39EF9B4-0C4F-4D48-8665-8FD45BFF3961}) (Version: 1.0.0.3 - Lenovo)
Lenovo MuteSync (x32 Version: 1.0.0.3 - Lenovo) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3603 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3603 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NetDrive (HKLM-x32\...\NetDrive) (Version: 1.3.2.0 - Bdrive Inc.)
New Mexico Topo Map (HKLM-x32\...\New Mexico Topo) (Version: 1.50 - GPSFileDepot.com)
Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden
Nokia Software Updater (HKLM-x32\...\{7130468A-F53F-4698-8C09-A339EA3B05E6}) (Version: 3.0.655 - Nokia Corporation)
NVIDIA Grafiktreiber 267.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.53 - NVIDIA Corporation)
OLYMPUS Digital Camera Updater (HKLM-x32\...\{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}) (Version: 1.0.3 - OLYMPUS IMAGING CORP.)
OLYMPUS Viewer 2 (HKLM-x32\...\{AEE39224-92BE-4389-9493-E57FF73BB96A}) (Version: 1.3.1 - OLYMPUS IMAGING CORP.)
Onekey Theater (HKLM-x32\...\InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}) (Version: 2.0.2.8 - Lenovo)
Onekey Theater (x32 Version: 2.0.2.8 - Lenovo) Hidden
OnlineFotoservice (HKLM-x32\...\OnlineFotoservice) (Version: 6.0.0 - CEWE Stiftung u Co. KGaA)
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
PDF reDirect (remove only) (HKLM-x32\...\PDF reDirect) (Version: v2.5.2 - EXP Systems LLC)
PDF24 Creator 6.1.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
Readiris Pro 10 (HKLM-x32\...\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}) (Version:  - )
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6301 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10010 - Realtek Semiconductor Corp.)
Samsung Drive Manager (HKLM-x32\...\{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}) (Version: 1.0.148 - Clarus)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.05.87 (08.09.2013) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.03.77.00(24.10.2013) - Samsung Electronics Co., Ltd.)
Samsung M267x 287x Series (HKLM-x32\...\Samsung M267x 287x Series) (Version: 1.24 (18.12.2013) - Samsung Electronics Co., Ltd.)
Samsung Network PC Fax (HKLM-x32\...\Samsung Network PC Fax) (Version: 1.10.11 (01.07.2013) - Samsung Electronics Co., Ltd.)
Samsung OCR Software (HKLM-x32\...\Samsung OCR Software) (Version: 1.00.14 (02.08.2013) - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (x32 Version: 1.01.12.00 - Samsung Electronics Co., Ltd.) Hidden
Samsung SCX-4200 Series (HKLM-x32\...\Samsung SCX-4200 Series) (Version:  - Samsung Electronics CO.,LTD)
SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-2723766367-1274792045-57920043-1001\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19269 - Gemalto N.V.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SmarThru 4 (HKLM-x32\...\{90F1943D-EA4A-4460-B59F-30023F3BA69A}) (Version:  - )
SmarThru Office (HKLM-x32\...\{9BC1E722-AE07-46A3-B7A6-556DBE18E22A}) (Version: 2.10.000 - Samsung Electronics Co., Ltd.)
Snapform Viewer 1.7.36 (HKLM-x32\...\2841-5017-1617-4151) (Version: 1.7.36 - Ringler Informatik AG)
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
SRS Premium Sound Control Panel (HKLM\...\{F3C66EC8-2F33-452D-9CFF-E8C886B3ECC4}) (Version: 1.11.0000 - SRS Labs, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.16.4 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TERRATEC Cinergy DT USB XS Diversity (64 Bit) (HKLM-x32\...\{715544BD-B49A-40A0-938B-152C5A1D99C3}) (Version: 3.12.00.00 - TERRATEC Electronic GmbH)
TerraTec Home Cinema (HKLM-x32\...\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}) (Version: 6.27.4 - )
TerraTec Remote Control (HKLM-x32\...\{483213DE-E8FC-44D9-8826-11D480BEE38D}) (Version: 5.53 - )
THC Codec Patch (HKLM-x32\...\{03DF2CB2-FF23-47F7-8754-8C3938A5F44C}) (Version: 1.00.0000 - )
THC codec patch (HKLM-x32\...\{667774E0-26BB-4194-9854-656A8DC5337B}) (Version: 1.00.0000 - TERRATEC)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UTAH TOPO 2011 (HKLM-x32\...\uttopo11) (Version:  - )
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.1.0126 - Lenovo)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WEB.DE Online-Speicher 1.8.3649.0 (HKU\S-1-5-21-2723766367-1274792045-57920043-1001\...\WEB.DE Application {sync-000021}) (Version: 1.8.3649.0 - 1&1 Mail & Media GmbH)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows-Treiberpaket - TerraTec  (mod7700) Media  (05/10/2009 3.12.0.0) (HKLM\...\2FAC7F7117585E142DED89EB34FB4C6D8A98A092) (Version: 05/10/2009 3.12.0.0 - TerraTec )
Windows-Treiberpaket - TerraTec  (mod7700) Media  (05/23/2009 3.12.0.0) (HKLM\...\2515928E07E927502134BBB67FFBDA000C7CE116) (Version: 05/23/2009 3.12.0.0 - TerraTec )
WinHTTrack Website Copier 3.46-1 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.46.1 - HTTrack)
Z-DBackup (HKLM-x32\...\{F2DA54F3-F7FB-4AE8-9B33-BEA5391E4A03}) (Version: 6.0.0.9 - IMU Andreas Baumann)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2723766367-1274792045-57920043-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\JOP\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2723766367-1274792045-57920043-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\JOP\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2723766367-1274792045-57920043-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723766367-1274792045-57920043-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723766367-1274792045-57920043-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723766367-1274792045-57920043-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723766367-1274792045-57920043-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723766367-1274792045-57920043-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723766367-1274792045-57920043-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2723766367-1274792045-57920043-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

29-11-2014 16:31:29 Geplanter Prüfpunkt
07-12-2014 20:16:41 Geplanter Prüfpunkt
11-12-2014 22:55:22 Windows Update
15-12-2014 00:00:41 ComboFix created restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A5DC558-03CB-41D8-B4C4-AA6C5F07DAF4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2723766367-1274792045-57920043-1001UA => C:\Users\JOP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-04] (Google Inc.)
Task: {0D732FB0-77B3-4EAD-AF71-25256917754C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {182CF09D-7675-4C3B-ACED-91B5AED09086} - \Plus-HD-1.6-chromeinstaller No Task File <==== ATTENTION
Task: {1A18CA75-456B-40A5-88F2-CBFDDDAE22D8} - \LyricsSay-16-codedownloader No Task File <==== ATTENTION
Task: {24E9C19B-3798-48BF-83DD-AB1B348D61CE} - \LyricsSay-16-enabler No Task File <==== ATTENTION
Task: {561369E8-7B83-441D-97C2-D3E8831B48AC} - \LyricsSay-16-firefoxinstaller No Task File <==== ATTENTION
Task: {57404217-126E-407E-A06E-03CE963E5538} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {64213143-2E73-4859-893F-F806978FBE65} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-05] (CyberLink)
Task: {68664F5E-56EB-4AFC-A012-A11E6F1E259C} - System32\Tasks\{41B213FE-0594-4FC9-80A1-37C14C2ECEFD} => pcalua.exe -a C:\Users\JOP\Downloads\irfanview_plugins_433_setup.exe -d C:\Users\JOP\Downloads
Task: {70710D6A-F64C-4F85-8AD1-4386661B78BB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {70C31B96-4CE5-49E9-94A2-DC5DB40E644C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {7A6220FF-06E6-485E-8E4D-FD858B0C75D3} - System32\Tasks\{26DEFFE2-5541-4D0D-BABB-C8F6AB45D6F6} => pcalua.exe -a C:\Users\JOP\Downloads\garmin\Setup.exe -d C:\Users\JOP\Downloads\garmin
Task: {7DE4D5E9-E318-457C-B036-A9346CFDC1F3} - \LyricsSay-16-updater No Task File <==== ATTENTION
Task: {9B5BDCEC-DEEC-43FA-9C77-B8A8F73FFE38} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-27] ()
Task: {A498B4F4-E2CC-4E8B-9CE2-1FB8C9956A76} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {A6E19942-0F48-4EC5-810E-65ADE541D288} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {C4008950-BA6F-4EB7-B717-EF845A456A53} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2723766367-1274792045-57920043-1001Core => C:\Users\JOP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-04] (Google Inc.)
Task: {C59EF970-BA15-4669-8FA1-BC5B1E2FDE07} - \Plus-HD-1.6-firefoxinstaller No Task File <==== ATTENTION
Task: {D68CCC94-0AE1-42FB-8C6A-C5E2769F7770} - \LyricsSay-16-chromeinstaller No Task File <==== ATTENTION
Task: {EE7DB1A4-D8DC-4638-B8FD-C899027A1CC5} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {FED2073E-6458-45E6-96F6-192526A2AC46} - System32\Tasks\{2D61B20A-AB15-414D-8FA8-29E3E93C599D} => pcalua.exe -a C:\Users\JOP\Downloads\MapSource_6163.exe -d C:\Users\JOP\Downloads
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723766367-1274792045-57920043-1001Core.job => C:\Users\JOP\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723766367-1274792045-57920043-1001UA.job => C:\Users\JOP\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-06-06 15:20 - 2010-06-06 15:20 - 00065344 _____ () C:\windows\System32\PDFreDirectMon64.dll
2014-11-06 23:31 - 2012-11-14 17:43 - 00034304 _____ () C:\windows\System32\ssa6mlm.dll
2009-11-19 02:34 - 2009-11-19 02:34 - 00022016 _____ () C:\windows\System32\suge1l6.dll
2011-02-16 18:56 - 2011-02-16 18:56 - 00202144 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2011-02-16 19:01 - 2011-02-16 19:01 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2008-12-20 04:20 - 2011-08-25 04:32 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-20 04:20 - 2011-08-25 04:32 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2011-03-04 11:17 - 2011-01-27 01:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-03-22 09:08 - 2011-03-22 09:08 - 00161280 _____ () C:\Program Files\NetDrive\libexpat.dll
2011-05-27 08:59 - 2009-01-12 07:15 - 00071096 _____ () C:\windows\SysWOW64\NMSAccess32.exe
2011-08-25 04:21 - 2011-08-25 04:21 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2012-03-09 09:58 - 2012-03-09 09:58 - 00462712 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-03-09 09:58 - 2012-03-09 09:58 - 00057208 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2014-11-22 01:03 - 2014-11-22 01:03 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-12-21 15:05 - 2014-12-21 15:05 - 00852505 _____ () C:\Users\JOP\Downloads\SecurityCheck.exe
2013-02-02 12:26 - 2012-11-13 14:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-02-02 12:26 - 2012-11-13 14:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-02-02 12:26 - 2012-11-13 14:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-02-02 12:26 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-02-02 12:26 - 2012-11-13 14:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2011-02-16 18:51 - 2011-02-16 18:51 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2011-02-16 18:53 - 2011-02-16 18:53 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2013-02-02 12:26 - 2012-11-13 14:06 - 00554400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2014-12-21 14:31 - 2014-12-21 14:31 - 00098816 _____ () C:\Users\JOP\AppData\Local\Temp\_MEI33602\win32api.pyd
2014-12-21 14:31 - 2014-12-21 14:31 - 00110080 _____ () C:\Users\JOP\AppData\Local\Temp\_MEI33602\pywintypes27.dll
2014-12-21 14:31 - 2014-12-21 14:31 - 00364544 _____ () C:\Users\JOP\AppData\Local\Temp\_MEI33602\pythoncom27.dll
2014-12-21 14:31 - 2014-12-21 14:31 - 00045568 _____ () C:\Users\JOP\AppData\Local\Temp\_MEI33602\_socket.pyd
2014-12-21 14:31 - 2014-12-21 14:31 - 01160704 _____ () C:\Users\JOP\AppData\Local\Temp\_MEI33602\_ssl.pyd
2014-12-21 14:31 - 2014-12-21 14:31 - 00320512 _____ () C:\Users\JOP\AppData\Local\Temp\_MEI33602\win32com.shell.shell.pyd
2014-12-21 14:31 - 2014-12-21 14:31 - 00713216 _____ () C:\Users\JOP\AppData\Local\Temp\_MEI33602\_hashlib.pyd
2014-12-21 14:31 - 2014-12-21 14:31 - 01175040 _____ () C:\Users\JOP\AppData\Local\Temp\_MEI33602\wx._core_.pyd
2014-12-21 14:31 - 2014-12-21 14:31 - 00805888 _____ () C:\Users\JOP\AppData\Local\Temp\_MEI33602\wx._gdi_.pyd
2014-12-21 14:31 - 2014-12-21 14:31 - 00811008 _____ () C:\Users\JOP\AppData\Local\Temp\_MEI33602\wx._windows_.pyd
2014-12-21 14:31 - 2014-12-21 14:31 - 01062400 _____ () C:\Users\JOP\AppData\Local\Temp\_MEI33602\wx._controls_.pyd
2014-12-21 14:31 - 2014-12-21 14:31 - 00735232 _____ () C:\Users\JOP\AppData\Local\Temp\_MEI33602\wx._misc_.pyd
2014-12-21 14:31 - 2014-12-21 14:31 - 00128512 _____ () C:\Users\JOP\AppData\Local\Temp\_MEI33602\_elementtree.pyd
2014-12-21 14:31 - 2014-12-21 14:31 - 00127488 _____ () C:\Users\JOP\AppData\Local\Temp\_MEI33602\pyexpat.pyd
2014-12-21 14:31 - 2014-12-21 14:31 - 00557056 _____ () C:\Users\JOP\AppData\Local\Temp\_MEI33602\pysqlite2._sqlite.pyd
2014-12-21 14:31 - 2014-12-21 14:31 - 00087552 _____ () C:\Users\JOP\AppData\Local\Temp\_MEI33602\_ctypes.pyd
2014-12-21 14:31 - 2014-12-21 14:31 - 00119808 _____ () C:\Users\JOP\AppData\Local\Temp\_MEI33602\win32file.pyd
2014-12-21 14:31 - 2014-12-21 14:31 - 00108544 _____ () C:\Users\JOP\AppData\Local\Temp\_MEI33602\win32security.pyd
2014-12-21 14:31 - 2014-12-21 14:31 - 00007168 _____ () C:\Users\JOP\AppData\Local\Temp\_MEI33602\hashobjs_ext.pyd
2014-12-21 14:31 - 2014-12-21 14:31 - 00167936 _____ () C:\Users\JOP\AppData\Local\Temp\_MEI33602\win32gui.pyd
2014-12-21 14:31 - 2014-12-21 14:31 - 00018432 _____ () C:\Users\JOP\AppData\Local\Temp\_MEI33602\win32event.pyd
2014-12-21 14:31 - 2014-12-21 14:31 - 00038912 _____ () C:\Users\JOP\AppData\Local\Temp\_MEI33602\win32inet.pyd
2014-12-21 14:31 - 2014-12-21 14:31 - 00011264 _____ () C:\Users\JOP\AppData\Local\Temp\_MEI33602\win32crypt.pyd
2014-12-21 14:31 - 2014-12-21 14:31 - 00070656 _____ () C:\Users\JOP\AppData\Local\Temp\_MEI33602\wx._html2.pyd
2014-12-21 14:31 - 2014-12-21 14:31 - 00027136 _____ () C:\Users\JOP\AppData\Local\Temp\_MEI33602\_multiprocessing.pyd
2014-12-21 14:31 - 2014-12-21 14:31 - 00035840 _____ () C:\Users\JOP\AppData\Local\Temp\_MEI33602\win32process.pyd
2014-12-21 14:31 - 2014-12-21 14:31 - 00686080 _____ () C:\Users\JOP\AppData\Local\Temp\_MEI33602\unicodedata.pyd
2014-12-21 14:31 - 2014-12-21 14:31 - 00122368 _____ () C:\Users\JOP\AppData\Local\Temp\_MEI33602\wx._wizard.pyd
2014-12-21 14:31 - 2014-12-21 14:31 - 00024064 _____ () C:\Users\JOP\AppData\Local\Temp\_MEI33602\win32pipe.pyd
2014-12-21 14:31 - 2014-12-21 14:31 - 00025600 _____ () C:\Users\JOP\AppData\Local\Temp\_MEI33602\win32pdh.pyd
2014-12-21 14:31 - 2014-12-21 14:31 - 00525640 _____ () C:\Users\JOP\AppData\Local\Temp\_MEI33602\windows._lib_cacheinvalidation.pyd
2014-12-21 14:31 - 2014-12-21 14:31 - 00010240 _____ () C:\Users\JOP\AppData\Local\Temp\_MEI33602\select.pyd
2014-12-21 14:31 - 2014-12-21 14:31 - 00017408 _____ () C:\Users\JOP\AppData\Local\Temp\_MEI33602\win32profile.pyd
2014-12-21 14:31 - 2014-12-21 14:31 - 00022528 _____ () C:\Users\JOP\AppData\Local\Temp\_MEI33602\win32ts.pyd
2014-12-21 14:31 - 2014-12-21 14:31 - 00078336 _____ () C:\Users\JOP\AppData\Local\Temp\_MEI33602\wx._animate.pyd
2012-05-05 23:20 - 2014-06-21 18:33 - 03022960 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2012-05-05 23:20 - 2014-06-21 18:33 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2012-05-05 23:20 - 2014-06-21 18:33 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-12-14 20:23 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-14 20:23 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-14 20:23 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-14 20:23 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5F64C164

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Drive Manager Real-Time.lnk => C:\windows\pss\Samsung Drive Manager Real-Time.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^JOP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\windows\pss\EvernoteClipper.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Speed Launcher => 1418603236
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: NetDrive => "C:\Program Files\NetDrive\NetDrive.exe" -tray
MSCONFIG\startupreg: NSU_agent => "C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: Remote Control Editor => "C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe"
MSCONFIG\startupreg: Samsung PanelMgr => C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
MSCONFIG\startupreg: SanDiskSecureAccess_Manager.exe => C:\Users\JOP\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
MSCONFIG\startupreg: STO Backup Service => C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe
MSCONFIG\startupreg: UpdateP2GShortCut => "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
MSCONFIG\startupreg: UpdatePRCShortCut => "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
MSCONFIG\startupreg: VeriFaceManager => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
MSCONFIG\startupreg: YouCam Mirage => "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s

========================= Accounts: ==========================

Administrator (S-1-5-21-2723766367-1274792045-57920043-500 - Administrator - Disabled)
Gast (S-1-5-21-2723766367-1274792045-57920043-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2723766367-1274792045-57920043-1003 - Limited - Enabled)
JOP (S-1-5-21-2723766367-1274792045-57920043-1001 - Administrator - Enabled) => C:\Users\JOP
UpdatusUser (S-1-5-21-2723766367-1274792045-57920043-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Zone Alarm Firewall Driver
Description: Zone Alarm Firewall Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Vsdatant
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/21/2014 03:02:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/21/2014 02:31:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2014 10:43:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (12/20/2014 10:40:37 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/20/2014 07:26:19 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/20/2014 07:26:14 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/20/2014 07:13:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/21/2014 02:32:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
Vsdatant

Error: (12/21/2014 02:30:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/21/2014 02:30:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Core Update Service erreicht.

Error: (12/21/2014 02:30:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%20

Error: (12/20/2014 07:13:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
Vsdatant

Error: (12/20/2014 07:12:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/20/2014 07:12:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Core Update Service erreicht.

Error: (12/20/2014 07:12:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%20


Microsoft Office Sessions:
=========================
Error: (12/21/2014 03:02:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (12/21/2014 02:31:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2014 10:43:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\Nokia\nokia pc suite 7\TIS_Windows7PIM.dll

Error: (12/20/2014 10:40:37 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (12/20/2014 07:26:19 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\JOP\Downloads\esetsmartinstaller_deu.exe

Error: (12/20/2014 07:26:14 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\JOP\Downloads\esetsmartinstaller_deu.exe

Error: (12/20/2014 07:13:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-12-15 00:31:01.839
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-12-15 00:31:01.750
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-07-08 20:39:54.841
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-08 20:00:50.410
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-08 19:29:58.480
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-08 01:56:01.518
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-07 18:59:27.740
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-07 18:29:19.314
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-07 15:38:22.912
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-07 15:30:43.638
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz
Percentage of memory in use: 54%
Total physical RAM: 4000.49 MB
Available physical RAM: 1802.59 MB
Total Pagefile: 7999.16 MB
Available Pagefile: 4890.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:653 GB) (Free:380.64 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:30.69 GB) (Free:13.87 GB) NTFS
Drive f: (GARMIN) (Removable) (Total:1.82 GB) (Free:0.37 GB) FAT32
Drive g: (GARMIN) (Removable) (Total:1.83 GB) (Free:0.06 GB) FAT
Drive i: () (Removable) (Total:1.84 GB) (Free:1.48 GB) FAT
Drive y: () (Fixed) (Total:29.97 GB) (Free:27.44 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 3689DBF2)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=653 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30.7 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

========================================================
Disk: 1 (Size: 1.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 3.6 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 3 (Size: 1.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

Vielen Dank
Gruß und schöne Weihnachten

JOP

schrauber · 22.12.2014, 13:29

Java, FLash und Firefox updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

Task: {182CF09D-7675-4C3B-ACED-91B5AED09086} - \Plus-HD-1.6-chromeinstaller No Task File <==== ATTENTION
Task: {1A18CA75-456B-40A5-88F2-CBFDDDAE22D8} - \LyricsSay-16-codedownloader No Task File <==== ATTENTION
Task: {24E9C19B-3798-48BF-83DD-AB1B348D61CE} - \LyricsSay-16-enabler No Task File <==== ATTENTION
Task: {561369E8-7B83-441D-97C2-D3E8831B48AC} - \LyricsSay-16-firefoxinstaller No Task File <==== ATTENTION
Task: {7DE4D5E9-E318-457C-B036-A9346CFDC1F3} - \LyricsSay-16-updater No Task File <==== ATTENTION
Task: {C59EF970-BA15-4669-8FA1-BC5B1E2FDE07} - \Plus-HD-1.6-firefoxinstaller No Task File <==== ATTENTION
Task: {D68CCC94-0AE1-42FB-8C6A-C5E2769F7770} - \LyricsSay-16-chromeinstaller No Task File <==== ATTENTION
HKU\S-1-5-21-2723766367-1274792045-57920043-1000\...\Run: [FactoryTest] => C:\Windows\Test.bat
C:\Windows\Test.bat
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

JOP · 22.12.2014, 19:33

Guten Tag,

fixlog.txt

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-12-2014 01
Ran by JOP at 2014-12-22 19:27:46 Run:1
Running from C:\Users\JOP\Desktop\cleaning
Loaded Profiles: UpdatusUser & JOP (Available profiles: UpdatusUser & JOP)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {182CF09D-7675-4C3B-ACED-91B5AED09086} - \Plus-HD-1.6-chromeinstaller No Task File <==== ATTENTION
Task: {1A18CA75-456B-40A5-88F2-CBFDDDAE22D8} - \LyricsSay-16-codedownloader No Task File <==== ATTENTION
Task: {24E9C19B-3798-48BF-83DD-AB1B348D61CE} - \LyricsSay-16-enabler No Task File <==== ATTENTION
Task: {561369E8-7B83-441D-97C2-D3E8831B48AC} - \LyricsSay-16-firefoxinstaller No Task File <==== ATTENTION
Task: {7DE4D5E9-E318-457C-B036-A9346CFDC1F3} - \LyricsSay-16-updater No Task File <==== ATTENTION
Task: {C59EF970-BA15-4669-8FA1-BC5B1E2FDE07} - \Plus-HD-1.6-firefoxinstaller No Task File <==== ATTENTION
Task: {D68CCC94-0AE1-42FB-8C6A-C5E2769F7770} - \LyricsSay-16-chromeinstaller No Task File <==== ATTENTION
HKU\S-1-5-21-2723766367-1274792045-57920043-1000\...\Run: [FactoryTest] => C:\Windows\Test.bat
C:\Windows\Test.bat
Emptytemp:
         
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{182CF09D-7675-4C3B-ACED-91B5AED09086}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{182CF09D-7675-4C3B-ACED-91B5AED09086}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.6-chromeinstaller" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1A18CA75-456B-40A5-88F2-CBFDDDAE22D8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A18CA75-456B-40A5-88F2-CBFDDDAE22D8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LyricsSay-16-codedownloader" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{24E9C19B-3798-48BF-83DD-AB1B348D61CE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24E9C19B-3798-48BF-83DD-AB1B348D61CE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LyricsSay-16-enabler" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{561369E8-7B83-441D-97C2-D3E8831B48AC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{561369E8-7B83-441D-97C2-D3E8831B48AC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LyricsSay-16-firefoxinstaller" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7DE4D5E9-E318-457C-B036-A9346CFDC1F3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DE4D5E9-E318-457C-B036-A9346CFDC1F3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LyricsSay-16-updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C59EF970-BA15-4669-8FA1-BC5B1E2FDE07}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C59EF970-BA15-4669-8FA1-BC5B1E2FDE07}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.6-firefoxinstaller" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D68CCC94-0AE1-42FB-8C6A-C5E2769F7770}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D68CCC94-0AE1-42FB-8C6A-C5E2769F7770}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LyricsSay-16-chromeinstaller" => Key deleted successfully.
HKU\S-1-5-21-2723766367-1274792045-57920043-1000\Software\Microsoft\Windows\CurrentVersion\Run\\FactoryTest => value deleted successfully.
"C:\Windows\Test.bat" => File/Directory not found.
EmptyTemp: => Removed 721.1 MB temporary data.

Schöne Weihnachten
JOP

schrauber · 23.12.2014, 17:15

Gern Geschehen

23.12.2014, 17:15	#11
schrauber /// the machine /// TB-Ausbilder	Windows 7 schwarzer Bildschirm, keine Taskleiste aber Fenster "Computer" geöffnet 3 Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Windows 7 schwarzer Bildschirm, keine Taskleiste aber Fenster "Computer" geöffnet 3

Plagegeister aller Art und deren Bekämpfung: Windows 7 schwarzer Bildschirm, keine Taskleiste aber Fenster "Computer" geöffnet 3