Habe Mist gebaut...

magigstar · 31.01.2015, 09:01

Hallo Leute,

ich glaube, ich habe Mist gebaut...

Sagt euch "omiga-plus" was?

Firefox startet nun mit omiga-plus, auch im Suchfeld.
Soweit habe ich sie nun deinstallieren können.

Aber ich glaube, jetzt ist es Trovi, die omiga-plus ersetzt hat, irgendwie...
Also echt komisch...

Bootsektor · 31.01.2015, 09:45

Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem
Führe bitte nur Scans durch zu denen Du von mir aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
Poste die Logfiles direkt in deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Posten in Code Tags
Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke.
Dazu:

Klicke über dem Antwortfenster auf die Raute #, dann steht dort in eckigen Klammern [] CODE /CODE.
Zwischen den beiden code-Bausteinen fügst Du dann deine Logfiles ein. Also CODE Logfile /CODE
Wenn die Logs zu lang sein sollten, dann teile sie bitte auf und poste sie dann hier in Deinem Thread, notfalls in mehreren Antworten.

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

magigstar · 31.01.2015, 10:23

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by XXXXX XXXXX (administrator) on ARBEITSCOMPUTER on 31-01-2015 10:14:47
Running from C:\Users\XXXXX XXXXX\Desktop
Loaded Profiles: XXXXX XXXXX (Available profiles: XXXXX XXXXX & XXXXX & Versuch)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Common Files\AAV\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Search Module Plus Ltd.) C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smu.exe
(ShopperPro) C:\Program Files\Common Files\ShopperPro\spbiu.exe
(Weather Protector LLC) C:\Program Files (x86)\StormWatch\SWUpdaterSvc.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
() C:\Windows\snuvcdsm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\PLFSetI.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
() C:\Users\XXXXX XXXXX\AppData\Local\winengine\rkr1.exe
(RescueTime, Inc.) C:\Program Files (x86)\RescueTime\RescueTime.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Mirko Böer) C:\Program Files (x86)\SSS\SimpleScreenshot.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Common Files\Goobzo\GBUpdatePlus\SCHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SNUVCDSM] => C:\Windows\snuvcdsm.exe [30080 2011-01-13] ()
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-29] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetL] => C:\Windows\PLFSetL.exe [99712 2011-01-13] (Sonix Technology Co., Ltd.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2011-11-13] ()
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-11] (Egis Technology Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-07-22] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SimpleScreenshot] => C:\Program Files (x86)\SSS\SIMPLESCREENSHOT.EXE [2255360 2008-02-09] (Mirko Böer)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-02] (Dritek System Inc.)
HKLM-x32\...\Run: [YTDownloader] => /boot
HKLM-x32\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1361.0.0.0\jsdrv.exe
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-23] (BillP Studios)
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1361.0.0.0\jsdrv.exe
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [winengine] => C:\Users\XXXXX XXXXX\AppData\Local\winengine\rkr0.exe [511416 2014-12-12] ()
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [winengine2] => C:\Users\XXXXX XXXXX\AppData\Local\winengine\rkr1.exe [511416 2014-12-12] ()
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [253200 2015-01-20] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [219408 2015-01-20] (Client Connect LTD)
Startup: C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk
ShortcutTarget: RescueTime.lnk -> C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.thesearchpage.info/?pid=3458&r=2015/01/31&hid=4296634904664230215&lg=EN&cc=DE&unqvl=74
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.thesearchpage.info/?pid=3458&r=2015/01/31&hid=4296634904664230215&lg=EN&cc=DE&unqvl=74
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=3458&r=2015/01/31&hid=4296634904664230215&lg=EN&cc=DE&unqvl=74
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=3458&r=2015/01/31&hid=4296634904664230215&lg=EN&cc=DE&unqvl=74
SearchScopes: HKU\S-1-5-21-1242904208-471078349-2963378918-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7F3C43B3-690F-4276-959F-1C74A797CA2A&SearchSource=58&CUI=&UM=8&UP=SP9050A32E-D786-4A42-9E49-5663C4588ECE&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1242904208-471078349-2963378918-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7F3C43B3-690F-4276-959F-1C74A797CA2A&SearchSource=58&CUI=&UM=8&UP=SP9050A32E-D786-4A42-9E49-5663C4588ECE&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1242904208-471078349-2963378918-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1242904208-471078349-2963378918-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1242904208-471078349-2963378918-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=3458&r=2015/01/31&hid=4296634904664230215&lg=EN&cc=DE&unqvl=74
BHO: Boost -> {2299856A-6506-42E3-A34F-CD35A47C1B19} -> C:\Program Files (x86)\Boost\64Boost.dll (Boost)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: youtubeadblocker -> {66a77d73-e5fa-4815-bba6-e6e6210fb9a0} -> C:\Program Files (x86)\youtubeadblocker\2vSp3hYxFkuiwN.x64.dll ()
BHO: unissales -> {7e0aaab3-ba7d-4a2d-b1e6-4289ce4d1b1e} -> C:\Program Files (x86)\unissales\9vFbOLvEX4RE1d.x64.dll ()
BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} ->  No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Booster-Web helper -> {B5147546-9359-4D9B-8B36-F54C54555799} -> C:\Program Files (x86)\Booster-Web\Booster-Web.dll (App LLC)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Boost -> {2299856A-6506-42E3-A34F-CD35A47C1B19} -> C:\Program Files (x86)\Boost\Boost.dll (Boost)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Booster-Web helper -> {B5147546-9359-4D9B-8B36-F54C54555799} -> C:\Program Files (x86)\Booster-Web\Booster-Web.dll (App LLC)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\abengine.dll [323720] (Abengine)
Winsock: Catalog9 02 C:\Windows\SysWOW64\abengine.dll [323720] (Abengine)
Winsock: Catalog9 03 C:\Windows\SysWOW64\abengine.dll [323720] (Abengine)
Winsock: Catalog9 04 C:\Windows\SysWOW64\abengine.dll [323720] (Abengine)
Winsock: Catalog9 15 C:\Windows\SysWOW64\abengine.dll [323720] (Abengine)
Winsock: Catalog9-x64 01 C:\Windows\system32\abengine64.dll [380112] (Abengine)
Winsock: Catalog9-x64 02 C:\Windows\system32\abengine64.dll [380112] (Abengine)
Winsock: Catalog9-x64 03 C:\Windows\system32\abengine64.dll [380112] (Abengine)
Winsock: Catalog9-x64 04 C:\Windows\system32\abengine64.dll [380112] (Abengine)
Winsock: Catalog9-x64 05 C:\Windows\system32\ColorMedia64.dll [378640] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 06 C:\Windows\system32\ColorMedia64.dll [378640] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 07 C:\Windows\system32\ColorMedia64.dll [378640] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 08 C:\Windows\system32\ColorMedia64.dll [378640] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 19 C:\Windows\system32\ColorMedia64.dll [378640] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 20 C:\Windows\system32\abengine64.dll [380112] (Abengine)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB

FireFox:
========
FF ProfilePath: C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7F3C43B3-690F-4276-959F-1C74A797CA2A&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SP9050A32E-D786-4A42-9E49-5663C4588ECE
FF DefaultSearchEngine: omiga-plus
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.thesearchpage.info/?pid=3458&r=2015/01/31&hid=4296634904664230215&lg=EN&cc=DE&unqvl=74&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: 
FF SelectedSearchEngine,S: WebSearch
FF Homepage: hxxp://websearch.thesearchpage.info/?pid=3458&r=2015/01/31&hid=4296634904664230215&lg=EN&cc=DE&unqvl=74
FF Keyword.URL: hxxp://www-searching.com/search.aspx?s=F1Vzamodk07628,8fde143b-bce1-4d1d-b797-3fbbcd45903f,&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\searchplugins\omiga-plus.xml
FF SearchPlugin: C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\searchplugins\trovi.xml
FF SearchPlugin: C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\searchplugins\WebSearch.xml
FF Extension: iWebar - C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com [2015-01-31]
FF Extension: CinemaP-1.4cV31.01 - C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\23fb8bb3-ac21-4230-bbfa-49b94968bc63@gmail.com [2015-01-31]
FF Extension: Object Browser - C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com [2015-01-31]
FF Extension: FF Toolbar - C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\fftoolbar2014@etech.com [2015-01-31]
FF Extension: Booster Web - C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\jid1-U7omKQ6kQfxMaQ@jetpack [2015-01-31]
FF Extension: youtubeadblocker - C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\wq@P.net [2015-01-31]
FF Extension: uenisaalEs - C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\Za7@Ky.edu [2015-01-31]
FF Extension: Zoom It - C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{680219c9-7bbf-5dfc-84d8-33b88668b4ab} [2015-01-31]
FF Extension: Shopper-Pro - C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [2015-01-31]
FF Extension: Boost - C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\boost@boost.net.xpi [2014-12-04]
FF Extension: LeechBlock - C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2014-12-07]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\fftoolbar2014@etech.com
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://isearch.omiga-plus.com/?type=sc&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7F3C43B3-690F-4276-959F-1C74A797CA2A&SearchSource=55&CUI=&UM=8&UP=SP9050A32E-D786-4A42-9E49-5663C4588ECE&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7F3C43B3-690F-4276-959F-1C74A797CA2A&SearchSource=55&CUI=&UM=8&UP=SP9050A32E-D786-4A42-9E49-5663C4588ECE&SSPV="
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (Google Docs) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-25]
CHR Extension: (Google Drive) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-26]
CHR Extension: (YouTube) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-25]
CHR Extension: (Google Search) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-25]
CHR Extension: (Avira Browser Safety) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-26]
CHR Extension: (Google Wallet) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-26]
CHR Extension: (Hearthstone Stream Browser) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\obdejhodejngcbmkiddfjkieejekbfil [2015-01-31]
CHR Extension: (Gmail) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-25]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://isearch.omiga-plus.com/?type=sc&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Common Files\AAV\aavus.exe [122880 2007-10-04] () [File not signed]
S4 abengine; C:\Program Files (x86)\TabNav\abengine.exe [1332576 2015-01-28] (Abengine) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
S4 BotkindSyncService; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [182784 2013-10-10] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3503376 2015-01-20] (Client Connect LTD)
S4 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241704 2014-03-25] (Foxit Corporation)
R2 HPSLPSVC; C:\Users\XXXXX XXXXX\AppData\Local\Temp\7zS1D89\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
S2 InjectorService; C:\Program Files (x86)\TabNav\jis.exe [84480 2014-11-29] () [File not signed]
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-11] (Egis Technology Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 NoIPDUCService4; C:\Program Files (x86)\No-IP\ducservice.exe [11264 2013-01-24] () [File not signed]
S4 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3051848 2011-01-25] (O&O Software GmbH)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] () [File not signed]
S4 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S4 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) [File not signed]
S4 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe [72344 2008-05-19] (SiSoftware) [File not signed]
R2 SMUpdPlus; C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smu.exe [2719592 2015-01-31] (Search Module Plus Ltd.)
R2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [2346880 2015-01-07] (ShopperPro)
R2 SWUpdater; C:\Program Files (x86)\StormWatch\SWUpdaterSvc.exe [17584 2014-11-22] (Weather Protector LLC)
S4 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [247152 2010-04-27] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]
S2 YTDUpdt; C:\PROGRA~2\YTDOWN~1\YTDUPD~1.EXE [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 EkaProt6; C:\Windows\System32\DRIVERS\ekaprot6.sys [27288 2012-03-23] (Ekahau Inc.)
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [109144 2014-01-30] (Softwareentwicklung Remus - ArchiCrypt - )
R3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smw.sys [42856 2015-01-31] ()
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806592 2011-01-13] ()
R3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41856 2015-01-07] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 SPDRIVER_1361.0.0.0; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1361.0.0.0\jsdrv.sys [X]
R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 10:14 - 2015-01-31 10:16 - 00033171 _____ () C:\Users\XXXXX XXXXX\Desktop\FRST.txt
2015-01-31 10:12 - 2015-01-31 10:12 - 02130432 _____ (Farbar) C:\Users\XXXXX XXXXX\Desktop\FRST64.exe
2015-01-31 10:10 - 2015-01-31 10:10 - 00001101 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-31 09:43 - 2015-01-31 09:46 - 00000000 ____D () C:\Users\XXXXX XXXXX\Desktop\Ordnung
2015-01-31 09:35 - 2015-01-31 09:35 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Booster-Web
2015-01-31 09:34 - 2015-01-31 10:08 - 00000000 ____D () C:\Program Files (x86)\TabNav
2015-01-31 09:34 - 2015-01-31 10:01 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\Booster-Web
2015-01-31 09:34 - 2015-01-31 09:35 - 00000000 ____D () C:\Program Files (x86)\Booster-Web
2015-01-31 09:34 - 2015-01-31 09:34 - 00004696 _____ () C:\Windows\SysWOW64\abengine.ini
2015-01-31 09:34 - 2015-01-31 09:34 - 00003408 _____ () C:\Windows\System32\Tasks\sondhschedule
2015-01-31 09:34 - 2015-01-31 09:34 - 00003108 _____ () C:\Windows\System32\Tasks\zupa3002
2015-01-31 09:34 - 2015-01-31 09:34 - 00002600 _____ () C:\Windows\SysWOW64\abengineOff.ini
2015-01-31 09:34 - 2015-01-31 09:34 - 00002600 _____ () C:\Windows\system32\abengineOff.ini
2015-01-31 09:34 - 2015-01-31 09:34 - 00000002 _____ () C:\END
2015-01-31 09:34 - 2015-01-31 09:34 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\winengine
2015-01-31 09:34 - 2015-01-31 09:34 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\mbot_de_481
2015-01-31 09:34 - 2015-01-31 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY
2015-01-31 09:34 - 2015-01-31 09:34 - 00000000 ____D () C:\Program Files (x86)\mbot_de_481
2015-01-31 09:34 - 2015-01-31 09:34 - 00000000 ____D () C:\Program Files (x86)\mbot_de_465
2015-01-31 09:34 - 2015-01-28 22:40 - 00380112 _____ (Abengine) C:\Windows\system32\abengine64.dll
2015-01-31 09:34 - 2015-01-28 22:40 - 00323720 _____ (Abengine) C:\Windows\SysWOW64\abengine.dll
2015-01-31 09:33 - 2015-01-31 10:09 - 00000000 ____D () C:\Program Files (x86)\CinemaP-1.4cV31.01
2015-01-31 09:33 - 2015-01-31 10:08 - 00005878 _____ () C:\Windows\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-6.job
2015-01-31 09:33 - 2015-01-31 10:08 - 00005534 _____ () C:\Windows\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-7.job
2015-01-31 09:33 - 2015-01-31 10:08 - 00004510 _____ () C:\Windows\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-4.job
2015-01-31 09:33 - 2015-01-31 10:08 - 00003490 _____ () C:\Windows\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-1-7.job
2015-01-31 09:33 - 2015-01-31 10:08 - 00003154 _____ () C:\Windows\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-1-6.job
2015-01-31 09:33 - 2015-01-31 10:08 - 00002462 _____ () C:\Windows\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-5_user.job
2015-01-31 09:33 - 2015-01-31 10:08 - 00002462 _____ () C:\Windows\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-5.job
2015-01-31 09:33 - 2015-01-31 10:08 - 00001380 _____ () C:\Windows\Tasks\NWAUR.job
2015-01-31 09:33 - 2015-01-31 10:08 - 00001378 _____ () C:\Windows\Tasks\FMLW.job
2015-01-31 09:33 - 2015-01-31 09:33 - 00008906 _____ () C:\Windows\System32\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-6
2015-01-31 09:33 - 2015-01-31 09:33 - 00008564 _____ () C:\Windows\System32\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-7
2015-01-31 09:33 - 2015-01-31 09:33 - 00007540 _____ () C:\Windows\System32\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-4
2015-01-31 09:33 - 2015-01-31 09:33 - 00006520 _____ () C:\Windows\System32\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-1-7
2015-01-31 09:33 - 2015-01-31 09:33 - 00006182 _____ () C:\Windows\System32\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-1-6
2015-01-31 09:33 - 2015-01-31 09:33 - 00005492 _____ () C:\Windows\System32\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-5
2015-01-31 09:33 - 2015-01-31 09:33 - 00004442 _____ () C:\Windows\System32\Tasks\NWAUR
2015-01-31 09:33 - 2015-01-31 09:33 - 00004440 _____ () C:\Windows\System32\Tasks\FMLW
2015-01-31 09:33 - 2015-01-31 09:33 - 00000000 ____D () C:\Program Files (x86)\878e2246-8f7a-48fe-89f9-845dc6abbab7
2015-01-31 09:32 - 2015-01-31 09:32 - 00001117 _____ () C:\Users\XXXXX XXXXX\Desktop\Continue installation .lnk
2015-01-31 09:31 - 2015-01-31 10:08 - 00002454 _____ () C:\Windows\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-5_user.job
2015-01-31 09:31 - 2015-01-31 10:08 - 00002454 _____ () C:\Windows\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-5.job
2015-01-31 09:31 - 2015-01-31 09:31 - 00005484 _____ () C:\Windows\System32\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-5
2015-01-31 09:31 - 2015-01-31 09:31 - 00004314 _____ () C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333035393833303830392d5a556c6c4a5a575750414134
2015-01-31 09:31 - 2015-01-31 09:31 - 00004130 _____ () C:\Windows\System32\Tasks\amiupdaterExi
2015-01-31 09:31 - 2015-01-31 09:31 - 00003886 _____ () C:\Windows\System32\Tasks\Smp
2015-01-31 09:31 - 2015-01-31 09:31 - 00003804 _____ () C:\Windows\System32\Tasks\amiupdaterExd
2015-01-31 09:31 - 2015-01-31 09:31 - 00003636 _____ () C:\Windows\System32\Tasks\SMWPUpd
2015-01-31 09:31 - 2015-01-31 09:31 - 00000000 ____D () C:\ProgramData\SearchModulePlus
2015-01-31 09:31 - 2015-01-31 09:31 - 00000000 ____D () C:\Program Files\Common Files\Goobzo
2015-01-31 09:30 - 2015-01-31 10:08 - 00005854 _____ () C:\Windows\Tasks\04c81119-30a3-4168-b759-0865e99d237c-7.job
2015-01-31 09:30 - 2015-01-31 10:08 - 00005854 _____ () C:\Windows\Tasks\04c81119-30a3-4168-b759-0865e99d237c-6.job
2015-01-31 09:30 - 2015-01-31 10:08 - 00005526 _____ () C:\Windows\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-7.job
2015-01-31 09:30 - 2015-01-31 10:08 - 00005526 _____ () C:\Windows\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-6.job
2015-01-31 09:30 - 2015-01-31 10:08 - 00004830 _____ () C:\Windows\Tasks\04c81119-30a3-4168-b759-0865e99d237c-4.job
2015-01-31 09:30 - 2015-01-31 10:08 - 00004502 _____ () C:\Windows\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-4.job
2015-01-31 09:30 - 2015-01-31 10:08 - 00003810 _____ () C:\Windows\Tasks\04c81119-30a3-4168-b759-0865e99d237c-1-7.job
2015-01-31 09:30 - 2015-01-31 10:08 - 00003482 _____ () C:\Windows\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-1-7.job
2015-01-31 09:30 - 2015-01-31 10:08 - 00003466 _____ () C:\Windows\Tasks\04c81119-30a3-4168-b759-0865e99d237c-1-6.job
2015-01-31 09:30 - 2015-01-31 10:08 - 00003146 _____ () C:\Windows\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-1-6.job
2015-01-31 09:30 - 2015-01-31 10:08 - 00003126 _____ () C:\Windows\Tasks\04c81119-30a3-4168-b759-0865e99d237c-5_user.job
2015-01-31 09:30 - 2015-01-31 10:08 - 00002782 _____ () C:\Windows\Tasks\04c81119-30a3-4168-b759-0865e99d237c-5.job
2015-01-31 09:30 - 2015-01-31 10:08 - 00001382 _____ () C:\Windows\Tasks\UHTQPK.job
2015-01-31 09:30 - 2015-01-31 10:08 - 00001378 _____ () C:\Windows\Tasks\MLSC.job
2015-01-31 09:30 - 2015-01-31 09:40 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
2015-01-31 09:30 - 2015-01-31 09:32 - 00003758 _____ () C:\Windows\System32\Tasks\SMupdate1
2015-01-31 09:30 - 2015-01-31 09:32 - 00003618 _____ () C:\Windows\System32\Tasks\YTDownloader
2015-01-31 09:30 - 2015-01-31 09:32 - 00003608 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2015-01-31 09:30 - 2015-01-31 09:30 - 00008884 _____ () C:\Windows\System32\Tasks\04c81119-30a3-4168-b759-0865e99d237c-7
2015-01-31 09:30 - 2015-01-31 09:30 - 00008882 _____ () C:\Windows\System32\Tasks\04c81119-30a3-4168-b759-0865e99d237c-6
2015-01-31 09:30 - 2015-01-31 09:30 - 00008556 _____ () C:\Windows\System32\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-7
2015-01-31 09:30 - 2015-01-31 09:30 - 00008554 _____ () C:\Windows\System32\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-6
2015-01-31 09:30 - 2015-01-31 09:30 - 00007860 _____ () C:\Windows\System32\Tasks\04c81119-30a3-4168-b759-0865e99d237c-4
2015-01-31 09:30 - 2015-01-31 09:30 - 00007532 _____ () C:\Windows\System32\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-4
2015-01-31 09:30 - 2015-01-31 09:30 - 00006840 _____ () C:\Windows\System32\Tasks\04c81119-30a3-4168-b759-0865e99d237c-1-7
2015-01-31 09:30 - 2015-01-31 09:30 - 00006512 _____ () C:\Windows\System32\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-1-7
2015-01-31 09:30 - 2015-01-31 09:30 - 00006494 _____ () C:\Windows\System32\Tasks\04c81119-30a3-4168-b759-0865e99d237c-1-6
2015-01-31 09:30 - 2015-01-31 09:30 - 00006174 _____ () C:\Windows\System32\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-1-6
2015-01-31 09:30 - 2015-01-31 09:30 - 00005812 _____ () C:\Windows\System32\Tasks\04c81119-30a3-4168-b759-0865e99d237c-5
2015-01-31 09:30 - 2015-01-31 09:30 - 00004546 _____ () C:\Windows\System32\Tasks\ShopperPro
2015-01-31 09:30 - 2015-01-31 09:30 - 00004444 _____ () C:\Windows\System32\Tasks\UHTQPK
2015-01-31 09:30 - 2015-01-31 09:30 - 00004440 _____ () C:\Windows\System32\Tasks\MLSC
2015-01-31 09:30 - 2015-01-31 09:30 - 00004292 _____ () C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333035393833303830392d5a556c6c4a5a575750414134
2015-01-31 09:30 - 2015-01-31 09:30 - 00003528 _____ () C:\Windows\System32\Tasks\SPDriver
2015-01-31 09:30 - 2015-01-31 09:30 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\globalUpdate
2015-01-31 09:30 - 2015-01-31 09:30 - 00000000 ____D () C:\Program Files\Common Files\ShopperPro
2015-01-31 09:30 - 2015-01-31 09:30 - 00000000 ____D () C:\Program Files (x86)\ed55547d-8d98-4039-96d9-00407eb30671
2015-01-31 09:30 - 2015-01-31 09:30 - 00000000 ____D () C:\Program Files (x86)\38307773-d954-48f2-8127-93df0ea63e4a
2015-01-31 09:29 - 2015-01-31 09:29 - 00003604 _____ () C:\Windows\System32\Tasks\ShopperProJSUpd
2015-01-31 09:29 - 2015-01-31 09:29 - 00003446 _____ () C:\Windows\System32\Tasks\Inst_Rep
2015-01-31 09:29 - 2015-01-31 09:29 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\moters
2015-01-31 09:29 - 2015-01-31 09:29 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\CrashRpt
2015-01-31 09:28 - 2015-01-31 09:45 - 00000000 ____D () C:\Program Files (x86)\StormWatch
2015-01-31 09:28 - 2015-01-31 09:28 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch
2015-01-31 09:28 - 2015-01-31 09:28 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\Weather_Protector_LLC
2015-01-31 09:28 - 2015-01-31 09:28 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\StormWatch
2015-01-31 09:07 - 2015-01-31 09:07 - 00004050 _____ () C:\Windows\System32\Tasks\LaunchSignup
2015-01-31 09:06 - 2015-01-31 09:45 - 00000000 ____D () C:\Program Files (x86)\TampaGeneration
2015-01-31 09:06 - 2015-01-31 09:06 - 00001913 _____ () C:\Users\Public\Desktop\EZDownloader.lnk
2015-01-31 09:06 - 2015-01-31 09:06 - 00000000 ____D () C:\Windows\SysWOW64\X86
2015-01-31 09:06 - 2015-01-31 09:06 - 00000000 ____D () C:\Windows\SysWOW64\AMD64
2015-01-31 09:06 - 2015-01-31 09:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
2015-01-31 09:06 - 2015-01-31 09:06 - 00000000 ____D () C:\Program Files (x86)\youtubeadblocker
2015-01-31 09:06 - 2015-01-31 09:06 - 00000000 ____D () C:\Program Files (x86)\Hearthstone Stream Browser
2015-01-31 09:06 - 2015-01-31 09:06 - 00000000 ____D () C:\Program Files (x86)\EZDownloader
2015-01-31 09:05 - 2015-01-31 09:43 - 00000000 ____D () C:\Program Files (x86)\unissales
2015-01-31 09:05 - 2015-01-31 09:05 - 00000000 ____D () C:\ProgramData\13418973723728696083
2015-01-31 09:05 - 2015-01-31 09:05 - 00000000 ____D () C:\Program Files (x86)\uenisaalEs
2015-01-31 09:04 - 2015-01-31 09:04 - 00002508 _____ () C:\Users\XXXXX XXXXX\Desktop\kmspicofinal Download Manager.lnk
2015-01-31 09:04 - 2015-01-31 09:04 - 00000000 ____D () C:\ProgramData\hakphkngdipbpbhaokjpjfdbiipknffb
2015-01-31 09:03 - 2015-01-31 09:03 - 00000000 ____D () C:\ProgramData\{06467b43-d78a-a739-0646-67b43d78ed0f}
2015-01-31 08:59 - 2015-01-31 08:59 - 00003556 _____ () C:\Windows\System32\Tasks\avaxvyvax
2015-01-31 08:59 - 2015-01-31 08:59 - 00003206 _____ () C:\Windows\System32\Tasks\{186E3D0B-D440-49E7-8F64-7917C92B0863}
2015-01-31 08:59 - 2015-01-31 08:59 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\avaxvyvax
2015-01-31 08:58 - 2015-01-31 08:59 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\SearchProtect
2015-01-31 08:58 - 2015-01-31 08:59 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2015-01-31 08:57 - 2015-01-31 08:57 - 01191200 _____ () C:\Users\XXXXX XXXXX\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2015-01-31 08:54 - 2015-01-31 09:09 - 00000000 ____D () C:\ProgramData\MailUpdate
2015-01-31 08:54 - 2015-01-31 08:57 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\omiga-plus
2015-01-31 08:54 - 2015-01-31 08:54 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\MailUpdate
2015-01-31 08:53 - 2015-01-31 08:53 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\VOPackage
2015-01-31 08:53 - 2015-01-31 08:53 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2015-01-31 08:52 - 2015-01-31 08:52 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\Boost
2015-01-31 08:52 - 2015-01-31 08:52 - 00000000 ____D () C:\Program Files (x86)\Boost
2015-01-31 08:52 - 2014-12-14 10:53 - 00378640 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll
2015-01-31 08:52 - 2014-12-14 10:53 - 00332568 _____ (CartCrunch Israel Ltd.) C:\Windows\SysWOW64\ColorMedia.dll
2015-01-30 20:51 - 2015-01-30 20:51 - 00000600 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\winscp.rnd
2015-01-30 20:08 - 2015-01-30 20:08 - 00000000 ____D () C:\Users\Versuch\AppData\Roaming\PDF Architect
2015-01-30 20:08 - 2015-01-30 20:08 - 00000000 ____D () C:\Users\Versuch\AppData\Local\IsolatedStorage
2015-01-30 19:16 - 2015-01-30 19:17 - 00000000 ____D () C:\Users\Versuch\AppData\OICE_15_974FA576_32C1D314_2072
2015-01-27 21:08 - 2015-01-31 07:46 - 00005190 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Arbeitscomputer-XXXXX XXXXX Arbeitscomputer
2015-01-25 17:12 - 2015-01-25 17:12 - 00002086 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\UHTQPK
2015-01-25 17:12 - 2015-01-25 17:12 - 00002086 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\NWAUR
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\MLSC
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\FMLW
2015-01-20 06:34 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-20 06:34 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-20 06:34 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-20 06:34 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-20 06:34 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-20 06:34 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-20 06:34 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 08:06 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:06 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:06 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 08:06 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:06 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 08:06 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 05:55 - 2015-01-13 05:55 - 00009429 _____ () C:\Users\XXXXX XXXXX\AppData\Local\recently-used.xbel

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 10:15 - 2014-08-21 20:10 - 00000000 ____D () C:\FRST
2015-01-31 10:14 - 2011-11-13 21:43 - 01282583 _____ () C:\Windows\WindowsUpdate.log
2015-01-31 10:12 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-31 10:12 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-31 10:10 - 2014-08-06 10:55 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-31 10:10 - 2013-02-24 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-31 10:09 - 2013-02-24 19:39 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-31 10:08 - 2012-09-20 04:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-31 10:06 - 2014-11-16 12:18 - 00001295 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-31 10:06 - 2014-11-16 12:18 - 00001283 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-31 10:05 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-31 10:04 - 2014-06-20 13:07 - 00054766 _____ () C:\Windows\PFRO.log
2015-01-31 10:04 - 2014-06-18 08:20 - 00027517 _____ () C:\Windows\setupact.log
2015-01-31 09:44 - 2014-08-07 20:56 - 02931200 ___SH () C:\Users\XXXXX XXXXX\Desktop\Thumbs.db
2015-01-31 09:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-31 09:31 - 2011-11-20 15:41 - 00001609 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-31 09:30 - 2009-11-05 01:49 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-01-31 09:05 - 2012-08-14 18:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-31 07:56 - 2014-08-15 15:44 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\Adobe
2015-01-31 07:56 - 2012-04-02 19:28 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-31 07:56 - 2012-04-02 19:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-31 07:56 - 2011-11-15 21:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-30 19:03 - 2014-09-10 06:10 - 00000000 ____D () C:\Users\Versuch\AppData\Roaming\SimpleScreenshot
2015-01-27 20:12 - 2014-11-10 20:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 06:18 - 2014-11-16 12:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 07:21 - 2012-06-10 14:07 - 00000000 ____D () C:\Users\XXXXX XXXXX\Documents\Bewerbungen
2015-01-25 17:19 - 2011-11-14 06:34 - 00702664 _____ () C:\Windows\system32\perfh007.dat
2015-01-25 17:19 - 2011-11-14 06:34 - 00151424 _____ () C:\Windows\system32\perfc007.dat
2015-01-25 17:19 - 2009-07-14 06:13 - 01629998 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-23 21:11 - 2013-11-02 09:43 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\Skype
2015-01-20 14:50 - 2014-09-10 06:09 - 00000000 ____D () C:\Users\Versuch
2015-01-20 14:50 - 2013-05-22 21:33 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\RescueTime.com
2015-01-20 14:50 - 2012-03-30 17:57 - 00000000 ____D () C:\Users\XXXXX
2015-01-20 14:50 - 2011-12-01 21:23 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-01-20 14:50 - 2011-11-20 16:01 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\SimpleScreenshot
2015-01-20 14:50 - 2009-11-05 01:26 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-20 14:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-20 06:21 - 2011-11-13 22:46 - 00000000 ____D () C:\Users\XXXXX XXXXX
2015-01-18 20:07 - 2012-04-07 11:49 - 00000000 ____D () C:\Users\XXXXX XXXXX\Documents\Finanzen
2015-01-15 18:59 - 2013-07-13 08:36 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 18:46 - 2011-11-18 19:58 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 05:55 - 2014-06-15 19:34 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\gtk-2.0
2015-01-13 05:55 - 2012-08-29 10:11 - 00000000 ____D () C:\Users\XXXXX XXXXX\.gimp-2.8
2015-01-08 09:55 - 2011-11-15 21:40 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 18:47 - 2012-03-23 13:19 - 00000000 ____D () C:\Users\XXXXX XXXXX\Documents\Cellula
2015-01-03 15:28 - 2012-03-11 19:16 - 00000000 ____D () C:\Users\XXXXX XXXXX\Documents\ERGO
2015-01-03 10:51 - 2012-03-11 19:16 - 00000000 ____D () C:\Users\XXXXX XXXXX\Documents\SP
2015-01-03 08:31 - 2012-03-25 11:40 - 00000000 ____D () C:\Users\XXXXX XXXXX\Documents\Steuerfälle

==================== Files in the root of some directories =======

2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\FMLW
2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\MLSC
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\NWAUR
2014-06-28 07:10 - 2014-07-23 21:30 - 14159872 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\Sandra.mdb
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\UHTQPK
2015-01-30 20:51 - 2015-01-30 20:51 - 0000600 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\winscp.rnd
2012-04-20 18:28 - 2014-07-07 01:20 - 0006656 _____ () C:\Users\XXXXX XXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-22 21:07 - 2014-09-22 21:07 - 0001482 _____ () C:\Users\XXXXX XXXXX\AppData\Local\RecConfig.xml
2015-01-13 05:55 - 2015-01-13 05:55 - 0009429 _____ () C:\Users\XXXXX XXXXX\AppData\Local\recently-used.xbel
2013-08-12 21:15 - 2013-08-12 21:15 - 0007603 _____ () C:\Users\XXXXX XXXXX\AppData\Local\Resmon.ResmonCfg
2012-03-31 10:26 - 2012-03-31 10:26 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-11-13 22:53 - 2011-11-13 22:57 - 0008282 _____ () C:\ProgramData\ArcadeDeluxe3.log
2014-09-22 19:19 - 2014-10-06 19:45 - 0008737 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\XXXXX XXXXX\AppData\Local\Temp\a15d7.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\avgnt.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\bdbcabfccbhi.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\Booster-Web-Installer.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\KMSPico 9.2.4__7628_il125.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\OnlineBackup.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\Quarantine.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\SearchProtectINT.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\sfamcc00001.dll
C:\Users\XXXXX XXXXX\AppData\Local\Temp\SkypeSetup.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\SpOrder.dll
C:\Users\XXXXX XXXXX\AppData\Local\Temp\sqlite3.dll
C:\Users\XXXXX XXXXX\AppData\Local\Temp\vsdel.exe
C:\Users\Versuch\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-16 21:06

==================== End Of Log ============================

--- --- ---

magigstar · 31.01.2015, 10:24

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2015
Ran by XXXXX XXXXX at 2015-01-31 10:17:30
Running from C:\Users\XXXXX XXXXX\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.7112 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.0.7112 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.29 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.124.1120 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.124.1120 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3004 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.2009.1217 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3000 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.103 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}) (Version: 1.4.17.35005 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.4.17.35005 - Alcor Micro Corp.) Hidden
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
Alle meine Passworte 4.13 (HKLM\...\AllemeinePassworte) (Version:  - Mirko Böer)
Allway Sync version 12.16.9 (HKLM-x32\...\Allway Sync_is1) (Version:  - Botkind Inc)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1105 - Alps Electric)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{11F38253-8940-FFDA-D131-B14120C357E4}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avi2Dvd 0.6.4 (HKLM-x32\...\Avi2Dvd) (Version: 0.6.4 - TrustFm)
Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Backup Manager Basic (x32 Version: 2.0.0.29 - NewTech Infosystems) Hidden
BatteryCare 0.9.10.0 (HKLM-x32\...\{C6A6036D-FBD0-4324-BEAA-C0845257160C}_is1) (Version: 0.9.10.0 - Filipe Lourenço)
BitTorrent (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\BitTorrent) (Version: 7.9.2.31638 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Boost (HKLM-x32\...\Boost) (Version: 3.0.0.27 - Boost Shopping)
Booster-Web (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Booster-Web) (Version: 4 - ${CompanyName})
Broadcom Gigabit NetLink Controller (HKLM\...\{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}) (Version: 12.33.03 - Broadcom Corporation)
Canon MP160 Benutzerregistrierung (HKLM-x32\...\Canon MP160 Benutzerregistrierung) (Version:  - )
ccc-core-static (x32 Version: 2009.1209.2335.42329 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP)
Chandler 1.0.3 (HKLM-x32\...\Chandler) (Version: 1.0.3 - Open Source Applications Foundation)
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)
CinemaP-1.4cV31.01 (HKLM-x32\...\CinemaP-1.4cV31.01) (Version: 1.36.01.22 - Cinema PlusV31.01) <==== ATTENTION
ContentAdder (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{d65a1a66}) (Version:  - ContentAdder) <==== ATTENTION
CoreAAC Audio Decoder (remove only) (HKLM-x32\...\CoreAAC Audio Decoder) (Version:  - )
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
EinsteinBrainTrainer (remove only) (HKLM-x32\...\EinsteinBrainTrainer) (Version:  - )
Ekahau HeatMapper (HKLM\...\Heatmapper-1.1.4.39795) (Version: 1.1.4.39795 - Ekahau Inc.)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
EZDownloader (HKLM-x32\...\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1) (Version: 1.0 - EZDownloader) <==== ATTENTION
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
ffdshow [rev 3299] [2010-03-03] (HKLM-x32\...\ffdshow_is1) (Version: 1.0.0.3299 - )
Fiat eco:Drive (HKLM-x32\...\com.fiat.convergence.385E4263E7379A5D22A7076E99B02868EFF10711.1) (Version: 2.0.2 - Fiat Group Automobiles)
Fiat eco:Drive (x32 Version: 2.0.2 - Fiat Group Automobiles) Hidden
First Class Flurry (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}) (Version:  - Oberon Media)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.105.325 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.3.321 - Foxit Corporation)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free DVD Video Burner version 3.0.4.426 (HKLM-x32\...\Free DVD Video Burner_is1) (Version:  - DVDVideoSoft Limited.)
Free System Utilities (HKLM-x32\...\{ad2818b3-1616-4ec8-855d-be6936103e5a}) (Version: 1.1.0.70 - Covus Freemium GmbH)
Free SystemUtilities (x32 Version: 1.1.0.70 - Covus Freemium GmbH) Hidden
Free YouTube Download version 3.1.37.918 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.37.918 - DVDVideoSoft Ltd.)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0_RC_10 - )
FRITZ!Box-Fernzugang einrichten (HKLM-x32\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
FrostWire 5.3.5 (HKLM-x32\...\FrostWire 5) (Version: 5.3.5.0 - FrostWire Team)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Hearthstone Stream Browser (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version:  - ) <==== ATTENTION
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photosmart 5520 series - Grundlegende Software für das Gerät (HKLM\...\{4F396B08-301D-4E53-A372-95A7E93ABD04}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.007 - HTC Corporation)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
iWebar (HKLM-x32\...\iWebar) (Version: 1.36.01.22 - Webby) <==== ATTENTION
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Join Air (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - ZTE Corporation)
Kassenbuch (HKLM-x32\...\{29531C6B-7B64-4C53-B54A-6C8AB5DE2159}) (Version: 1.0.0 - Office Consult GmbH)
K-Lite Codec Pack 9.2.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.2.0 - )
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.05 - Acer Inc.)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MediaHuman YouTube to MP3 Converter Version 3.3 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.3 - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 (KB971118) (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971118)) (Version:  - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 Language Pack - DEU (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 Language Pack - DEU) (Version:  - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
moters (HKLM-x32\...\{c8730ca5-3f82-41cc-65e2-01b87600cd89}) (Version: 1.0.0 - ningsup) <==== ATTENTION!
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MPC-HC 1.7.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyBestOffersToday 014.481 (HKLM-x32\...\mbot_de_481_is1) (Version:  - MYBESTOFFERSTODAY) <==== ATTENTION
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.0.1 - Vitalwerks Internet Solutions LLC)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6623 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6623 - NewTech Infosystems) Hidden
O&O Defrag Free Edition (HKLM\...\{C10CAF82-9D36-4D9A-9DC0-C4549F06B519}) (Version: 14.1.431 - O&O Software GmbH)
Object Browser (HKLM-x32\...\Object Browser) (Version: 1.36.01.22 - ObjectB)
omiga-plus uninstall (HKLM-x32\...\omiga-plus uninstall) (Version:  - omiga-plus) <==== ATTENTION
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF24 Creator 6.8.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
pomodairo (HKLM-x32\...\{EEBEA077-AB92-5083-ECB1-C15BD842D00B}) (Version: 1.9 - UNKNOWN)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Random Dresser (HKLM-x32\...\RandomDresser) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
RescueTime 2.2.1 (HKLM-x32\...\{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1) (Version:  - RescueTime.com)
Restorer2000 3.3 (HKLM-x32\...\Restorer2000_is1) (Version: 3.3 - Bitmart Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Search Module Plus (HKLM-x32\...\Search Module Plus) (Version:  - Goobzo)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.20.1.20 - Client Connect LTD) <==== ATTENTION
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shopper-Pro (HKLM-x32\...\ShopperPro) (Version:  - ) <==== ATTENTION
Shutdown Manager (HKLM-x32\...\{C457BA5F-35F9-480C-90F8-5C91DB443A15}_is1) (Version: 2.0.7 - Daniel Höllig)
SimpleScreenshot 1.40 (HKLM-x32\...\SimpleScreenshot) (Version:  - )
SiSoftware Sandra Lite 2014.SP2a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 20.35.2014.6 - SiSoftware)
SIW version 2011.10.29 (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.10.29 - Topala Software Solutions)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Steganos Safe 14 (HKLM-x32\...\{13B7FBFB-622E-4002-8570-594798E6167D}) (Version: 14.2.2 - Steganos Software GmbH)
Steuer-Spar-Erklärung 2008 (HKLM-x32\...\{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}) (Version: 13.02.0000 - Akademische Arbeitsgemeinschaft)
Steuer-Spar-Erklärung 2009 (HKLM-x32\...\{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}) (Version: 14.01.0000 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2010 (HKLM-x32\...\{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}) (Version: 15.15 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2011 (HKLM-x32\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.18 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.14 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.12.92 - Akademische Arbeitsgemeinschaft)
StormWatch (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\StormWatch) (Version: 1.0.1.41 - StormWatch) <==== ATTENTION!
Streamripper (Remove only) (HKLM-x32\...\Streamripper) (Version:  - )
Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten (HKLM\...\{CAD7B6DD-9C82-4D17-BAE8-3E9AE4971B90}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
TabNav (HKLM-x32\...\TabNav) (Version: 3.0.0.2 - TabNav) <==== ATTENTION!
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
Time Stamp (HKLM-x32\...\Time Stamp_is1) (Version:  - 3.23.2010-0313)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.0.0 - TP-LINK)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
Tunatic (HKLM-x32\...\Tunatic) (Version:  - )
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
unissales (HKLM-x32\...\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}) (Version:  - ) <==== ATTENTION
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
winengine (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\winengine) (Version: 20.020 - Ad business Crown Solutions)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinPatrol (HKLM\...\{6E575124-6D34-4E65-9375-7D69468A6089}) (Version: 30.9 - BillP Studios)
WinRAR 5.10 Beta 4 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )
youtubeadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version:  - ) <==== ATTENTION
YTDownloader (HKLM-x32\...\YTDownloader) (Version:  - YTDownloader) <==== ATTENTION!
Zuzahlungsrechner (HKLM-x32\...\{B2C69E77-F209-4B63-8676-4F32B27E162B}) (Version: 3.6.0 - sfr-software-fuers-heim)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1242904208-471078349-2963378918-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\XXXXX XXXXX\AppData\Roaming\moters\supna.dll () <==== ATTENTION

==================== Restore Points  =========================

06-01-2015 11:10:26 Windows Update
10-01-2015 10:19:09 Windows Update
14-01-2015 08:05:58 Windows Update
15-01-2015 18:45:05 Windows Update
16-01-2015 05:01:13 Windows Modules Installer
20-01-2015 06:35:31 Windows Update
21-01-2015 00:02:16 Windows Update
27-01-2015 20:19:44 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-08-24 12:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0CAEEB6B-A216-4E04-9EA6-AC310639FD8D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {0E16AE93-AC32-4015-9120-BB0947F3E1AF} - System32\Tasks\MLSC => C:\Users\XXXXX XXXXX\AppData\Roaming\MLSC.exe <==== ATTENTION
Task: {13DABB31-ABBE-4704-8EDF-E28147F8962C} - System32\Tasks\SMWPUpd => C:\Program Files\Common Files\Goobzo\GBUpdatePlus\updater.exe [2015-01-31] () <==== ATTENTION
Task: {144A03FD-FC9F-49A8-A7E3-BB07F9380723} - System32\Tasks\04c81119-30a3-4168-b759-0865e99d237c-5_user => C:\Program Files (x86)\iWebar\04c81119-30a3-4168-b759-0865e99d237c-5.exe <==== ATTENTION
Task: {17F1A5E3-5D16-4A3A-8BF7-0800CEE2274E} - System32\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-7 => C:\Program Files (x86)\CinemaP-1.4cV31.01\beddc3a5-14c1-4be6-a132-5174f13a7c15-7.exe <==== ATTENTION
Task: {2168CB8A-75B9-4655-9C7A-313DA3E38456} - System32\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-1-6 => C:\Program Files (x86)\Object Browser\b64080d3-a27b-4f56-bf65-9831b019eee8-1-6.exe <==== ATTENTION
Task: {23CEA58C-8E99-49B6-96E0-E0033F148659} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {26DA7882-781D-4FC9-B1A5-5F5B1F7227FE} - System32\Tasks\{6A246FB0-E753-4188-9543-22389AB30F4E} => pcalua.exe -a "C:\Users\XXXXX XXXXX\Downloads\Chandler_win_1.0.3.exe" -d "C:\Users\XXXXX XXXXX\Downloads"
Task: {2E7ABA78-BCEF-4BB2-B110-E0409758EA99} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe <==== ATTENTION
Task: {2F491965-426D-4740-BA34-9AC1AFB8DDE2} - System32\Tasks\UHTQPK => C:\Users\XXXXX XXXXX\AppData\Roaming\UHTQPK.exe <==== ATTENTION
Task: {331D0C36-5AAC-434D-A64B-8F53AF5F083F} - System32\Tasks\zupa3002 => C:\Program Files (x86)\TabNav\zupa3002.exe [2015-01-30] ()
Task: {38C51694-B081-4739-8E17-069D4A49D4D4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {39797397-C71C-40BC-9DE2-FD0F77C1DA64} - System32\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-5_user => C:\Program Files (x86)\CinemaP-1.4cV31.01\beddc3a5-14c1-4be6-a132-5174f13a7c15-5.exe <==== ATTENTION
Task: {47C46238-A6C4-4C4B-BE85-E6E1425608CB} - System32\Tasks\{144D2C4F-2583-452B-AC74-C64839CF03CC} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller" -c -hunter
Task: {4A6023EB-BA8A-4CF4-9D12-B0425099B62E} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
Task: {4B929ACB-8D6F-4880-8272-67EB7654CC75} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smp.exe [2014-07-09] () <==== ATTENTION
Task: {54FC1534-AF21-4D6E-A4A2-5CE86F693F77} - System32\Tasks\04c81119-30a3-4168-b759-0865e99d237c-6 => C:\Program Files (x86)\iWebar\04c81119-30a3-4168-b759-0865e99d237c-6.exe <==== ATTENTION
Task: {58D2E398-84ED-427D-BCE0-FD6C8CE73719} - System32\Tasks\04c81119-30a3-4168-b759-0865e99d237c-4 => C:\Program Files (x86)\iWebar\04c81119-30a3-4168-b759-0865e99d237c-4.exe <==== ATTENTION
Task: {5A42985A-DC32-4FE1-8210-CA09F67316FC} - System32\Tasks\HPCustPartic.exe_{96420065-3C4E-4B3E-96DB-DB0760F51DDD} => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {5B5D6CC7-9FA7-4441-9A09-8A3C4EA669FD} - System32\Tasks\{9B880EC1-DC3B-45D7-A7BB-4E131A7A884F} => pcalua.exe -a "C:\Users\XXXXX XXXXX\Downloads\esetsmartinstaller_enu.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {5B6FF105-34F9-4615-8B13-1F2568F3156B} - System32\Tasks\ShopperProJSUpd => C:\Program Files (x86)\ShopperPro\updater.exe <==== ATTENTION
Task: {5E1E681C-C0F1-4E87-8C95-38A011634E9C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5EDF2573-D82F-4F74-B6D1-AE4A427F0D95} - System32\Tasks\SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1361.0.0.0\jsdrv.exe <==== ATTENTION
Task: {610F7813-47C6-4CA8-8076-CA995D4E32DC} - System32\Tasks\amiupdaterExi => C:\Users\DANIEL~1\AppData\Local\Temp\amiupdater942.exe <==== ATTENTION
Task: {658A7160-D5FE-40D6-8358-5AC71CDD5600} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Arbeitscomputer-XXXXX XXXXX Arbeitscomputer => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: {739C86AB-D488-4894-A94A-E1C873D935C4} - System32\Tasks\{239C0599-E784-4910-B228-5D5AB8D346A6} => pcalua.exe -a "C:\Users\XXXXX XXXXX\Downloads\HiJackThis204.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {773149FF-2A04-41E8-AEF1-735F0738EC51} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {792B72B2-C51B-4379-B2AA-007529DB50F0} - System32\Tasks\{8D77E667-A31C-4EB4-B209-1E559B732CBC} => pcalua.exe -a "C:\Program Files (x86)\Canon\IJEREG\MP160\UNINST.EXE"
Task: {79995E4D-7C32-4800-8797-6893DD64333B} - System32\Tasks\{186E3D0B-D440-49E7-8F64-7917C92B0863} => pcalua.exe -a "C:\Users\XXXXX XXXXX\AppData\Roaming\omiga-plus\UninstallManager.exe" -c -ptid=obw <==== ATTENTION
Task: {7AEAE564-35D2-434E-8BC2-12BF5BC672DE} - System32\Tasks\HPCustParticipation HP Deskjet 3070 B611 series => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {7D1191F0-1BD9-4237-AF9D-126E1D8D114C} - System32\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-6 => C:\Program Files (x86)\CinemaP-1.4cV31.01\beddc3a5-14c1-4be6-a132-5174f13a7c15-6.exe <==== ATTENTION
Task: {7EED0456-B087-4708-8496-6474B917CECB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {80334391-EA16-43DB-A5A5-7A265F76DFB7} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {8711E45B-02BC-4D37-9B3C-575379E12E30} - System32\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-7 => C:\Program Files (x86)\Object Browser\b64080d3-a27b-4f56-bf65-9831b019eee8-7.exe <==== ATTENTION
Task: {898A776F-4C75-419B-8A79-921940A3FC6C} - System32\Tasks\amiupdaterExd => cmd.exe /c start /min bitsadmin /transfer amijob /download /priority high http://d17xr4aw9ok0me.cloudfront.net/Updater.exe "C:\Users\DANIEL~1\AppData\Local\Temp\amiupdater942.exe"
Task: {8A7B2FE2-33B2-41C1-BEB0-7E26EE1FF684} - System32\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-1-6 => C:\Program Files (x86)\CinemaP-1.4cV31.01\beddc3a5-14c1-4be6-a132-5174f13a7c15-1-6.exe <==== ATTENTION
Task: {92533B9B-37E7-4E54-B7DE-F8B0B255CFEE} - System32\Tasks\{4781B96F-C3F4-45CF-AB6F-C64C9AD3E88D} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{319D91C6-3D44-436C-9F79-36C0D22372DC}\setup.exe" -d "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK" -c -runfromtemp -removeonly
Task: {98287A7A-28BD-4B30-B27C-ADDB220DF384} - System32\Tasks\04c81119-30a3-4168-b759-0865e99d237c-7 => C:\Program Files (x86)\iWebar\04c81119-30a3-4168-b759-0865e99d237c-7.exe <==== ATTENTION
Task: {9C395D30-C0E5-4B3A-A232-E38DA71A3827} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A1D835EF-9220-45A2-811E-2CA5B38166BF} - System32\Tasks\hpUrlLauncher.exe_{4AF7A75F-FDE8-41B8-80D9-5C3EBC32D019} => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\utils\hpUrlLauncher.exe
Task: {A8889BDD-EEA6-44D8-85E8-4A53B4C6FFC7} - System32\Tasks\avaxvyvax => C:\Users\XXXXX XXXXX\AppData\Local\avaxvyvax\avaxvyvax.exe [2015-01-20] ()
Task: {B7A342C6-6ABF-492E-9250-2C92CB583846} - System32\Tasks\{A2A68590-5CAE-4C98-8B98-D18CC5E4C073} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{3DB0448D-AD82-4923-B305-D001E521A964}\setup.exe" -c -runfromtemp -l0x407 -removeonly
Task: {B99335C8-3858-4912-916A-9AC2D8DFC005} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {BA5A1A7D-3276-4F1A-A78A-7FACC76C27A5} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {BBBF9E37-C1CD-4CF0-A783-CE021D6D2928} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {C1ACE4A8-19C0-45F4-9D33-A8411D825BF4} - System32\Tasks\NWAUR => C:\Users\XXXXX XXXXX\AppData\Roaming\NWAUR.exe <==== ATTENTION
Task: {C3A9171A-C2B0-4DD2-90FB-60F5166A5C06} - System32\Tasks\sondhschedule => C:\Users\XXXXX
Task: {C4D8DBDC-0684-4CD1-8370-6636F2A8C92D} - System32\Tasks\FMLW => C:\Users\XXXXX XXXXX\AppData\Roaming\FMLW.exe <==== ATTENTION
Task: {CAE649E2-C9AA-486B-8095-9F6E9D5B6007} - System32\Tasks\04c81119-30a3-4168-b759-0865e99d237c-1-7 => C:\Program Files (x86)\iWebar\04c81119-30a3-4168-b759-0865e99d237c-1-7.exe <==== ATTENTION
Task: {CDB52F14-D764-4638-997C-335E4F8D665E} - System32\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-5 => C:\Program Files (x86)\Object Browser\b64080d3-a27b-4f56-bf65-9831b019eee8-5.exe <==== ATTENTION
Task: {CE1FA602-4C6A-4185-89FF-E9C110D03F26} - System32\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-6 => C:\Program Files (x86)\Object Browser\b64080d3-a27b-4f56-bf65-9831b019eee8-6.exe <==== ATTENTION
Task: {CE5325CF-BB63-4751-AB56-BD427BEAA0D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-31] (Adobe Systems Incorporated)
Task: {D2F99B1D-9988-4D9E-A02E-163DF0B4BA4B} - System32\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-1-7 => C:\Program Files (x86)\Object Browser\b64080d3-a27b-4f56-bf65-9831b019eee8-1-7.exe <==== ATTENTION
Task: {D52B51BB-D081-4545-926A-14AF1CCED3BB} - System32\Tasks\04c81119-30a3-4168-b759-0865e99d237c-5 => C:\Program Files (x86)\iWebar\04c81119-30a3-4168-b759-0865e99d237c-5.exe <==== ATTENTION
Task: {D8BC15BF-E6F5-4406-95E2-4C359424AE7D} - System32\Tasks\SMW_UpdateTask_Time_333035393833303830392d5a556c6c4a5a575750414134 => Wscript.exe //B "C:\ProgramData\SearchModulePlus\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {DA50F050-8700-4A90-9184-FBA2F85ECA89} - System32\Tasks\Inst_Rep => C:\Users\XXXXX XXXXX\AppData\Local\Installer\Install_24189\DCytdieamo_amodc_setup.exe [2015-01-31] ()
Task: {E36CA599-B047-467B-99AF-5E380AFECE05} - System32\Tasks\{AC797CD7-B058-4AC8-84B2-B2307D6AFF9B} => C:\Program Files (x86)\Chandler1.0.3\chandler.exe
Task: {E52EF634-E971-4BC9-BD01-F4B71F2334FA} - System32\Tasks\04c81119-30a3-4168-b759-0865e99d237c-1-6 => C:\Program Files (x86)\iWebar\04c81119-30a3-4168-b759-0865e99d237c-1-6.exe <==== ATTENTION
Task: {E601D56A-E52D-4DEE-ACB4-7047712F00F9} - System32\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-4 => C:\Program Files (x86)\Object Browser\b64080d3-a27b-4f56-bf65-9831b019eee8-4.exe <==== ATTENTION
Task: {E70D6D91-7B6D-4F46-94B5-F7C18A92EE6F} - System32\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-1-7 => C:\Program Files (x86)\CinemaP-1.4cV31.01\beddc3a5-14c1-4be6-a132-5174f13a7c15-1-7.exe <==== ATTENTION
Task: {E85DBE85-E344-4E48-A05A-ACF97445121F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {E9A74425-992C-4024-A0F4-03BCF765A15D} - System32\Tasks\SPBIW_UpdateTask_Time_333035393833303830392d5a556c6c4a5a575750414134 => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {EE3DF0F4-E213-4E3E-AC3A-25D5F123BC42} - System32\Tasks\ShopperPro => C:\Program Files (x86)\ShopperPro\ShopperPro.exe <==== ATTENTION
Task: {F30712C0-5F79-4616-BFEE-8D27E1822469} - System32\Tasks\{581487AC-8AAF-40E1-A997-6B8519F0C5EC} => C:\Program Files (x86)\Chandler1.0.3\chandler.exe
Task: {F37499B6-D498-4624-87BF-F4121D73A4C5} - System32\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-5 => C:\Program Files (x86)\CinemaP-1.4cV31.01\beddc3a5-14c1-4be6-a132-5174f13a7c15-5.exe <==== ATTENTION
Task: {F45DE156-6655-484B-92CA-821464209F45} - System32\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-5_user => C:\Program Files (x86)\Object Browser\b64080d3-a27b-4f56-bf65-9831b019eee8-5.exe <==== ATTENTION
Task: {FC0397BA-8222-41E7-836D-453BA55E74DB} - System32\Tasks\{2E665153-C229-4C02-9699-2F4EF08B1807} => pcalua.exe -a C:\Users\DANIEL~1\AppData\Local\Temp\InstallFlashPlayer.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {FD0D7EA4-7A6F-420A-897E-F08E216CFB67} - System32\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-4 => C:\Program Files (x86)\CinemaP-1.4cV31.01\beddc3a5-14c1-4be6-a132-5174f13a7c15-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\04c81119-30a3-4168-b759-0865e99d237c-1-6.job => C:\Program Files (x86)\iWebar\04c81119-30a3-4168-b759-0865e99d237c-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\04c81119-30a3-4168-b759-0865e99d237c-1-7.job => C:\Program Files (x86)\iWebar\04c81119-30a3-4168-b759-0865e99d237c-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\04c81119-30a3-4168-b759-0865e99d237c-4.job => C:\Program Files (x86)\iWebar\04c81119-30a3-4168-b759-0865e99d237c-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\04c81119-30a3-4168-b759-0865e99d237c-5.job => C:\Program Files (x86)\iWebar\04c81119-30a3-4168-b759-0865e99d237c-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\04c81119-30a3-4168-b759-0865e99d237c-5_user.job => C:\Program Files (x86)\iWebar\04c81119-30a3-4168-b759-0865e99d237c-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\04c81119-30a3-4168-b759-0865e99d237c-6.job => C:\Program Files (x86)\iWebar\04c81119-30a3-4168-b759-0865e99d237c-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\04c81119-30a3-4168-b759-0865e99d237c-7.job => C:\Program Files (x86)\iWebar\04c81119-30a3-4168-b759-0865e99d237c-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-1-6.job => C:\Program Files (x86)\Object Browser\b64080d3-a27b-4f56-bf65-9831b019eee8-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-1-7.job => C:\Program Files (x86)\Object Browser\b64080d3-a27b-4f56-bf65-9831b019eee8-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-4.job => C:\Program Files (x86)\Object Browser\b64080d3-a27b-4f56-bf65-9831b019eee8-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-5.job => C:\Program Files (x86)\Object Browser\b64080d3-a27b-4f56-bf65-9831b019eee8-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-5_user.job => C:\Program Files (x86)\Object Browser\b64080d3-a27b-4f56-bf65-9831b019eee8-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-6.job => C:\Program Files (x86)\Object Browser\b64080d3-a27b-4f56-bf65-9831b019eee8-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-7.job => C:\Program Files (x86)\Object Browser\b64080d3-a27b-4f56-bf65-9831b019eee8-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-1-6.job => C:\Program Files (x86)\CinemaP-1.4cV31.01\beddc3a5-14c1-4be6-a132-5174f13a7c15-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-1-7.job => C:\Program Files (x86)\CinemaP-1.4cV31.01\beddc3a5-14c1-4be6-a132-5174f13a7c15-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-4.job => C:\Program Files (x86)\CinemaP-1.4cV31.01\beddc3a5-14c1-4be6-a132-5174f13a7c15-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-5.job => C:\Program Files (x86)\CinemaP-1.4cV31.01\beddc3a5-14c1-4be6-a132-5174f13a7c15-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-5_user.job => C:\Program Files (x86)\CinemaP-1.4cV31.01\beddc3a5-14c1-4be6-a132-5174f13a7c15-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-6.job => C:\Program Files (x86)\CinemaP-1.4cV31.01\beddc3a5-14c1-4be6-a132-5174f13a7c15-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-7.job => C:\Program Files (x86)\CinemaP-1.4cV31.01\beddc3a5-14c1-4be6-a132-5174f13a7c15-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\FMLW.job => C:\Users\XXXXX XXXXX\AppData\Roaming\FMLW.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MLSC.job => C:\Users\XXXXX XXXXX\AppData\Roaming\MLSC.exe <==== ATTENTION
Task: C:\Windows\Tasks\NWAUR.job => C:\Users\XXXXX XXXXX\AppData\Roaming\NWAUR.exe <==== ATTENTION
Task: C:\Windows\Tasks\UHTQPK.job => C:\Users\XXXXX XXXXX\AppData\Roaming\UHTQPK.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2007-10-04 14:32 - 2007-10-04 14:32 - 00122880 _____ () C:\Program Files (x86)\Common Files\AAV\aavus.exe
2014-10-07 21:27 - 2014-10-07 21:27 - 00139264 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\moters\supna.dll
2011-01-13 09:04 - 2011-01-13 09:04 - 00030080 _____ () C:\Windows\snuvcdsm.exe
2011-11-13 22:52 - 2011-11-13 22:51 - 00200704 _____ () C:\Windows\PLFSetI.exe
2014-12-12 13:34 - 2014-12-12 13:34 - 00511416 _____ () C:\Users\XXXXX XXXXX\AppData\Local\winengine\rkr1.exe
2009-07-29 13:10 - 2009-07-29 13:10 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-11-13 21:44 - 2011-11-13 21:44 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-01-07 15:35 - 2015-01-07 15:35 - 01605632 _____ () C:\Program Files\Common Files\ShopperPro\spbici64.dll
2015-01-31 08:06 - 2015-01-31 08:06 - 00586752 _____ () C:\Program Files\Common Files\Goobzo\GBUpdatePlus\SCHelper.exe
2014-12-28 14:38 - 2014-04-22 19:39 - 00645592 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2014-11-16 12:20 - 2015-01-27 06:18 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-10-07 21:27 - 2014-10-07 21:27 - 00117760 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\moters\mentste.dll
2015-01-31 07:56 - 2015-01-31 07:56 - 16844976 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll
2015-01-07 15:34 - 2015-01-07 15:34 - 01270272 _____ () C:\Program Files\Common Files\ShopperPro\spbici32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BotkindSyncService => 2
MSCONFIG\Services: FoxitCloudUpdateService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NoIPDUCService4 => 2
MSCONFIG\Services: NTI IScheduleSvc => 2
MSCONFIG\Services: NTIBackupSvc => 3
MSCONFIG\Services: NTISchedulerSvc => 2
MSCONFIG\Services: OODefragAgent => 2
MSCONFIG\Services: PassThru Service => 2
MSCONFIG\Services: PDF Architect Helper Service => 2
MSCONFIG\Services: PDF Architect Service => 2
MSCONFIG\Services: SandraAgentSrv => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\Services: TomTomHOMEService => 2
MSCONFIG\Services: Updater Service => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart

========================= Accounts: ==========================

Administrator (S-1-5-21-1242904208-471078349-2963378918-500 - Administrator - Disabled)
XXXXX XXXXX (S-1-5-21-1242904208-471078349-2963378918-1000 - Administrator - Enabled) => C:\Users\XXXXX XXXXX
XXXXX (S-1-5-21-1242904208-471078349-2963378918-1003 - Limited - Enabled) => C:\Users\XXXXX
Gast (S-1-5-21-1242904208-471078349-2963378918-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1242904208-471078349-2963378918-1002 - Limited - Enabled)
Versuch (S-1-5-21-1242904208-471078349-2963378918-1004 - Administrator - Enabled) => C:\Users\Versuch

==================== Faulty Device Manager Devices =============

Name: SPDRIVER_1361.0.0.0
Description: SPDRIVER_1361.0.0.0
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SPDRIVER_1361.0.0.0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/31/2015 10:13:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm avscan.exe, Version 14.0.7.462 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1a3c

Startzeit: 01d03d35b866e4ff

Endzeit: 60000

Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe

Berichts-ID: 4d767bbd-a929-11e4-861f-00262d8cabd9

Error: (01/31/2015 10:00:53 AM) (Source: VSS) (EventID: 12298) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die E/A-Schreibvorgänge können während des Schattenkopie-Erstellungszeitraums auf Volume "C:\" nicht gespeichert werden.
Der Volumeindex im Schattenkopiesatz ist 0. Fehlerdetails: Offen[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Leerung[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Freigabe[0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
], Ausführung[0x00000000, Der Vorgang wurde erfolgreich beendet.
].


Vorgang:
   Asynchroner Vorgang wird ausgeführt

Kontext:
   Aktueller Status: DoSnapshotSet

Error: (01/31/2015 10:00:53 AM) (Source: VSS) (EventID: 12310) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die Schattenkopie kann nicht zugesichert werden - Vorgang hat das Zeitlimit überschritten.
Fehlerkontext: DeviceIoControl(\\?\Volume{b305a80e-0e37-11e1-862a-806e6f6e6963} - 0000000000000130,0x0053c010,0000000000351280,0,0000000000350270,4096,[0]).


Vorgang:
   Schattenkopien werden übertragen

Kontext:
   Ausführungskontext: System Provider

Error: (01/31/2015 09:34:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1bbc
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (01/31/2015 09:33:12 AM) (Source: MsiInstaller) (EventID: 11309) (User: Arbeitscomputer)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.

Error: (01/31/2015 09:33:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1d98
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (01/31/2015 09:30:25 AM) (Source: MsiInstaller) (EventID: 11309) (User: Arbeitscomputer)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.

Error: (01/31/2015 09:30:14 AM) (Source: MsiInstaller) (EventID: 11309) (User: Arbeitscomputer)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.

Error: (01/31/2015 09:28:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x15b0
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (01/31/2015 09:19:01 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Application: winword.exe; IdentityType: LiveId; HasToken: 0; AutoOrgId: 0; Roaming: 0; SessionLicensing: 0; LvuxSqm: 0; SppReady: 1; CurrentHr: 0x803d0013; CorrelationId: {A951B0F1-6DF7-42DD-B981-353AC6AB9025}; OlsErrorCode: 0x9; AllProductReleaseIds (from store):


System errors:
=============
Error: (01/31/2015 10:05:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "YTDUpdt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/31/2015 10:05:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SPDRIVER_1361.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (01/31/2015 09:45:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "TampaGeneration" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/31/2015 07:25:12 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (01/30/2015 07:48:03 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (01/30/2015 07:48:02 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (01/30/2015 07:48:00 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (01/30/2015 07:37:18 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (01/30/2015 07:37:16 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (01/30/2015 07:37:16 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.


Microsoft Office Sessions:
=========================
Error: (01/31/2015 10:13:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: avscan.exe14.0.7.4621a3c01d03d35b866e4ff60000C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe4d767bbd-a929-11e4-861f-00262d8cabd9

Error: (01/31/2015 10:00:53 AM) (Source: VSS) (EventID: 12298) (User: )
Description: C:\00x00000000, Der Vorgang wurde erfolgreich beendet.
0x00000000, Der Vorgang wurde erfolgreich beendet.
0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
0x00000000, Der Vorgang wurde erfolgreich beendet.


Vorgang:
   Asynchroner Vorgang wird ausgeführt

Kontext:
   Aktueller Status: DoSnapshotSet

Error: (01/31/2015 10:00:53 AM) (Source: VSS) (EventID: 12310) (User: )
Description: DeviceIoControl(\\?\Volume{b305a80e-0e37-11e1-862a-806e6f6e6963} - 0000000000000130,0x0053c010,0000000000351280,0,0000000000350270,4096,[0])

Vorgang:
   Schattenkopien werden übertragen

Kontext:
   Ausführungskontext: System Provider

Error: (01/31/2015 09:34:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f22480000003000014251bbc01d03d30912634f2C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlle954ef38-a923-11e4-998e-00262d8cabd9

Error: (01/31/2015 09:33:12 AM) (Source: MsiInstaller) (EventID: 11309) (User: Arbeitscomputer)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/31/2015 09:33:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f22480000003000014251d9801d03d3084eb88dbC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllc79b79ce-a923-11e4-998e-00262d8cabd9

Error: (01/31/2015 09:30:25 AM) (Source: MsiInstaller) (EventID: 11309) (User: Arbeitscomputer)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/31/2015 09:30:14 AM) (Source: MsiInstaller) (EventID: 11309) (User: Arbeitscomputer)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/31/2015 09:28:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f224800000030000142515b001d03d2fc43724d0C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll31a9c0e0-a923-11e4-998e-00262d8cabd9

Error: (01/31/2015 09:19:01 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Application: winword.exe; IdentityType: LiveId; HasToken: 0; AutoOrgId: 0; Roaming: 0; SessionLicensing: 0; LvuxSqm: 0; SppReady: 1; CurrentHr: 0x803d0013; CorrelationId: {A951B0F1-6DF7-42DD-B981-353AC6AB9025}; OlsErrorCode: 0x9; AllProductReleaseIds (from store):


CodeIntegrity Errors:
===================================
  Date: 2014-08-24 13:21:32.971
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.769
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.550
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.332
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:01.069
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\DANIEL~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:00.711
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\DANIEL~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:00.330
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:00.010
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-01 15:18:48.633
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-01 15:18:48.446
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 61%
Total physical RAM: 3956.5 MB
Available physical RAM: 1503.61 MB
Total Pagefile: 7911.18 MB
Available Pagefile: 4694.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:290.05 GB) (Free:100.44 GB) NTFS
Drive d: (DATA) (Fixed) (Total:290.4 GB) (Free:285.17 GB) NTFS
Drive f: (INTENSO) (Removable) (Total:14.44 GB) (Free:14.44 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 6D48B855)
Partition 1: (Not Active) - (Size=15.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=290.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=290.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.5 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.

==================== End Of Log ============================

Oh man, gibts da viele "Attention"...

Bootsektor · 31.01.2015, 15:38

Hallo,

ja, da ist ziemlich viel drauf, was da nicht hinsollte.

Schritt 1
Bitte deinstalliere folgende Programme (falls vorhanden) :

Java 7 Update 67
CinemaP-1.4cV31.01
ContentAdder
EZDownloader
Hearthstone Stream Browser
iWebar
moters
MyBestOffersToday 014.481
Object Browser
omiga-plus uninstall
Remote Desktop Access
Search Protect
Search Module Plus
Shopper-Pro
StormWatch
TabNav
unissales
winengine
youtubeadblocker
YTDownloader
Dazu gehe auf:
den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Programm auswählen --> entfernen

Falls du ein Programm nicht deinstallieren kannst, benutze bitte den Revo-Uninstaller dafür
Schritt 2
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3
Starte noch einmal FRST.

Setze den Haken bei addition.txt und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop (oder in dem Verzeichnis in dem FRST liegt) gespeichert.
Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.

magigstar · 31.01.2015, 17:56

Ok,

habe einige Programme mit der Suchhilfe von "Programme deinstallieren" gefunden, ich dacchte, damit würde es schneller gehen.

AdwCleaner habe ich schon vorher laufen lassen...

Code:

ATTFilter

# AdwCleaner v4.109 - Bericht erstellt am 31/01/2015 um 15:04:28
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : XXXXX XXXX - ARBEITSCOMPUTER
# Gestartet von : C:\Users\XXXXX XXXX\Desktop\AdwCleaner_4.109.exe
# Option : Suchen

***** [ Dienste ] *****

Dienst Gefunden : CltMngSvc
Dienst Gefunden : globalUpdatem
Dienst Gefunden : SMUpdd
Dienst Gefunden : SPBIUpd
Dienst Gefunden : SPBIUpdd
Dienst Gefunden : SPPD
Dienst Gefunden : SWUpdater
Dienst Gefunden : YahooAUService
Dienst Gefunden : InjectorService
Dienst Gefunden : abengine
Dienst Gefunden : YTDUpdt

***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\END
Datei Gefunden : C:\Users\XXXXX XXXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gefunden : C:\Users\XXXXX XXXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gefunden : C:\Users\XXXXX XXXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
Datei Gefunden : C:\Users\XXXXX XXXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
Datei Gefunden : C:\Users\XXXXX XXXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage
Datei Gefunden : C:\Users\XXXXX XXXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal
Datei Gefunden : C:\Users\XXXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\boost@boost.net.xpi
Datei Gefunden : C:\Users\XXXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\searchplugins\omiga-plus.xml
Datei Gefunden : C:\Users\XXXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\searchplugins\WebSearch.xml
Datei Gefunden : C:\Users\Public\Desktop\EZDownloader.lnk
Datei Gefunden : C:\Windows\System32\abengine64.dll
Datei Gefunden : C:\Windows\System32\abengineOff.ini
Datei Gefunden : C:\Windows\SysWOW64\abengine.dll
Datei Gefunden : C:\Windows\SysWOW64\abengine.ini
Datei Gefunden : C:\Windows\SysWOW64\abengineOff.ini
Ordner Gefunden : C:\Program Files (x86)\Boost
Ordner Gefunden : C:\Program Files (x86)\EZDownloader
Ordner Gefunden : C:\Program Files (x86)\mbot_de_481
Ordner Gefunden : C:\Program Files (x86)\SearchProtect
Ordner Gefunden : C:\Program Files (x86)\StormWatch
Ordner Gefunden : C:\Program Files (x86)\TampaGeneration
Ordner Gefunden : C:\Program Files (x86)\uenisaalEs
Ordner Gefunden : C:\Program Files (x86)\unissales
Ordner Gefunden : C:\Program Files (x86)\youtubeadblocker
Ordner Gefunden : C:\ProgramData\13418973723728696083
Ordner Gefunden : C:\ProgramData\hakphkngdipbpbhaokjpjfdbiipknffb
Ordner Gefunden : C:\ProgramData\hakphkngdipbpbhaokjpjfdbiipknffb
Ordner Gefunden : C:\ProgramData\MailUpdate
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyBestOffersToday
Ordner Gefunden : C:\ProgramData\ShopperPro
Ordner Gefunden : C:\ProgramData\Yahoo! Companion
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Local\Boost
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Local\CrashRpt
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Local\globalUpdate
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Local\mbot_de_481
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Local\SearchProtect
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Local\StormWatch
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Local\Weather_Protector_LLC
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\LocalLow\Yahoo! Companion
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Roaming\MailUpdate
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\23fb8bb3-ac21-4230-bbfa-49b94968bc63@gmail.com
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\boost@boost.net.xpi
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\fftoolbar2014@etech.com
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\wq@P.net
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\Za7@Ky.edu
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Roaming\omiga-plus
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Roaming\VOPackage

***** [ Tasks ] *****

Task Gefunden : LaunchSignup
Task Gefunden : ShopperPro
Task Gefunden : ShopperProJSUpd
Task Gefunden : Smp
Task Gefunden : SMupdate1
Task Gefunden : SPDriver
Task Gefunden : YTDownloader
Task Gefunden : YTDownloaderUpd
Task Gefunden : 04c81119-30a3-4168-b759-0865e99d237c-1-6
Task Gefunden : 04c81119-30a3-4168-b759-0865e99d237c-1-7
Task Gefunden : 04c81119-30a3-4168-b759-0865e99d237c-4
Task Gefunden : 04c81119-30a3-4168-b759-0865e99d237c-5
Task Gefunden : 04c81119-30a3-4168-b759-0865e99d237c-5_user
Task Gefunden : 04c81119-30a3-4168-b759-0865e99d237c-6
Task Gefunden : 04c81119-30a3-4168-b759-0865e99d237c-7
Task Gefunden : b64080d3-a27b-4f56-bf65-9831b019eee8-1-6
Task Gefunden : b64080d3-a27b-4f56-bf65-9831b019eee8-1-7
Task Gefunden : b64080d3-a27b-4f56-bf65-9831b019eee8-4
Task Gefunden : b64080d3-a27b-4f56-bf65-9831b019eee8-5
Task Gefunden : b64080d3-a27b-4f56-bf65-9831b019eee8-5_user
Task Gefunden : b64080d3-a27b-4f56-bf65-9831b019eee8-6
Task Gefunden : b64080d3-a27b-4f56-bf65-9831b019eee8-7
Task Gefunden : beddc3a5-14c1-4be6-a132-5174f13a7c15-1-6
Task Gefunden : beddc3a5-14c1-4be6-a132-5174f13a7c15-1-7
Task Gefunden : beddc3a5-14c1-4be6-a132-5174f13a7c15-4
Task Gefunden : beddc3a5-14c1-4be6-a132-5174f13a7c15-5
Task Gefunden : beddc3a5-14c1-4be6-a132-5174f13a7c15-5_user
Task Gefunden : beddc3a5-14c1-4be6-a132-5174f13a7c15-6
Task Gefunden : beddc3a5-14c1-4be6-a132-5174f13a7c15-7

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command [(Default)] - "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://isearch.omiga-plus.com/?type=sc&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB
Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [(Default)] - "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://isearch.omiga-plus.com/?type=sc&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB
Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - "C:\Program Files (x86)\Internet Explorer\iexplore.exe" hxxp://isearch.omiga-plus.com/?type=sc&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB
Daten Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
Daten Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL
Schlüssel Gefunden : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gefunden : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Boost
Schlüssel Gefunden : HKCU\Software\Boost
Schlüssel Gefunden : HKCU\Software\GlobalUpdate
Schlüssel Gefunden : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gefunden : HKCU\Software\iWebar-nv
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2299856A-6506-42E3-A34F-CD35A47C1B19}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2299856A-6506-42E3-A34F-CD35A47C1B19}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\StormWatch
Schlüssel Gefunden : HKCU\Software\Mozilla\Extends
Schlüssel Gefunden : HKCU\Software\StormWatchApp
Schlüssel Gefunden : HKCU\Software\Tutorials
Schlüssel Gefunden : HKCU\Software\TutoTag
Schlüssel Gefunden : HKCU\Software\YTDownloader
Schlüssel Gefunden : [x64] HKCU\Software\Boost
Schlüssel Gefunden : [x64] HKCU\Software\GlobalUpdate
Schlüssel Gefunden : [x64] HKCU\Software\InstalledBrowserExtensions
Schlüssel Gefunden : [x64] HKCU\Software\iWebar-nv
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gefunden : [x64] HKCU\Software\StormWatchApp
Schlüssel Gefunden : [x64] HKCU\Software\Tutorials
Schlüssel Gefunden : [x64] HKCU\Software\TutoTag
Schlüssel Gefunden : [x64] HKCU\Software\YTDownloader
Schlüssel Gefunden : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Schlüssel Gefunden : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gefunden : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gefunden : HKLM\SOFTWARE\Boost
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gefunden : HKLM\SOFTWARE\CLASSES\Boost.BoostBho
Schlüssel Gefunden : HKLM\SOFTWARE\CLASSES\Boost.BoostBho.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2299856A-6506-42E3-A34F-CD35A47C1B19}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66a77d73-e5fa-4815-bba6-e6e6210fb9a0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{41634761-D0BA-4C1A-9AC2-04AEE9511370}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{88C20E16-1EB7-40CE-820C-6CFCB41B1D2F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\P66a77d73_e5fa_4815_bba6_e6e6210fb9a0_.P66a77d73_e5fa_4815_bba6_e6e6210fb9a0_
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\P66a77d73_e5fa_4815_bba6_e6e6210fb9a0_.P66a77d73_e5fa_4815_bba6_e6e6210fb9a0_.9
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2EBBFB4D-D6A8-4602-B2BC-EE9BE9B6A08A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{5EBF305B-8036-4379-B6AE-FC355BFF9464}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{E860F65C-6645-411C-A662-E12E25FD3A93}
Schlüssel Gefunden : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gefunden : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gefunden : HKLM\SOFTWARE\iWebar
Schlüssel Gefunden : HKLM\SOFTWARE\iWebar-nv
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2299856A-6506-42E3-A34F-CD35A47C1B19}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{66a77d73-e5fa-4815-bba6-e6e6210fb9a0}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{d65a1a66}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c8730ca5-3f82-41cc-65e2-01b87600cd89}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Boost
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iWebar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mbot_de_481_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Object Browser
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\omiga-plus uninstall
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gefunden : HKLM\SOFTWARE\MyBestOffersToday
Schlüssel Gefunden : HKLM\SOFTWARE\Object Browser
Schlüssel Gefunden : HKLM\SOFTWARE\omiga-plusSoftware
Schlüssel Gefunden : HKLM\SOFTWARE\SearchProtect
Schlüssel Gefunden : HKLM\SOFTWARE\ShopperPro
Schlüssel Gefunden : HKLM\SOFTWARE\SPPDCOM
Schlüssel Gefunden : HKLM\SOFTWARE\StormWatch
Schlüssel Gefunden : HKLM\SOFTWARE\YTDownloader
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{2299856A-6506-42E3-A34F-CD35A47C1B19}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{66a77d73-e5fa-4815-bba6-e6e6210fb9a0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{41634761-D0BA-4C1A-9AC2-04AEE9511370}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{88C20E16-1EB7-40CE-820C-6CFCB41B1D2F}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2299856A-6506-42E3-A34F-CD35A47C1B19}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66a77d73-e5fa-4815-bba6-e6e6210fb9a0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\ShopperPro
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SPDriver]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fftoolbar2014@etech.com]

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496

Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://websearch.thesearchpage.info/?pid=3458&r=2015/01/31&hid=4296634904664230215&lg=EN&cc=DE&unqvl=74
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://isearch.omiga-plus.com/?type=hp&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://isearch.omiga-plus.com/?type=hp&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://websearch.thesearchpage.info/?pid=3458&r=2015/01/31&hid=4296634904664230215&lg=EN&cc=DE&unqvl=74
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://isearch.omiga-plus.com/?type=hp&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://isearch.omiga-plus.com/?type=hp&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}

-\\ Mozilla Firefox v35.0.1 (x86 de)

[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7F3C43B3-690F-4276-959F-1C74A797CA2A&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SP9050A32E-D786-4A4[...]
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("browser.search.defaultenginename", "omiga-plus");
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("browser.search.defaultenginename,S", "WebSearch");
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("browser.search.defaulturl", "hxxp://websearch.thesearchpage.info/?pid=3458&r=2015/01/31&hid=4296634904664230215&lg=EN&cc=DE&unqvl=74&l=1&q=");
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("browser.search.order.1", "WebSearch");
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("browser.search.order.1,S", "WebSearch");
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("browser.search.searchengine.alias", "omiga-plus");
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("browser.search.searchengine.iconURL", "hxxp://isearch.omiga-plus.com/favicon.ico");
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("browser.search.searchengine.name", "omiga-plus");
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("browser.search.searchengine.url", "hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}");
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("browser.search.selectedEngine", "omiga-plus");
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("browser.search.selectedEngine,S", "WebSearch");
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("browser.startup.homepage", "hxxp://websearch.thesearchpage.info/?pid=3458&r=2015/01/31&hid=4296634904664230215&lg=EN&cc=DE&unqvl=74");
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("extensions.a14fef81ee28d4335a493c2d6383fd42ff9b4872bccb5bcom70121.70121.internaldb.Resources_meta.value", "%7B%22handlebars.js%22%3A%7B%22id%22%3A980195%2C%22ver%22%3A1%2C%22status%22%3A1%2[...]
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("extensions.a14fef81ee28d4335a493c2d6383fd42ff9b4872bccb5bcom70121.70121.internaldb.Resources_resource_980204.value", "%22function%20startAskCom%28e%2Ct%2Cr%29%7Bfunction%20a%28e%29%7Bvar%20[...]
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("extensions.a14fef81ee28d4335a493c2d6383fd42ff9b4872bccb5bcom70121.70121.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2[...]
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.cookie.previous_page.value", "%22hxxp%3A//www-searching.com/%3Fs%3DF1Vzamodk07628%2C8fde143b-bce1-4d1d-b797-3fbbcd45903f%2C%2[...]
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%[...]
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.__ICM_LITE__fifty_test_rules.value", "%7B%22DE%22%3A%7B%22ALL%22%3A%5B%22anastasiadate.com%22%2C%22optionweb.com%2[...]
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22deal[...]
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("extensions.blHSSWRgsJ7yAYl2.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.index[...]
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("extensions.crossrider.bic", "14b3f1e35f160e23b36c69527a7b28ac");
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("extensions.tl6eZyNRbiM0gqrh.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.index[...]
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("keyword.URL", "hxxp://www-searching.com/search.aspx?s=F1Vzamodk07628,8fde143b-bce1-4d1d-b797-3fbbcd45903f,&q=");

-\\ Google Chrome v40.0.2214.93

[C:\Users\XXXXX XXXX\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
[C:\Users\XXXXX XXXX\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
[C:\Users\XXXXX XXXX\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7F3C43B3-690F-4276-959F-1C74A797CA2A&SearchSource=58&CUI=&UM=8&UP=SP9050A32E-D786-4A42-9E49-5663C4588ECE&q={searchTerms}&SSPV=
[C:\Users\XXXXX XXXX\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=3458&r=2015/01/31&hid=4296634904664230215&lg=EN&cc=DE&unqvl=74
[C:\Users\XXXXX XXXX\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
[C:\Users\XXXXX XXXX\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
[C:\Users\XXXXX XXXX\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://www-searching.com/search.aspx?s=F1Vzamodk07628,8fde143b-bce1-4d1d-b797-3fbbcd45903f,&q={searchTerms}

-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [4287 octets] - [24/08/2014 18:37:07]
AdwCleaner[R1].txt - [2884 octets] - [29/11/2014 23:16:17]
AdwCleaner[R2].txt - [29329 octets] - [31/01/2015 15:04:28]
AdwCleaner[S0].txt - [4164 octets] - [24/08/2014 18:55:28]
AdwCleaner[S1].txt - [2721 octets] - [29/11/2014 23:19:24]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [29510 octets] ##########

Code:

ATTFilter

# AdwCleaner v4.109 - Bericht erstellt am 31/01/2015 um 15:08:01
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : XXXXX XXXXX - ARBEITSCOMPUTER
# Gestartet von : C:\Users\XXXXX XXXXX\Desktop\AdwCleaner_4.109.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : CltMngSvc
[#] Dienst Gelöscht : globalUpdatem
Dienst Gelöscht : SMUpdd
Dienst Gelöscht : SPBIUpd
Dienst Gelöscht : SPBIUpdd
Dienst Gelöscht : SPPD
Dienst Gelöscht : SWUpdater
[#] Dienst Gelöscht : YahooAUService
[#] Dienst Gelöscht : InjectorService
[#] Dienst Gelöscht : abengine
[#] Dienst Gelöscht : YTDUpdt

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\ShopperPro
Ordner Gelöscht : C:\ProgramData\MailUpdate
Ordner Gelöscht : C:\ProgramData\Yahoo! Companion
Ordner Gelöscht : C:\ProgramData\13418973723728696083
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyBestOffersToday
Ordner Gelöscht : C:\Program Files (x86)\Boost
Ordner Gelöscht : C:\Program Files (x86)\EZDownloader
Ordner Gelöscht : C:\Program Files (x86)\SearchProtect
Ordner Gelöscht : C:\Program Files (x86)\StormWatch
Ordner Gelöscht : C:\Program Files (x86)\TampaGeneration
Ordner Gelöscht : C:\Program Files (x86)\uenisaalEs
Ordner Gelöscht : C:\Program Files (x86)\unissales
Ordner Gelöscht : C:\Program Files (x86)\youtubeadblocker
Ordner Gelöscht : C:\Program Files (x86)\mbot_de_481
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Local\Boost
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Local\StormWatch
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Local\Weather_Protector_LLC
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Local\mbot_de_481
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\LocalLow\Yahoo! Companion
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Roaming\omiga-plus
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Roaming\VOPackage
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Roaming\MailUpdate
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}
[!] Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\boost@boost.net.xpi
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\23fb8bb3-ac21-4230-bbfa-49b94968bc63@gmail.com
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\fftoolbar2014@etech.com
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\wq@P.net
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\Za7@Ky.edu
Ordner Gelöscht : C:\ProgramData\hakphkngdipbpbhaokjpjfdbiipknffb
Datei Gelöscht : C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\boost@boost.net.xpi
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Public\Desktop\EZDownloader.lnk
Datei Gelöscht : C:\Windows\SysWOW64\abengine.ini
Datei Gelöscht : C:\Windows\SysWOW64\abengineOff.ini
Datei Gelöscht : C:\Windows\SysWOW64\abengine.dll
Datei Gelöscht : C:\Windows\System32\abengineOff.ini
Datei Gelöscht : C:\Windows\System32\abengine64.dll
Datei Gelöscht : C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\searchplugins\WebSearch.xml
Datei Gelöscht : C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\searchplugins\omiga-plus.xml
Datei Gelöscht : C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
Datei Gelöscht : C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
Datei Gelöscht : C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage
Datei Gelöscht : C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal

***** [ Tasks ] *****

Task Gelöscht : LaunchSignup
Task Gelöscht : ShopperPro
Task Gelöscht : ShopperProJSUpd
Task Gelöscht : Smp
Task Gelöscht : SMupdate1
Task Gelöscht : SPDriver
Task Gelöscht : YTDownloader
Task Gelöscht : YTDownloaderUpd
Task Gelöscht : 04c81119-30a3-4168-b759-0865e99d237c-1-6
Task Gelöscht : 04c81119-30a3-4168-b759-0865e99d237c-1-7
Task Gelöscht : 04c81119-30a3-4168-b759-0865e99d237c-4
Task Gelöscht : 04c81119-30a3-4168-b759-0865e99d237c-5
Task Gelöscht : 04c81119-30a3-4168-b759-0865e99d237c-5_user
Task Gelöscht : 04c81119-30a3-4168-b759-0865e99d237c-6
Task Gelöscht : 04c81119-30a3-4168-b759-0865e99d237c-7
Task Gelöscht : b64080d3-a27b-4f56-bf65-9831b019eee8-1-6
Task Gelöscht : b64080d3-a27b-4f56-bf65-9831b019eee8-1-7
Task Gelöscht : b64080d3-a27b-4f56-bf65-9831b019eee8-4
Task Gelöscht : b64080d3-a27b-4f56-bf65-9831b019eee8-5
Task Gelöscht : b64080d3-a27b-4f56-bf65-9831b019eee8-5_user
Task Gelöscht : b64080d3-a27b-4f56-bf65-9831b019eee8-6
Task Gelöscht : b64080d3-a27b-4f56-bf65-9831b019eee8-7
Task Gelöscht : beddc3a5-14c1-4be6-a132-5174f13a7c15-1-6
Task Gelöscht : beddc3a5-14c1-4be6-a132-5174f13a7c15-1-7
Task Gelöscht : beddc3a5-14c1-4be6-a132-5174f13a7c15-4
Task Gelöscht : beddc3a5-14c1-4be6-a132-5174f13a7c15-5
Task Gelöscht : beddc3a5-14c1-4be6-a132-5174f13a7c15-5_user
Task Gelöscht : beddc3a5-14c1-4be6-a132-5174f13a7c15-6
Task Gelöscht : beddc3a5-14c1-4be6-a132-5174f13a7c15-7

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fftoolbar2014@etech.com]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SPDriver]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\CLASSES\Boost.BoostBho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\CLASSES\Boost.BoostBho
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P66a77d73_e5fa_4815_bba6_e6e6210fb9a0_.P66a77d73_e5fa_4815_bba6_e6e6210fb9a0_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P66a77d73_e5fa_4815_bba6_e6e6210fb9a0_.P66a77d73_e5fa_4815_bba6_e6e6210fb9a0_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{d65a1a66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2299856A-6506-42E3-A34F-CD35A47C1B19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66a77d73-e5fa-4815-bba6-e6e6210fb9a0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{88C20E16-1EB7-40CE-820C-6CFCB41B1D2F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{41634761-D0BA-4C1A-9AC2-04AEE9511370}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E860F65C-6645-411C-A662-E12E25FD3A93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2EBBFB4D-D6A8-4602-B2BC-EE9BE9B6A08A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5EBF305B-8036-4379-B6AE-FC355BFF9464}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2299856A-6506-42E3-A34F-CD35A47C1B19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2299856A-6506-42E3-A34F-CD35A47C1B19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2299856A-6506-42E3-A34F-CD35A47C1B19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{66a77d73-e5fa-4815-bba6-e6e6210fb9a0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{2299856A-6506-42E3-A34F-CD35A47C1B19}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{66a77d73-e5fa-4815-bba6-e6e6210fb9a0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{88C20E16-1EB7-40CE-820C-6CFCB41B1D2F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{41634761-D0BA-4C1A-9AC2-04AEE9511370}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2299856A-6506-42E3-A34F-CD35A47C1B19}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66a77d73-e5fa-4815-bba6-e6e6210fb9a0}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gelöscht : HKCU\Software\Boost
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\iWebar-nv
Schlüssel Gelöscht : HKCU\Software\Tutorials
Schlüssel Gelöscht : HKCU\Software\TutoTag
Schlüssel Gelöscht : HKCU\Software\StormWatchApp
Schlüssel Gelöscht : HKCU\Software\YTDownloader
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Boost
Schlüssel Gelöscht : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Boost
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\iWebar
Schlüssel Gelöscht : HKLM\SOFTWARE\iWebar-nv
Schlüssel Gelöscht : HKLM\SOFTWARE\MyBestOffersToday
Schlüssel Gelöscht : HKLM\SOFTWARE\Object Browser
Schlüssel Gelöscht : HKLM\SOFTWARE\omiga-plusSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\ShopperPro
Schlüssel Gelöscht : HKLM\SOFTWARE\StormWatch
Schlüssel Gelöscht : HKLM\SOFTWARE\YTDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Schlüssel Gelöscht : HKLM\SOFTWARE\SPPDCOM
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\StormWatch
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Boost
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iWebar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Object Browser
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\omiga-plus uninstall
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c8730ca5-3f82-41cc-65e2-01b87600cd89}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mbot_de_481_is1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\ShopperPro
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v35.0.1 (x86 de)

[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7F3C43B3-690F-4276-959F-1C74A797CA2A&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SP9050A32E-D786-4A4[...]
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultenginename", "omiga-plus");
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultenginename,S", "WebSearch");
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://websearch.thesearchpage.info/?pid=3458&r=2015/01/31&hid=4296634904664230215&lg=EN&cc=DE&unqvl=74&l=1&q=");
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("browser.search.order.1", "WebSearch");
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("browser.search.order.1,S", "WebSearch");
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.alias", "omiga-plus");
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://isearch.omiga-plus.com/favicon.ico");
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.name", "omiga-plus");
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.url", "hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}");
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "omiga-plus");
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine,S", "WebSearch");
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://websearch.thesearchpage.info/?pid=3458&r=2015/01/31&hid=4296634904664230215&lg=EN&cc=DE&unqvl=74");
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("extensions.a14fef81ee28d4335a493c2d6383fd42ff9b4872bccb5bcom70121.70121.internaldb.Resources_meta.value", "%7B%22handlebars.js%22%3A%7B%22id%22%3A980195%2C%22ver%22%3A1%2C%22status%22%3A1%2[...]
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("extensions.a14fef81ee28d4335a493c2d6383fd42ff9b4872bccb5bcom70121.70121.internaldb.Resources_resource_980204.value", "%22function%20startAskCom%28e%2Ct%2Cr%29%7Bfunction%20a%28e%29%7Bvar%20[...]
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("extensions.a14fef81ee28d4335a493c2d6383fd42ff9b4872bccb5bcom70121.70121.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2[...]
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.cookie.previous_page.value", "%22hxxp%3A//www-searching.com/%3Fs%3DF1Vzamodk07628%2C8fde143b-bce1-4d1d-b797-3fbbcd45903f%2C%2[...]
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%[...]
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.__ICM_LITE__fifty_test_rules.value", "%7B%22DE%22%3A%7B%22ALL%22%3A%5B%22anastasiadate.com%22%2C%22optionweb.com%2[...]
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22deal[...]
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("extensions.blHSSWRgsJ7yAYl2.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("extensions.crossrider.bic", "14b3f1e35f160e23b36c69527a7b28ac");
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("extensions.tl6eZyNRbiM0gqrh.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("keyword.URL", "hxxp://www-searching.com/search.aspx?s=F1Vzamodk07628,8fde143b-bce1-4d1d-b797-3fbbcd45903f,&q=");

-\\ Google Chrome v40.0.2214.93

[C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
[C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
[C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7F3C43B3-690F-4276-959F-1C74A797CA2A&SearchSource=58&CUI=&UM=8&UP=SP9050A32E-D786-4A42-9E49-5663C4588ECE&q={searchTerms}&SSPV=
[C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=3458&r=2015/01/31&hid=4296634904664230215&lg=EN&cc=DE&unqvl=74
[C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
[C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
[C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www-searching.com/search.aspx?s=F1Vzamodk07628,8fde143b-bce1-4d1d-b797-3fbbcd45903f,&q={searchTerms}

-\\ Opera v0.0.0.0

[C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
[C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
[C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7F3C43B3-690F-4276-959F-1C74A797CA2A&SearchSource=58&CUI=&UM=8&UP=SP9050A32E-D786-4A42-9E49-5663C4588ECE&q={searchTerms}&SSPV=
[C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=3458&r=2015/01/31&hid=4296634904664230215&lg=EN&cc=DE&unqvl=74
[C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
[C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
[C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www-searching.com/search.aspx?s=F1Vzamodk07628,8fde143b-bce1-4d1d-b797-3fbbcd45903f,&q={searchTerms}

*************************

AdwCleaner[R0].txt - [4287 octets] - [24/08/2014 18:37:07]
AdwCleaner[R1].txt - [2884 octets] - [29/11/2014 23:16:17]
AdwCleaner[R2].txt - [29703 octets] - [31/01/2015 15:04:28]
AdwCleaner[S0].txt - [4164 octets] - [24/08/2014 18:55:28]
AdwCleaner[S1].txt - [2721 octets] - [29/11/2014 23:19:24]
AdwCleaner[S2].txt - [29924 octets] - [31/01/2015 15:08:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [29985 octets] ##########

Es gibt trotzdem noch einige Probleme, auch wenn es schon etwas sauberer läuft...

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-01-2015 01
Ran by XXXXX XXXXX (administrator) on ARBEITSCOMPUTER on 31-01-2015 17:50:50
Running from C:\Users\XXXXX XXXXX\Desktop
Loaded Profiles: XXXXX XXXXX &  (Available profiles: XXXXX XXXXX & XXXXX & Versuch)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Common Files\AAV\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Windows\snuvcdsm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\PLFSetI.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(RescueTime, Inc.) C:\Program Files (x86)\RescueTime\RescueTime.exe
(Mirko Böer) C:\Program Files (x86)\SSS\SimpleScreenshot.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SNUVCDSM] => C:\Windows\snuvcdsm.exe [30080 2011-01-13] ()
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-29] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetL] => C:\Windows\PLFSetL.exe [99712 2011-01-13] (Sonix Technology Co., Ltd.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2011-11-13] ()
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-11] (Egis Technology Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-07-22] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SimpleScreenshot] => C:\Program Files (x86)\SSS\SIMPLESCREENSHOT.EXE [2255360 2008-02-09] (Mirko Böer)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-02] (Dritek System Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-23] (BillP Studios)
HKU\S-1-5-21-1242904208-471078349-2963378918-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-1242904208-471078349-2963378918-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
Startup: C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk
ShortcutTarget: RescueTime.lnk -> C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1242904208-471078349-2963378918-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.de/
HKU\S-1-5-21-1242904208-471078349-2963378918-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27361111d106l0498z1j5t4471e496
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1242904208-471078349-2963378918-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1242904208-471078349-2963378918-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1242904208-471078349-2963378918-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE457
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: unissales -> {7e0aaab3-ba7d-4a2d-b1e6-4289ce4d1b1e} -> C:\Program Files (x86)\unissales\9vFbOLvEX4RE1d.x64.dll No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Booster-Web helper -> {B5147546-9359-4D9B-8B36-F54C54555799} -> C:\Program Files (x86)\Booster-Web\Booster-Web.dll (App LLC)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Booster-Web helper -> {B5147546-9359-4D9B-8B36-F54C54555799} -> C:\Program Files (x86)\Booster-Web\Booster-Web.dll (App LLC)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1242904208-471078349-2963378918-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\searchplugins\trovi.xml
FF Extension: Booster Web - C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\jid1-U7omKQ6kQfxMaQ@jetpack [2015-01-31]
FF Extension: Zoom It - C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{680219c9-7bbf-5dfc-84d8-33b88668b4ab} [2015-01-31]
FF Extension: LeechBlock - C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2014-12-07]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7F3C43B3-690F-4276-959F-1C74A797CA2A&SearchSource=55&CUI=&UM=8&UP=SP9050A32E-D786-4A42-9E49-5663C4588ECE&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7F3C43B3-690F-4276-959F-1C74A797CA2A&SearchSource=55&CUI=&UM=8&UP=SP9050A32E-D786-4A42-9E49-5663C4588ECE&SSPV="
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (Google Docs) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-25]
CHR Extension: (Google Drive) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-26]
CHR Extension: (YouTube) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-25]
CHR Extension: (Google Search) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-25]
CHR Extension: (Avira Browser Safety) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-26]
CHR Extension: (Google Wallet) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-26]
CHR Extension: (Hearthstone Stream Browser) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\obdejhodejngcbmkiddfjkieejekbfil [2015-01-31]
CHR Extension: (Gmail) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-25]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Common Files\AAV\aavus.exe [122880 2007-10-04] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
S4 BotkindSyncService; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [182784 2013-10-10] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S4 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241704 2014-03-25] (Foxit Corporation)
R2 HPSLPSVC; C:\Users\XXXXX XXXXX\AppData\Local\Temp\7zS1D89\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-11] (Egis Technology Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 NoIPDUCService4; C:\Program Files (x86)\No-IP\ducservice.exe [11264 2013-01-24] () [File not signed]
S4 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3051848 2011-01-25] (O&O Software GmbH)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] () [File not signed]
S4 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S4 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) [File not signed]
S4 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe [72344 2008-05-19] (SiSoftware) [File not signed]
S4 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [247152 2010-04-27] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 EkaProt6; C:\Windows\System32\DRIVERS\ekaprot6.sys [27288 2012-03-23] (Ekahau Inc.)
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [109144 2014-01-30] (Softwareentwicklung Remus - ArchiCrypt - )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806592 2011-01-13] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 SPDRIVER_1361.0.0.0; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1361.0.0.0\jsdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 17:50 - 2015-01-31 17:50 - 00000000 ____D () C:\Users\XXXXX XXXXX\Desktop\FRST-OlderVersion
2015-01-31 17:48 - 2015-01-31 17:48 - 00000337 _____ () C:\Users\XXXXX XXXXX\Desktop\Samsung Tab - kein Speicherplatz - Android-Hilfe.de.URL
2015-01-31 17:00 - 2015-01-31 17:01 - 00001671 _____ () C:\Users\XXXXX XXXXX\Desktop\JRT.txt
2015-01-31 16:55 - 2015-01-31 16:55 - 00057200 _____ () C:\Users\XXXXX XXXXX\Desktop\ Malwarebytes Anti-Malware .txt
2015-01-31 15:22 - 2015-01-31 15:22 - 00029874 _____ () C:\Users\XXXXX XXXXX\Desktop\AdwCleaner[S2].txt
2015-01-31 15:22 - 2015-01-31 15:22 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-31 15:07 - 2015-01-31 15:07 - 00029469 _____ () C:\Users\XXXXX XXXXX\Desktop\AdwCleaner[R2].txt
2015-01-31 15:03 - 2015-01-31 15:03 - 02194432 _____ () C:\Users\XXXXX XXXXX\Desktop\AdwCleaner_4.109.exe
2015-01-31 15:03 - 2015-01-31 15:03 - 01707939 _____ (Thisisu) C:\Users\XXXXX XXXXX\Desktop\JRT.exe
2015-01-31 14:59 - 2015-01-31 15:01 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\XXXXX XXXXX\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-31 11:33 - 2015-01-31 11:33 - 00000000 ____D () C:\Users\XXXXX XXXXX\Documents\TokensBackup
2015-01-31 10:17 - 2015-01-31 10:18 - 00065033 _____ () C:\Users\XXXXX XXXXX\Desktop\Addition.txt
2015-01-31 10:14 - 2015-01-31 17:51 - 00022961 _____ () C:\Users\XXXXX XXXXX\Desktop\FRST.txt
2015-01-31 10:12 - 2015-01-31 17:50 - 02130944 _____ (Farbar) C:\Users\XXXXX XXXXX\Desktop\FRST64.exe
2015-01-31 10:10 - 2015-01-31 10:10 - 00001101 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-31 09:43 - 2015-01-31 09:46 - 00000000 ____D () C:\Users\XXXXX XXXXX\Desktop\Ordnung
2015-01-31 09:35 - 2015-01-31 09:35 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Booster-Web
2015-01-31 09:34 - 2015-01-31 10:01 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\Booster-Web
2015-01-31 09:34 - 2015-01-31 09:35 - 00000000 ____D () C:\Program Files (x86)\Booster-Web
2015-01-31 09:34 - 2015-01-31 09:34 - 00003408 _____ () C:\Windows\System32\Tasks\sondhschedule
2015-01-31 09:34 - 2015-01-31 09:34 - 00003108 _____ () C:\Windows\System32\Tasks\zupa3002
2015-01-31 09:33 - 2015-01-31 17:20 - 00001380 _____ () C:\Windows\Tasks\NWAUR.job
2015-01-31 09:33 - 2015-01-31 17:20 - 00001378 _____ () C:\Windows\Tasks\FMLW.job
2015-01-31 09:33 - 2015-01-31 16:56 - 00000000 ____D () C:\Program Files (x86)\878e2246-8f7a-48fe-89f9-845dc6abbab7
2015-01-31 09:33 - 2015-01-31 09:33 - 00004442 _____ () C:\Windows\System32\Tasks\NWAUR
2015-01-31 09:33 - 2015-01-31 09:33 - 00004440 _____ () C:\Windows\System32\Tasks\FMLW
2015-01-31 09:32 - 2015-01-31 09:32 - 00001117 _____ () C:\Users\XXXXX XXXXX\Desktop\Continue installation .lnk
2015-01-31 09:31 - 2015-01-31 09:31 - 00000000 ____D () C:\ProgramData\SearchModulePlus
2015-01-31 09:30 - 2015-01-31 17:20 - 00001382 _____ () C:\Windows\Tasks\UHTQPK.job
2015-01-31 09:30 - 2015-01-31 17:20 - 00001378 _____ () C:\Windows\Tasks\MLSC.job
2015-01-31 09:30 - 2015-01-31 16:56 - 00000000 ____D () C:\Program Files (x86)\ed55547d-8d98-4039-96d9-00407eb30671
2015-01-31 09:30 - 2015-01-31 09:30 - 00004444 _____ () C:\Windows\System32\Tasks\UHTQPK
2015-01-31 09:30 - 2015-01-31 09:30 - 00004440 _____ () C:\Windows\System32\Tasks\MLSC
2015-01-31 09:30 - 2015-01-31 09:30 - 00000000 ____D () C:\Program Files (x86)\38307773-d954-48f2-8127-93df0ea63e4a
2015-01-31 09:29 - 2015-01-31 09:29 - 00003446 _____ () C:\Windows\System32\Tasks\Inst_Rep
2015-01-31 09:06 - 2015-01-31 17:44 - 00000000 ____D () C:\Program Files (x86)\Hearthstone Stream Browser
2015-01-31 09:06 - 2015-01-31 09:06 - 00000000 ____D () C:\Windows\SysWOW64\X86
2015-01-31 09:06 - 2015-01-31 09:06 - 00000000 ____D () C:\Windows\SysWOW64\AMD64
2015-01-31 09:03 - 2015-01-31 09:03 - 00000000 ____D () C:\ProgramData\{06467b43-d78a-a739-0646-67b43d78ed0f}
2015-01-31 08:59 - 2015-01-31 16:56 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\avaxvyvax
2015-01-31 08:59 - 2015-01-31 08:59 - 00003556 _____ () C:\Windows\System32\Tasks\avaxvyvax
2015-01-31 08:59 - 2015-01-31 08:59 - 00003206 _____ () C:\Windows\System32\Tasks\{186E3D0B-D440-49E7-8F64-7917C92B0863}
2015-01-31 08:57 - 2015-01-31 08:57 - 01191200 _____ () C:\Users\XXXXX XXXXX\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2015-01-31 08:52 - 2014-12-14 10:53 - 00378640 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll
2015-01-31 08:52 - 2014-12-14 10:53 - 00332568 _____ (CartCrunch Israel Ltd.) C:\Windows\SysWOW64\ColorMedia.dll
2015-01-30 20:51 - 2015-01-30 20:51 - 00000600 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\winscp.rnd
2015-01-30 20:08 - 2015-01-30 20:08 - 00000000 ____D () C:\Users\Versuch\AppData\Roaming\PDF Architect
2015-01-30 20:08 - 2015-01-30 20:08 - 00000000 ____D () C:\Users\Versuch\AppData\Local\IsolatedStorage
2015-01-30 19:16 - 2015-01-30 19:17 - 00000000 ____D () C:\Users\Versuch\AppData\OICE_15_974FA576_32C1D314_2072
2015-01-27 21:08 - 2015-01-31 17:41 - 00005192 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Arbeitscomputer-XXXXX XXXXX Arbeitscomputer
2015-01-25 17:12 - 2015-01-25 17:12 - 00002086 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\UHTQPK
2015-01-25 17:12 - 2015-01-25 17:12 - 00002086 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\NWAUR
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\MLSC
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\FMLW
2015-01-20 06:34 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-20 06:34 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-20 06:34 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-20 06:34 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-20 06:34 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-20 06:34 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-20 06:34 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 08:06 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:06 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:06 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 08:06 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:06 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 08:06 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 05:55 - 2015-01-13 05:55 - 00009429 _____ () C:\Users\XXXXX XXXXX\AppData\Local\recently-used.xbel

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 17:51 - 2014-08-21 20:10 - 00000000 ____D () C:\FRST
2015-01-31 17:39 - 2013-09-19 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-31 17:39 - 2012-03-11 02:08 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-31 17:25 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-31 17:25 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-31 17:24 - 2011-11-13 21:43 - 01339110 _____ () C:\Windows\WindowsUpdate.log
2015-01-31 17:20 - 2012-09-20 04:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-31 17:19 - 2014-06-20 13:07 - 00110776 _____ () C:\Windows\PFRO.log
2015-01-31 17:19 - 2014-06-18 08:20 - 00027685 _____ () C:\Windows\setupact.log
2015-01-31 17:19 - 2011-11-14 06:15 - 00000000 ____D () C:\Windows\Lan
2015-01-31 17:19 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-31 17:05 - 2012-08-14 18:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-31 16:56 - 2009-11-05 01:49 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-01-31 15:24 - 2014-08-05 14:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-31 15:22 - 2014-08-05 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-31 15:22 - 2014-08-05 14:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-31 15:08 - 2014-11-16 12:18 - 00001025 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-31 15:08 - 2014-11-16 12:18 - 00001013 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-31 15:08 - 2014-10-25 07:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-31 15:08 - 2014-08-24 18:36 - 00000000 ____D () C:\AdwCleaner
2015-01-31 15:08 - 2011-11-20 15:41 - 00001021 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-31 10:10 - 2014-08-06 10:55 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-31 10:10 - 2013-02-24 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-31 10:09 - 2013-02-24 19:39 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-31 09:44 - 2014-08-07 20:56 - 02931200 ___SH () C:\Users\XXXXX XXXXX\Desktop\Thumbs.db
2015-01-31 09:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-31 07:56 - 2014-08-15 15:44 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\Adobe
2015-01-31 07:56 - 2012-04-02 19:28 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-31 07:56 - 2012-04-02 19:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-31 07:56 - 2011-11-15 21:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-30 19:03 - 2014-09-10 06:10 - 00000000 ____D () C:\Users\Versuch\AppData\Roaming\SimpleScreenshot
2015-01-27 20:12 - 2014-11-10 20:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 06:18 - 2014-11-16 12:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 07:21 - 2012-06-10 14:07 - 00000000 ____D () C:\Users\XXXXX XXXXX\Documents\Bewerbungen
2015-01-25 17:19 - 2011-11-14 06:34 - 00702664 _____ () C:\Windows\system32\perfh007.dat
2015-01-25 17:19 - 2011-11-14 06:34 - 00151424 _____ () C:\Windows\system32\perfc007.dat
2015-01-25 17:19 - 2009-07-14 06:13 - 01629998 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-23 21:11 - 2013-11-02 09:43 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\Skype
2015-01-20 14:50 - 2014-09-10 06:09 - 00000000 ____D () C:\Users\Versuch
2015-01-20 14:50 - 2013-05-22 21:33 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\RescueTime.com
2015-01-20 14:50 - 2012-03-30 17:57 - 00000000 ____D () C:\Users\XXXXX
2015-01-20 14:50 - 2011-12-01 21:23 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-01-20 14:50 - 2011-11-20 16:01 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\SimpleScreenshot
2015-01-20 14:50 - 2009-11-05 01:26 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-20 14:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-20 06:21 - 2011-11-13 22:46 - 00000000 ____D () C:\Users\XXXXX XXXXX
2015-01-18 20:07 - 2012-04-07 11:49 - 00000000 ____D () C:\Users\XXXXX XXXXX\Documents\Finanzen
2015-01-15 18:59 - 2013-07-13 08:36 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 18:46 - 2011-11-18 19:58 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 05:55 - 2014-06-15 19:34 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\gtk-2.0
2015-01-13 05:55 - 2012-08-29 10:11 - 00000000 ____D () C:\Users\XXXXX XXXXX\.gimp-2.8
2015-01-08 09:55 - 2011-11-15 21:40 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 18:47 - 2012-03-23 13:19 - 00000000 ____D () C:\Users\XXXXX XXXXX\Documents\Cellula
2015-01-03 15:28 - 2012-03-11 19:16 - 00000000 ____D () C:\Users\XXXXX XXXXX\Documents\ERGO
2015-01-03 10:51 - 2012-03-11 19:16 - 00000000 ____D () C:\Users\XXXXX XXXXX\Documents\SP
2015-01-03 08:31 - 2012-03-25 11:40 - 00000000 ____D () C:\Users\XXXXX XXXXX\Documents\Steuerfälle

==================== Files in the root of some directories =======

2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\FMLW
2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\MLSC
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\NWAUR
2014-06-28 07:10 - 2014-07-23 21:30 - 14159872 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\Sandra.mdb
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\UHTQPK
2015-01-30 20:51 - 2015-01-30 20:51 - 0000600 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\winscp.rnd
2012-04-20 18:28 - 2014-07-07 01:20 - 0006656 _____ () C:\Users\XXXXX XXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-22 21:07 - 2014-09-22 21:07 - 0001482 _____ () C:\Users\XXXXX XXXXX\AppData\Local\RecConfig.xml
2015-01-13 05:55 - 2015-01-13 05:55 - 0009429 _____ () C:\Users\XXXXX XXXXX\AppData\Local\recently-used.xbel
2013-08-12 21:15 - 2013-08-12 21:15 - 0007603 _____ () C:\Users\XXXXX XXXXX\AppData\Local\Resmon.ResmonCfg
2012-03-31 10:26 - 2012-03-31 10:26 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-11-13 22:53 - 2011-11-13 22:57 - 0008282 _____ () C:\ProgramData\ArcadeDeluxe3.log
2014-09-22 19:19 - 2014-10-06 19:45 - 0008737 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\XXXXX XXXXX\AppData\Local\Temp\a15d7.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\avgnt.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\bdbcabfccbhi.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\Booster-Web-Installer.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\KMSPico 9.2.4__7628_il125.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\OnlineBackup.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\Quarantine.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\sfamcc00001.dll
C:\Users\XXXXX XXXXX\AppData\Local\Temp\SkypeSetup.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\SpOrder.dll
C:\Users\XXXXX XXXXX\AppData\Local\Temp\sqlite3.dll
C:\Users\XXXXX XXXXX\AppData\Local\Temp\vsdel.exe
C:\Users\Versuch\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-31 13:31

==================== End Of Log ============================

--- --- ---

--- --- ---

magigstar · 31.01.2015, 17:57

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-01-2015 01
Ran by XXXXX XXXXX at 2015-01-31 17:52:11
Running from C:\Users\XXXXX XXXXX\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.7112 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.0.7112 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.29 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.124.1120 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.124.1120 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3004 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.2009.1217 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3000 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.103 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}) (Version: 1.4.17.35005 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.4.17.35005 - Alcor Micro Corp.) Hidden
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
Alle meine Passworte 4.13 (HKLM\...\AllemeinePassworte) (Version:  - Mirko Böer)
Allway Sync version 12.16.9 (HKLM-x32\...\Allway Sync_is1) (Version:  - Botkind Inc)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1105 - Alps Electric)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{11F38253-8940-FFDA-D131-B14120C357E4}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avi2Dvd 0.6.4 (HKLM-x32\...\Avi2Dvd) (Version: 0.6.4 - TrustFm)
Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Backup Manager Basic (x32 Version: 2.0.0.29 - NewTech Infosystems) Hidden
BatteryCare 0.9.10.0 (HKLM-x32\...\{C6A6036D-FBD0-4324-BEAA-C0845257160C}_is1) (Version: 0.9.10.0 - Filipe Lourenço)
BitTorrent (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\BitTorrent) (Version: 7.9.2.31638 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Booster-Web (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Booster-Web) (Version: 4 - ${CompanyName})
Broadcom Gigabit NetLink Controller (HKLM\...\{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}) (Version: 12.33.03 - Broadcom Corporation)
Canon MP160 Benutzerregistrierung (HKLM-x32\...\Canon MP160 Benutzerregistrierung) (Version:  - )
ccc-core-static (x32 Version: 2009.1209.2335.42329 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP)
Chandler 1.0.3 (HKLM-x32\...\Chandler) (Version: 1.0.3 - Open Source Applications Foundation)
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)
CoreAAC Audio Decoder (remove only) (HKLM-x32\...\CoreAAC Audio Decoder) (Version:  - )
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
EinsteinBrainTrainer (remove only) (HKLM-x32\...\EinsteinBrainTrainer) (Version:  - )
Ekahau HeatMapper (HKLM\...\Heatmapper-1.1.4.39795) (Version: 1.1.4.39795 - Ekahau Inc.)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
ffdshow [rev 3299] [2010-03-03] (HKLM-x32\...\ffdshow_is1) (Version: 1.0.0.3299 - )
Fiat eco:Drive (HKLM-x32\...\com.fiat.convergence.385E4263E7379A5D22A7076E99B02868EFF10711.1) (Version: 2.0.2 - Fiat Group Automobiles)
Fiat eco:Drive (x32 Version: 2.0.2 - Fiat Group Automobiles) Hidden
First Class Flurry (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}) (Version:  - Oberon Media)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.105.325 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.3.321 - Foxit Corporation)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free DVD Video Burner version 3.0.4.426 (HKLM-x32\...\Free DVD Video Burner_is1) (Version:  - DVDVideoSoft Limited.)
Free System Utilities (HKLM-x32\...\{ad2818b3-1616-4ec8-855d-be6936103e5a}) (Version: 1.1.0.70 - Covus Freemium GmbH)
Free SystemUtilities (x32 Version: 1.1.0.70 - Covus Freemium GmbH) Hidden
Free YouTube Download version 3.1.37.918 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.37.918 - DVDVideoSoft Ltd.)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0_RC_10 - )
FRITZ!Box-Fernzugang einrichten (HKLM-x32\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
FrostWire 5.3.5 (HKLM-x32\...\FrostWire 5) (Version: 5.3.5.0 - FrostWire Team)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photosmart 5520 series - Grundlegende Software für das Gerät (HKLM\...\{4F396B08-301D-4E53-A372-95A7E93ABD04}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.007 - HTC Corporation)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Join Air (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - ZTE Corporation)
Kassenbuch (HKLM-x32\...\{29531C6B-7B64-4C53-B54A-6C8AB5DE2159}) (Version: 1.0.0 - Office Consult GmbH)
K-Lite Codec Pack 9.2.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.2.0 - )
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.05 - Acer Inc.)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MediaHuman YouTube to MP3 Converter Version 3.3 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.3 - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 (KB971118) (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971118)) (Version:  - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 Language Pack - DEU (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 Language Pack - DEU) (Version:  - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1242904208-471078349-2963378918-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\SkyDriveSetup.exe) (Version: 16.4.6010.0727 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MPC-HC 1.7.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.0.1 - Vitalwerks Internet Solutions LLC)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6623 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6623 - NewTech Infosystems) Hidden
O&O Defrag Free Edition (HKLM\...\{C10CAF82-9D36-4D9A-9DC0-C4549F06B519}) (Version: 14.1.431 - O&O Software GmbH)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF24 Creator 6.8.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
pomodairo (HKLM-x32\...\{EEBEA077-AB92-5083-ECB1-C15BD842D00B}) (Version: 1.9 - UNKNOWN)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Random Dresser (HKLM-x32\...\RandomDresser) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
RescueTime 2.2.1 (HKLM-x32\...\{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1) (Version:  - RescueTime.com)
Restorer2000 3.3 (HKLM-x32\...\Restorer2000_is1) (Version: 3.3 - Bitmart Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shutdown Manager (HKLM-x32\...\{C457BA5F-35F9-480C-90F8-5C91DB443A15}_is1) (Version: 2.0.7 - Daniel Höllig)
SimpleScreenshot 1.40 (HKLM-x32\...\SimpleScreenshot) (Version:  - )
SiSoftware Sandra Lite 2014.SP2a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 20.35.2014.6 - SiSoftware)
SIW version 2011.10.29 (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.10.29 - Topala Software Solutions)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Steganos Safe 14 (HKLM-x32\...\{13B7FBFB-622E-4002-8570-594798E6167D}) (Version: 14.2.2 - Steganos Software GmbH)
Steuer-Spar-Erklärung 2008 (HKLM-x32\...\{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}) (Version: 13.02.0000 - Akademische Arbeitsgemeinschaft)
Steuer-Spar-Erklärung 2009 (HKLM-x32\...\{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}) (Version: 14.01.0000 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2010 (HKLM-x32\...\{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}) (Version: 15.15 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2011 (HKLM-x32\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.18 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.14 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.12.92 - Akademische Arbeitsgemeinschaft)
Streamripper (Remove only) (HKLM-x32\...\Streamripper) (Version:  - )
Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten (HKLM\...\{CAD7B6DD-9C82-4D17-BAE8-3E9AE4971B90}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
Time Stamp (HKLM-x32\...\Time Stamp_is1) (Version:  - 3.23.2010-0313)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.0.0 - TP-LINK)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
Tunatic (HKLM-x32\...\Tunatic) (Version:  - )
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinPatrol (HKLM\...\{6E575124-6D34-4E65-9375-7D69468A6089}) (Version: 30.9 - BillP Studios)
WinRAR 5.10 Beta 4 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Zuzahlungsrechner (HKLM-x32\...\{B2C69E77-F209-4B63-8676-4F32B27E162B}) (Version: 3.6.0 - sfr-software-fuers-heim)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1242904208-471078349-2963378918-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\XXXXX XXXXX\AppData\Roaming\moters\supna.dll No File <==== ATTENTION

==================== Restore Points  =========================

14-01-2015 08:05:58 Windows Update
15-01-2015 18:45:05 Windows Update
16-01-2015 05:01:13 Windows Modules Installer
20-01-2015 06:35:31 Windows Update
21-01-2015 00:02:16 Windows Update
27-01-2015 20:19:44 Windows Update
31-01-2015 17:38:41 Removed Java 7 Update 67

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-08-24 12:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0CAEEB6B-A216-4E04-9EA6-AC310639FD8D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {0E16AE93-AC32-4015-9120-BB0947F3E1AF} - System32\Tasks\MLSC => C:\Users\XXXXX XXXXX\AppData\Roaming\MLSC.exe <==== ATTENTION
Task: {13DABB31-ABBE-4704-8EDF-E28147F8962C} - \SMWPUpd No Task File <==== ATTENTION
Task: {23CEA58C-8E99-49B6-96E0-E0033F148659} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {26DA7882-781D-4FC9-B1A5-5F5B1F7227FE} - System32\Tasks\{6A246FB0-E753-4188-9543-22389AB30F4E} => pcalua.exe -a "C:\Users\XXXXX XXXXX\Downloads\Chandler_win_1.0.3.exe" -d "C:\Users\XXXXX XXXXX\Downloads"
Task: {2F491965-426D-4740-BA34-9AC1AFB8DDE2} - System32\Tasks\UHTQPK => C:\Users\XXXXX XXXXX\AppData\Roaming\UHTQPK.exe <==== ATTENTION
Task: {331D0C36-5AAC-434D-A64B-8F53AF5F083F} - System32\Tasks\zupa3002 => C:\PROGRA~2\TabNav\zupa3002.exe
Task: {38C51694-B081-4739-8E17-069D4A49D4D4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {47C46238-A6C4-4C4B-BE85-E6E1425608CB} - System32\Tasks\{144D2C4F-2583-452B-AC74-C64839CF03CC} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller" -c -hunter
Task: {5A42985A-DC32-4FE1-8210-CA09F67316FC} - System32\Tasks\HPCustPartic.exe_{96420065-3C4E-4B3E-96DB-DB0760F51DDD} => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {5B5D6CC7-9FA7-4441-9A09-8A3C4EA669FD} - System32\Tasks\{9B880EC1-DC3B-45D7-A7BB-4E131A7A884F} => pcalua.exe -a "C:\Users\XXXXX XXXXX\Downloads\esetsmartinstaller_enu.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {5E1E681C-C0F1-4E87-8C95-38A011634E9C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {658A7160-D5FE-40D6-8358-5AC71CDD5600} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Arbeitscomputer-XXXXX XXXXX Arbeitscomputer => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: {739C86AB-D488-4894-A94A-E1C873D935C4} - System32\Tasks\{239C0599-E784-4910-B228-5D5AB8D346A6} => pcalua.exe -a "C:\Users\XXXXX XXXXX\Downloads\HiJackThis204.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {773149FF-2A04-41E8-AEF1-735F0738EC51} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {792B72B2-C51B-4379-B2AA-007529DB50F0} - System32\Tasks\{8D77E667-A31C-4EB4-B209-1E559B732CBC} => pcalua.exe -a "C:\Program Files (x86)\Canon\IJEREG\MP160\UNINST.EXE"
Task: {79995E4D-7C32-4800-8797-6893DD64333B} - System32\Tasks\{186E3D0B-D440-49E7-8F64-7917C92B0863} => pcalua.exe -a "C:\Users\XXXXX XXXXX\AppData\Roaming\omiga-plus\UninstallManager.exe" -c -ptid=obw <==== ATTENTION
Task: {7AEAE564-35D2-434E-8BC2-12BF5BC672DE} - System32\Tasks\HPCustParticipation HP Deskjet 3070 B611 series => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {7EED0456-B087-4708-8496-6474B917CECB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {92533B9B-37E7-4E54-B7DE-F8B0B255CFEE} - System32\Tasks\{4781B96F-C3F4-45CF-AB6F-C64C9AD3E88D} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{319D91C6-3D44-436C-9F79-36C0D22372DC}\setup.exe" -d "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK" -c -runfromtemp -removeonly
Task: {9C395D30-C0E5-4B3A-A232-E38DA71A3827} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A1D835EF-9220-45A2-811E-2CA5B38166BF} - System32\Tasks\hpUrlLauncher.exe_{4AF7A75F-FDE8-41B8-80D9-5C3EBC32D019} => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\utils\hpUrlLauncher.exe
Task: {A8889BDD-EEA6-44D8-85E8-4A53B4C6FFC7} - System32\Tasks\avaxvyvax => C:\Users\XXXXX XXXXX\AppData\Local\avaxvyvax\avaxvyvax.exe
Task: {B7A342C6-6ABF-492E-9250-2C92CB583846} - System32\Tasks\{A2A68590-5CAE-4C98-8B98-D18CC5E4C073} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{3DB0448D-AD82-4923-B305-D001E521A964}\setup.exe" -c -runfromtemp -l0x407 -removeonly
Task: {B99335C8-3858-4912-916A-9AC2D8DFC005} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {BBBF9E37-C1CD-4CF0-A783-CE021D6D2928} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {C1ACE4A8-19C0-45F4-9D33-A8411D825BF4} - System32\Tasks\NWAUR => C:\Users\XXXXX XXXXX\AppData\Roaming\NWAUR.exe <==== ATTENTION
Task: {C3A9171A-C2B0-4DD2-90FB-60F5166A5C06} - System32\Tasks\sondhschedule => C:\Users\XXXXX
Task: {C4D8DBDC-0684-4CD1-8370-6636F2A8C92D} - System32\Tasks\FMLW => C:\Users\XXXXX XXXXX\AppData\Roaming\FMLW.exe <==== ATTENTION
Task: {CE5325CF-BB63-4751-AB56-BD427BEAA0D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-31] (Adobe Systems Incorporated)
Task: {D8BC15BF-E6F5-4406-95E2-4C359424AE7D} - \SMW_UpdateTask_Time_333035393833303830392d5a556c6c4a5a575750414134 No Task File <==== ATTENTION
Task: {DA50F050-8700-4A90-9184-FBA2F85ECA89} - System32\Tasks\Inst_Rep => C:\Users\XXXXX XXXXX\AppData\Local\Installer\Install_24189\DCytdieamo_amodc_setup.exe [2015-01-31] ()
Task: {E36CA599-B047-467B-99AF-5E380AFECE05} - System32\Tasks\{AC797CD7-B058-4AC8-84B2-B2307D6AFF9B} => C:\Program Files (x86)\Chandler1.0.3\chandler.exe
Task: {E85DBE85-E344-4E48-A05A-ACF97445121F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {E9A74425-992C-4024-A0F4-03BCF765A15D} - \SPBIW_UpdateTask_Time_333035393833303830392d5a556c6c4a5a575750414134 No Task File <==== ATTENTION
Task: {F30712C0-5F79-4616-BFEE-8D27E1822469} - System32\Tasks\{581487AC-8AAF-40E1-A997-6B8519F0C5EC} => C:\Program Files (x86)\Chandler1.0.3\chandler.exe
Task: {FC0397BA-8222-41E7-836D-453BA55E74DB} - System32\Tasks\{2E665153-C229-4C02-9699-2F4EF08B1807} => pcalua.exe -a C:\Users\DANIEL~1\AppData\Local\Temp\InstallFlashPlayer.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FMLW.job => C:\Users\XXXXX XXXXX\AppData\Roaming\FMLW.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MLSC.job => C:\Users\XXXXX XXXXX\AppData\Roaming\MLSC.exe <==== ATTENTION
Task: C:\Windows\Tasks\NWAUR.job => C:\Users\XXXXX XXXXX\AppData\Roaming\NWAUR.exe <==== ATTENTION
Task: C:\Windows\Tasks\UHTQPK.job => C:\Users\XXXXX XXXXX\AppData\Roaming\UHTQPK.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2007-10-04 14:32 - 2007-10-04 14:32 - 00122880 _____ () C:\Program Files (x86)\Common Files\AAV\aavus.exe
2011-01-13 09:04 - 2011-01-13 09:04 - 00030080 _____ () C:\Windows\snuvcdsm.exe
2011-11-13 22:52 - 2011-11-13 22:51 - 00200704 _____ () C:\Windows\PLFSetI.exe
2009-07-29 13:10 - 2009-07-29 13:10 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-11-13 21:44 - 2011-11-13 21:44 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-12-28 14:38 - 2014-04-22 19:39 - 00645592 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BotkindSyncService => 2
MSCONFIG\Services: FoxitCloudUpdateService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NoIPDUCService4 => 2
MSCONFIG\Services: NTI IScheduleSvc => 2
MSCONFIG\Services: NTIBackupSvc => 3
MSCONFIG\Services: NTISchedulerSvc => 2
MSCONFIG\Services: OODefragAgent => 2
MSCONFIG\Services: PassThru Service => 2
MSCONFIG\Services: PDF Architect Helper Service => 2
MSCONFIG\Services: PDF Architect Service => 2
MSCONFIG\Services: SandraAgentSrv => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\Services: TomTomHOMEService => 2
MSCONFIG\Services: Updater Service => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart

========================= Accounts: ==========================

Administrator (S-1-5-21-1242904208-471078349-2963378918-500 - Administrator - Disabled)
XXXXX XXXXX (S-1-5-21-1242904208-471078349-2963378918-1000 - Administrator - Enabled) => C:\Users\XXXXX XXXXX
XXXXX (S-1-5-21-1242904208-471078349-2963378918-1003 - Limited - Enabled) => C:\Users\XXXXX
Gast (S-1-5-21-1242904208-471078349-2963378918-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1242904208-471078349-2963378918-1002 - Limited - Enabled)
Versuch (S-1-5-21-1242904208-471078349-2963378918-1004 - Administrator - Enabled) => C:\Users\Versuch

==================== Faulty Device Manager Devices =============

Name: SPDRIVER_1361.0.0.0
Description: SPDRIVER_1361.0.0.0
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SPDRIVER_1361.0.0.0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/31/2015 05:20:22 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
   bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)


System errors:
=============
Error: (01/31/2015 05:19:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SPDRIVER_1361.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3


Microsoft Office Sessions:
=========================
Error: (01/31/2015 05:20:22 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
   bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)


CodeIntegrity Errors:
===================================
  Date: 2014-08-24 13:21:32.971
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.769
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.550
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.332
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:01.069
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\DANIEL~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:00.711
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\DANIEL~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:00.330
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:00.010
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-01 15:18:48.633
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-01 15:18:48.446
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 39%
Total physical RAM: 3956.5 MB
Available physical RAM: 2407.97 MB
Total Pagefile: 7911.18 MB
Available Pagefile: 5902.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:290.05 GB) (Free:101.13 GB) NTFS
Drive d: (DATA) (Fixed) (Total:290.4 GB) (Free:285.17 GB) NTFS
Drive f: (INTENSO) (Removable) (Total:14.44 GB) (Free:14.44 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 6D48B855)
Partition 1: (Not Active) - (Size=15.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=290.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=290.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.5 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.

==================== End Of Log ============================

Bootsektor · 01.02.2015, 00:20

Hallo,

Zitat:

Es gibt trotzdem noch einige Probleme, auch wenn es schon etwas sauberer läuft...

Wir sind ja auch noch nicht fertig

Schritt 1
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Schritt 2
Starte noch einmal FRST.

Setze den Haken bei addition.txt und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop (oder in dem Verzeichnis in dem FRST liegt) gespeichert.
Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.

magigstar · 01.02.2015, 01:03

Es ist echt komisch...

Ich habe alles deaktiviert.
Habe ComboFix auf den Desktop verschoben.

Ich klicke an, es lädt bzw. wird ausgespackt.
Aber dann nichts...

Starte ich ComboFix erneut, kommt gleich eine Fehlermeldung, die ich ignorieren, wiederholen oder abbrechen kann.

Bootsektor · 01.02.2015, 01:19

Was ist denn der genaue Wortlaut der Fehlermeldung?

magigstar · 01.02.2015, 09:08

Combofix hat doch noch funktioniert...

Code:

ATTFilter

ComboFix 15-01-29.01 - XXXXXX XXXXXX 01.02.2015   8:31.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3956.2532 [GMT 1:00]
ausgeführt von:: c:\users\XXXXXX XXXXXX\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\38307773-d954-48f2-8127-93df0ea63e4a\3e7d90a7-d362-46a9-a145-3ee08200dffd.dll
c:\program files (x86)\878e2246-8f7a-48fe-89f9-845dc6abbab7\74ac0708-eebd-4d53-83f6-7f4779f2f294.dll
c:\program files (x86)\878e2246-8f7a-48fe-89f9-845dc6abbab7\878e2246-8f7a-48fe-89f9-845dc6abbab7.dll
c:\program files (x86)\Acer\38307773-d954-48f2-8127-93df0ea63e4a.dll
c:\program files (x86)\Acer\ed55547d-8d98-4039-96d9-00407eb30671.dll
c:\program files (x86)\ed55547d-8d98-4039-96d9-00407eb30671\ca846dc2-84dd-4e20-94fa-902a5cafe3c0.dll
c:\program files (x86)\sss
c:\program files (x86)\sss\SimpleScreenshot.exe
c:\program files (x86)\sss\upload.php
c:\users\DANIEL~1\AppData\Local\Temp\7zS1D89\HPSLPSVC64.DLL
c:\users\DANIEL~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdejhodejngcbmkiddfjkieejekbfil
c:\users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdejhodejngcbmkiddfjkieejekbfil\242\background.html
c:\users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdejhodejngcbmkiddfjkieejekbfil\242\content.js
c:\users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdejhodejngcbmkiddfjkieejekbfil\242\GuJbTt1.js
c:\users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdejhodejngcbmkiddfjkieejekbfil\242\lsdb.js
c:\users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdejhodejngcbmkiddfjkieejekbfil\242\manifest.json
c:\users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_afleebcccoakjdegifmipchmkmnbmbcg_0.localstorage-journal
c:\users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_afleebcccoakjdegifmipchmkmnbmbcg_0.localstorage
c:\users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_obdejhodejngcbmkiddfjkieejekbfil_0.localstorage-journal
c:\users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_obdejhodejngcbmkiddfjkieejekbfil_0.localstorage
c:\users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\XXXXXX XXXXXX\AppData\Local\Temp\7zS1D89\HPSLPSVC64.DLL
c:\users\XXXXXX XXXXXX\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ilhln8u2.default\extensions\staged\wq@P.net
c:\users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ilhln8u2.default\extensions\staged\wq@P.net\bootstrap.js
c:\users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ilhln8u2.default\extensions\staged\wq@P.net\chrome.manifest
c:\users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ilhln8u2.default\extensions\staged\wq@P.net\content\bg.js
c:\users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ilhln8u2.default\extensions\staged\wq@P.net\install.rdf
c:\users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ilhln8u2.default\extensions\staged\Za7@Ky.edu
c:\users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ilhln8u2.default\extensions\staged\Za7@Ky.edu\bootstrap.js
c:\users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ilhln8u2.default\extensions\staged\Za7@Ky.edu\chrome.manifest
c:\users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ilhln8u2.default\extensions\staged\Za7@Ky.edu\content\bg.js
c:\users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ilhln8u2.default\extensions\staged\Za7@Ky.edu\install.rdf
c:\users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\r7teyr0l.default-1417873282698\extensions\staged\wq@P.net
c:\users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\r7teyr0l.default-1417873282698\extensions\staged\wq@P.net\bootstrap.js
c:\users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\r7teyr0l.default-1417873282698\extensions\staged\wq@P.net\chrome.manifest
c:\users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\r7teyr0l.default-1417873282698\extensions\staged\wq@P.net\content\bg.js
c:\users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\r7teyr0l.default-1417873282698\extensions\staged\wq@P.net\install.rdf
c:\users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\r7teyr0l.default-1417873282698\extensions\staged\Za7@Ky.edu
c:\users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\r7teyr0l.default-1417873282698\extensions\staged\Za7@Ky.edu\bootstrap.js
c:\users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\r7teyr0l.default-1417873282698\extensions\staged\Za7@Ky.edu\chrome.manifest
c:\users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\r7teyr0l.default-1417873282698\extensions\staged\Za7@Ky.edu\content\bg.js
c:\users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\r7teyr0l.default-1417873282698\extensions\staged\Za7@Ky.edu\install.rdf
c:\windows\SysWow64\X86
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SPDRIVER_1361.0.0.0
-------\Service_HPSLPSVC
-------\Service_SPDRIVER_1361.0.0.0
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-01-01 bis 2015-02-01  ))))))))))))))))))))))))))))))
.
.
2015-02-01 07:39 . 2015-02-01 07:39	--------	d-----w-	c:\users\Versuch\AppData\Local\temp
2015-02-01 07:39 . 2015-02-01 07:39	--------	d-----w-	c:\users\Public\AppData\Local\temp
2015-02-01 07:39 . 2015-02-01 07:39	--------	d-----w-	c:\users\XXXXXX\AppData\Local\temp
2015-02-01 07:39 . 2015-02-01 07:39	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-01-31 08:34 . 2015-01-31 08:35	--------	d-----w-	c:\program files (x86)\Booster-Web
2015-01-31 08:34 . 2015-01-31 09:01	--------	d-----w-	c:\users\XXXXXX XXXXXX\AppData\Roaming\Booster-Web
2015-01-31 08:33 . 2015-02-01 07:39	--------	d-----w-	c:\program files (x86)\878e2246-8f7a-48fe-89f9-845dc6abbab7
2015-01-31 08:31 . 2015-01-31 08:31	--------	d-----w-	c:\programdata\SearchModulePlus
2015-01-31 08:30 . 2015-02-01 07:39	--------	d-----w-	c:\program files (x86)\38307773-d954-48f2-8127-93df0ea63e4a
2015-01-31 08:30 . 2015-02-01 07:39	--------	d-----w-	c:\program files (x86)\ed55547d-8d98-4039-96d9-00407eb30671
2015-01-31 08:29 . 2015-01-31 08:29	--------	d-----w-	c:\users\XXXXXX XXXXXX\AppData\Local\Installer
2015-01-31 08:06 . 2015-01-31 08:06	--------	d-----w-	c:\windows\SysWow64\AMD64
2015-01-31 08:06 . 2015-01-31 16:44	--------	d-----w-	c:\program files (x86)\Hearthstone Stream Browser
2015-01-31 08:03 . 2015-01-31 08:03	--------	d-----w-	c:\programdata\{06467b43-d78a-a739-0646-67b43d78ed0f}
2015-01-31 07:59 . 2015-01-31 15:56	--------	d-----w-	c:\users\XXXXXX XXXXXX\AppData\Local\avaxvyvax
2015-01-31 07:52 . 2014-12-14 09:53	332568	----a-w-	c:\windows\SysWow64\ColorMedia.dll
2015-01-31 07:52 . 2014-12-14 09:53	378640	----a-w-	c:\windows\system32\ColorMedia64.dll
2015-01-30 19:08 . 2015-01-30 19:08	--------	d-----w-	c:\users\Versuch\AppData\Roaming\PDF Architect
2015-01-30 19:08 . 2015-01-30 19:08	--------	d-----w-	c:\users\Versuch\AppData\Local\IsolatedStorage
2015-01-30 18:28 . 2014-12-15 03:13	11870360	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F9B7479F-896C-4FB5-A917-61263B03EDB4}\mpengine.dll
2015-01-29 10:55 . 2015-01-29 10:55	820072	----a-w-	c:\program files\Common Files\System\SysMenu64.dll
2015-01-29 10:55 . 2015-01-29 10:55	649064	----a-w-	c:\program files\Common Files\System\SysMenu.dll
2015-01-21 20:19 . 2015-01-27 05:18	73840	----a-w-	c:\program files (x86)\Mozilla Firefox\wow_helper.exe
2015-01-20 05:34 . 2014-12-12 05:35	5553592	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-01-20 05:34 . 2014-12-12 05:11	3971512	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2015-01-20 05:34 . 2014-12-12 05:31	503808	----a-w-	c:\windows\system32\srcore.dll
2015-01-20 05:34 . 2014-12-12 05:11	3916728	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2015-01-20 05:34 . 2014-12-12 05:31	50176	----a-w-	c:\windows\system32\srclient.dll
2015-01-20 05:34 . 2014-12-12 05:31	296960	----a-w-	c:\windows\system32\rstrui.exe
2015-01-20 05:34 . 2014-12-12 05:07	43008	----a-w-	c:\windows\SysWow64\srclient.dll
2015-01-14 07:06 . 2014-12-19 01:46	141312	----a-w-	c:\windows\system32\drivers\mrxdav.sys
2015-01-14 07:06 . 2014-12-06 04:17	303616	----a-w-	c:\windows\system32\nlasvc.dll
2015-01-14 07:06 . 2014-12-06 03:50	52224	----a-w-	c:\windows\SysWow64\nlaapi.dll
2015-01-14 07:06 . 2014-12-06 03:50	156672	----a-w-	c:\windows\SysWow64\ncsi.dll
2015-01-14 07:06 . 2014-12-19 03:06	210432	----a-w-	c:\windows\system32\profsvc.dll
2015-01-14 07:06 . 2014-12-11 17:47	87040	----a-w-	c:\windows\system32\TSWbPrxy.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-31 14:24 . 2014-08-05 13:08	129752	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-31 06:56 . 2012-04-02 18:28	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-31 06:56 . 2011-11-15 20:21	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-15 17:46 . 2011-11-18 18:58	113365784	----a-w-	c:\windows\system32\MRT.exe
2015-01-08 08:55 . 2011-11-15 20:40	298120	------w-	c:\windows\system32\MpSigStub.exe
2014-12-13 05:09 . 2014-12-17 18:31	144384	----a-w-	c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-17 18:31	115712	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-12-04 02:50 . 2014-12-11 21:49	413184	----a-w-	c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-11 21:49	741376	----a-w-	c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-11 21:49	396800	----a-w-	c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-11 21:49	830976	----a-w-	c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-11 21:49	192000	----a-w-	c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-11 21:49	227328	----a-w-	c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-11 21:49	1083392	----a-w-	c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-11 21:49	1232040	----a-w-	c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-11 21:46	389296	----a-w-	c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-11 21:46	25059840	----a-w-	c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-11 21:46	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-11 21:46	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-11 21:46	66560	----a-w-	c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-11 21:46	580096	----a-w-	c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-11 21:46	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-11 21:46	2885120	----a-w-	c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-11 21:46	88064	----a-w-	c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-11 21:46	54784	----a-w-	c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-11 21:46	34304	----a-w-	c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-11 21:46	633856	----a-w-	c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-11 21:46	114688	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-11 21:46	814080	----a-w-	c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-11 21:46	6039552	----a-w-	c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-11 21:46	968704	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-11 21:46	490496	----a-w-	c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-11 21:46	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-11 21:46	77824	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-11 21:46	199680	----a-w-	c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-11 21:46	92160	----a-w-	c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-11 21:46	501248	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-11 21:46	62464	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-11 21:46	47616	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-11 21:46	64000	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-11 21:46	316928	----a-w-	c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-11 21:46	620032	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-11 21:46	718848	----a-w-	c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-11 21:46	800768	----a-w-	c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-11 21:46	1359360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-11 21:46	2125312	----a-w-	c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-11 21:46	14412800	----a-w-	c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-11 21:46	60416	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-11 21:46	4299264	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-11 21:46	2358272	----a-w-	c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-11 21:46	2052096	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-11 21:46	1155072	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-11 21:46	1548288	----a-w-	c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-11 21:46	800768	----a-w-	c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-11 21:46	1888256	----a-w-	c:\windows\SysWow64\wininet.dll
2014-11-21 05:14 . 2014-08-05 13:08	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-11-21 05:14 . 2014-08-05 13:08	93400	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 05:14 . 2014-08-05 13:08	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-11-18 19:47 . 2014-11-18 19:47	1691816	----a-w-	c:\windows\system32\FM20.DLL
2014-11-11 03:09 . 2014-12-11 21:46	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 19:06	241152	----a-w-	c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 19:06	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-11 21:46	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 19:06	186880	----a-w-	c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 19:06	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-11 21:46	119296	----a-w-	c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-11 21:38	2048	----a-w-	c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-11 21:38	2048	----a-w-	c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 16:19	1729744	----a-w-	c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 16:19	1729744	----a-w-	c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 16:19	1729744	----a-w-	c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:41	120104	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Photosmart 5520 series (NET)"="c:\program files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2014-04-23 533568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-16 702768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-09 98304]
"SimpleScreenshot"="c:\progra~2\SSS\SIMPLESCREENSHOT.EXE" [BU]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-12-31 126712]
.
c:\users\XXXXXX XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
RescueTime.lnk - c:\program files (x86)\RescueTime\RescueTime.exe [2013-5-22 2401792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe"
"Download Protect"=c:\programdata\dlprotect.exe
"iSaverCtrl"=c:\program files (x86)\iSaver\iSaverCtrl.exe --startup
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 BotkindSyncService;Botkind Service;c:\program files (x86)\Allway Sync\Bin\SyncService.exe service;c:\program files (x86)\Allway Sync\Bin\SyncService.exe service [x]
R4 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
R4 NoIPDUCService4;NO-IP DUC v4;c:\program files (x86)\No-IP\ducservice.exe;c:\program files (x86)\No-IP\ducservice.exe [x]
R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
R4 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe;c:\program files\OO Software\Defrag\oodag.exe [x]
R4 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
R4 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
R4 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
R4 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe;c:\program files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
R4 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Join Air\AssistantServices.exe;c:\program files (x86)\Join Air\AssistantServices.exe [x]
R4 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S1 SLEE_18_DRIVER;Steganos Live Encryption Engine 18 [Driver];c:\windows\Sleen1864.sys;c:\windows\Sleen1864.sys [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Common Files\AAV\aavus.exe;c:\program files (x86)\Common Files\AAV\aavus.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 EkaProt6;Ekahau User Protocol Driver for NDIS 6;c:\windows\system32\DRIVERS\ekaprot6.sys;c:\windows\SYSNATIVE\DRIVERS\ekaprot6.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-27 05:19	1086280	----a-w-	c:\program files (x86)\Google\Chrome\Application\40.0.2214.93\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-02-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 06:56]
.
2015-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-13 18:09]
.
2014-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-13 18:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 16:17	2334928	----a-w-	c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 16:17	2334928	----a-w-	c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 16:17	2334928	----a-w-	c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:44	137512	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SNUVCDSM"="c:\windows\snuvcdsm.exe" [2011-01-13 30080]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-29 8312352]
"PLFSetL"="c:\windows\PLFSetL.exe" [2011-01-13 99712]
"PLFSetI"="c:\windows\PLFSetI.exe" [2011-11-13 200704]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-11 349480]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 295936]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\XXXXXX XXXXXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
Trusted Zone: sklavenzentrale.com\www
TCP: DhcpNameServer = 192.168.178.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\XXXXXX XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
BHO-{7e0aaab3-ba7d-4a2d-b1e6-4289ce4d1b1e} - c:\program files (x86)\unissales\9vFbOLvEX4RE1d.x64.dll
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
AddRemove-Chandler - c:\program files (x86)\Chandler1.0.3\uninst.exe
AddRemove-CoreAAC Audio Decoder - c:\windows\system32\CoreAAC-uninstall.exe
AddRemove-{ad2818b3-1616-4ec8-855d-be6936103e5a} - c:\programdata\Package Cache\{ad2818b3-1616-4ec8-855d-be6936103e5a}\free-system-utilities_Setup_chip_de-DE.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{722b3793-5367-4446-b6bb-db89b05c1f24}\LocalServer32]
@DACL=(02 0000)
@=expand:"%SystemRoot%\\System32\\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {722b3793-5367-4446-b6bb-db89b05c1f24}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
@DACL=(02 0000)
@="Bing"
"DisplayName"="@ieframe.dll,-12512"
"URL"="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-02-01  08:55:53 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-02-01 07:55
ComboFix2.txt  2014-08-24 11:42
.
Vor Suchlauf: 19 Verzeichnis(se), 109.177.110.528 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 116.623.638.528 Bytes frei
.
- - End Of File - - A99390E7139F2ECFA5F55E908DC41F65
A36C5E4F47E84449FF07ED3517B43A31

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by XXXX XXXX (administrator) on ARBEITSCOMPUTER on 01-02-2015 08:59:50
Running from C:\Users\XXXX XXXX\Desktop
Loaded Profiles: XXXX XXXX (Available profiles: XXXX XXXX & XXXX & Versuch)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Common Files\AAV\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SNUVCDSM] => C:\Windows\snuvcdsm.exe [30080 2011-01-13] ()
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-29] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetL] => C:\Windows\PLFSetL.exe [99712 2011-01-13] (Sonix Technology Co., Ltd.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2011-11-13] ()
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-11] (Egis Technology Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-07-22] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SimpleScreenshot] => C:\PROGRA~2\SSS\SIMPLESCREENSHOT.EXE
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-02] (Dritek System Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-23] (BillP Studios)
Startup: C:\Users\XXXX XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk
ShortcutTarget: RescueTime.lnk -> C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1242904208-471078349-2963378918-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: unissales -> {7e0aaab3-ba7d-4a2d-b1e6-4289ce4d1b1e} -> C:\Program Files (x86)\unissales\9vFbOLvEX4RE1d.x64.dll No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Booster-Web helper -> {B5147546-9359-4D9B-8B36-F54C54555799} -> C:\Program Files (x86)\Booster-Web\Booster-Web.dll (App LLC)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Booster-Web helper -> {B5147546-9359-4D9B-8B36-F54C54555799} -> C:\Program Files (x86)\Booster-Web\Booster-Web.dll (App LLC)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\searchplugins\trovi.xml
FF Extension: Booster Web - C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\jid1-U7omKQ6kQfxMaQ@jetpack [2015-01-31]
FF Extension: Zoom It - C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{680219c9-7bbf-5dfc-84d8-33b88668b4ab} [2015-01-31]
FF Extension: LeechBlock - C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2014-12-07]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\XXXX XXXX\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (Google Docs) - C:\Users\XXXX XXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-25]
CHR Extension: (Google Drive) - C:\Users\XXXX XXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\XXXX XXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-26]
CHR Extension: (YouTube) - C:\Users\XXXX XXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-25]
CHR Extension: (Google Search) - C:\Users\XXXX XXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-25]
CHR Extension: (Avira Browser Safety) - C:\Users\XXXX XXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-26]
CHR Extension: (Google Wallet) - C:\Users\XXXX XXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-26]
CHR Extension: (Gmail) - C:\Users\XXXX XXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-25]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Common Files\AAV\aavus.exe [122880 2007-10-04] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
S4 BotkindSyncService; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [182784 2013-10-10] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S4 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241704 2014-03-25] (Foxit Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-11] (Egis Technology Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 NoIPDUCService4; C:\Program Files (x86)\No-IP\ducservice.exe [11264 2013-01-24] () [File not signed]
S4 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3051848 2011-01-25] (O&O Software GmbH)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] () [File not signed]
S4 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S4 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) [File not signed]
S4 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe [72344 2008-05-19] (SiSoftware) [File not signed]
S4 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [247152 2010-04-27] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 EkaProt6; C:\Windows\System32\DRIVERS\ekaprot6.sys [27288 2012-03-23] (Ekahau Inc.)
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [109144 2014-01-30] (Softwareentwicklung Remus - ArchiCrypt - )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806592 2011-01-13] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 08:59 - 2015-02-01 09:00 - 00019065 _____ () C:\Users\XXXX XXXX\Desktop\FRST.txt
2015-02-01 08:55 - 2015-02-01 08:55 - 00039830 _____ () C:\ComboFix.txt
2015-02-01 01:01 - 2015-02-01 00:56 - 05611408 ____R (Swearware) C:\Users\XXXX XXXX\Desktop\ComboFix.exe
2015-02-01 00:56 - 2015-02-01 00:56 - 05611408 ____R (Swearware) C:\Users\XXXX XXXX\Downloads\ComboFix.exe
2015-02-01 00:46 - 2015-02-01 00:46 - 00000249 _____ () C:\Users\XXXX XXXX\Desktop\TM-Kurse in Lörrach Transzendentale Meditation.URL
2015-01-31 23:47 - 2015-01-31 23:51 - 00002169 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2015.lnk
2015-01-31 20:29 - 2015-01-31 20:29 - 00000269 _____ () C:\Users\XXXX XXXX\Desktop\Online Fitness mit Trainingsplänen - FREELETICS.URL
2015-01-31 17:50 - 2015-02-01 08:59 - 00000000 ____D () C:\Users\XXXX XXXX\Desktop\FRST-OlderVersion
2015-01-31 17:48 - 2015-01-31 17:48 - 00000337 _____ () C:\Users\XXXX XXXX\Desktop\Samsung Tab - kein Speicherplatz - Android-Hilfe.de.URL
2015-01-31 17:00 - 2015-01-31 17:01 - 00001671 _____ () C:\Users\XXXX XXXX\Desktop\JRT.txt
2015-01-31 16:55 - 2015-01-31 16:55 - 00057200 _____ () C:\Users\XXXX XXXX\Desktop\ Malwarebytes Anti-Malware .txt
2015-01-31 15:22 - 2015-01-31 15:22 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-31 15:03 - 2015-01-31 15:03 - 02194432 _____ () C:\Users\XXXX XXXX\Desktop\AdwCleaner_4.109.exe
2015-01-31 15:03 - 2015-01-31 15:03 - 01707939 _____ (Thisisu) C:\Users\XXXX XXXX\Desktop\JRT.exe
2015-01-31 11:33 - 2015-01-31 11:33 - 00000000 ____D () C:\Users\XXXX XXXX\Documents\TokensBackup
2015-01-31 10:12 - 2015-02-01 08:59 - 02131456 _____ (Farbar) C:\Users\XXXX XXXX\Desktop\FRST64.exe
2015-01-31 10:10 - 2015-01-31 10:10 - 00001101 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-31 09:43 - 2015-01-31 09:46 - 00000000 ____D () C:\Users\XXXX XXXX\Desktop\Ordnung
2015-01-31 09:35 - 2015-01-31 09:35 - 00000000 ____D () C:\Users\XXXX XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Booster-Web
2015-01-31 09:34 - 2015-01-31 10:01 - 00000000 ____D () C:\Users\XXXX XXXX\AppData\Roaming\Booster-Web
2015-01-31 09:34 - 2015-01-31 09:35 - 00000000 ____D () C:\Program Files (x86)\Booster-Web
2015-01-31 09:34 - 2015-01-31 09:34 - 00003408 _____ () C:\Windows\System32\Tasks\sondhschedule
2015-01-31 09:34 - 2015-01-31 09:34 - 00003108 _____ () C:\Windows\System32\Tasks\zupa3002
2015-01-31 09:33 - 2015-02-01 08:39 - 00000000 ____D () C:\Program Files (x86)\878e2246-8f7a-48fe-89f9-845dc6abbab7
2015-01-31 09:32 - 2015-01-31 09:32 - 00001117 _____ () C:\Users\XXXX XXXX\Desktop\Continue installation .lnk
2015-01-31 09:31 - 2015-01-31 09:31 - 00000000 ____D () C:\ProgramData\SearchModulePlus
2015-01-31 09:30 - 2015-02-01 08:39 - 00000000 ____D () C:\Program Files (x86)\ed55547d-8d98-4039-96d9-00407eb30671
2015-01-31 09:30 - 2015-02-01 08:39 - 00000000 ____D () C:\Program Files (x86)\38307773-d954-48f2-8127-93df0ea63e4a
2015-01-31 09:29 - 2015-01-31 09:29 - 00003446 _____ () C:\Windows\System32\Tasks\Inst_Rep
2015-01-31 09:06 - 2015-01-31 17:44 - 00000000 ____D () C:\Program Files (x86)\Hearthstone Stream Browser
2015-01-31 09:06 - 2015-01-31 09:06 - 00000000 ____D () C:\Windows\SysWOW64\AMD64
2015-01-31 09:03 - 2015-01-31 09:03 - 00000000 ____D () C:\ProgramData\{06467b43-d78a-a739-0646-67b43d78ed0f}
2015-01-31 08:59 - 2015-01-31 16:56 - 00000000 ____D () C:\Users\XXXX XXXX\AppData\Local\avaxvyvax
2015-01-31 08:59 - 2015-01-31 08:59 - 00003556 _____ () C:\Windows\System32\Tasks\avaxvyvax
2015-01-31 08:59 - 2015-01-31 08:59 - 00003206 _____ () C:\Windows\System32\Tasks\{186E3D0B-D440-49E7-8F64-7917C92B0863}
2015-01-31 08:57 - 2015-01-31 08:57 - 01191200 _____ () C:\Users\XXXX XXXX\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2015-01-31 08:52 - 2014-12-14 10:53 - 00378640 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll
2015-01-31 08:52 - 2014-12-14 10:53 - 00332568 _____ (CartCrunch Israel Ltd.) C:\Windows\SysWOW64\ColorMedia.dll
2015-01-30 20:51 - 2015-01-30 20:51 - 00000600 _____ () C:\Users\XXXX XXXX\AppData\Roaming\winscp.rnd
2015-01-30 20:08 - 2015-01-30 20:08 - 00000000 ____D () C:\Users\Versuch\AppData\Roaming\PDF Architect
2015-01-30 20:08 - 2015-01-30 20:08 - 00000000 ____D () C:\Users\Versuch\AppData\Local\IsolatedStorage
2015-01-30 19:16 - 2015-01-30 19:17 - 00000000 ____D () C:\Users\Versuch\AppData\OICE_15_974FA576_32C1D314_2072
2015-01-27 21:08 - 2015-02-01 08:52 - 00005192 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Arbeitscomputer-XXXX XXXX Arbeitscomputer
2015-01-25 17:12 - 2015-01-25 17:12 - 00002086 _____ () C:\Users\XXXX XXXX\AppData\Roaming\UHTQPK
2015-01-25 17:12 - 2015-01-25 17:12 - 00002086 _____ () C:\Users\XXXX XXXX\AppData\Roaming\NWAUR
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\XXXX XXXX\AppData\Roaming\MLSC
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\XXXX XXXX\AppData\Roaming\FMLW
2015-01-20 06:34 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-20 06:34 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-20 06:34 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-20 06:34 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-20 06:34 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-20 06:34 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-20 06:34 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 08:06 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:06 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:06 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 08:06 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:06 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 08:06 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 05:55 - 2015-01-13 05:55 - 00009429 _____ () C:\Users\XXXX XXXX\AppData\Local\recently-used.xbel

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 08:59 - 2014-08-21 20:10 - 00000000 ____D () C:\FRST
2015-02-01 08:55 - 2014-08-24 12:03 - 00000000 ____D () C:\Qoobox
2015-02-01 08:50 - 2012-09-20 04:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-01 08:50 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-01 08:48 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-01 08:48 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-01 08:46 - 2011-11-13 21:43 - 01373674 _____ () C:\Windows\WindowsUpdate.log
2015-02-01 08:41 - 2014-06-20 13:07 - 00112126 _____ () C:\Windows\PFRO.log
2015-02-01 08:41 - 2014-06-18 08:20 - 00027797 _____ () C:\Windows\setupact.log
2015-02-01 08:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-01 08:40 - 2013-10-13 19:47 - 00000000 ____D () C:\Windows\erdnt
2015-02-01 08:40 - 2009-07-14 03:34 - 24379392 _____ () C:\Windows\system32\config\system.bak
2015-02-01 08:40 - 2009-07-14 03:34 - 113508352 _____ () C:\Windows\system32\config\software.bak
2015-02-01 08:40 - 2009-07-14 03:34 - 05505024 _____ () C:\Windows\system32\config\default.bak
2015-02-01 08:40 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-02-01 08:40 - 2009-07-14 03:34 - 00032768 _____ () C:\Windows\system32\config\security.bak
2015-02-01 08:39 - 2009-11-05 01:49 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-02-01 08:05 - 2012-08-14 18:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-01 00:31 - 2012-03-25 11:40 - 00000000 ____D () C:\Users\XXXX XXXX\Documents\Steuerfälle
2015-01-31 23:47 - 2012-03-25 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps
2015-01-31 23:47 - 2012-03-25 11:26 - 00000000 ____D () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft
2015-01-31 17:39 - 2013-09-19 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-31 17:39 - 2012-03-11 02:08 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-31 17:19 - 2011-11-14 06:15 - 00000000 ____D () C:\Windows\Lan
2015-01-31 15:24 - 2014-08-05 14:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-31 15:22 - 2014-08-05 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-31 15:22 - 2014-08-05 14:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-31 15:08 - 2014-11-16 12:18 - 00001025 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-31 15:08 - 2014-11-16 12:18 - 00001013 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-31 15:08 - 2014-10-25 07:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-31 15:08 - 2014-08-24 18:36 - 00000000 ____D () C:\AdwCleaner
2015-01-31 15:08 - 2011-11-20 15:41 - 00001021 _____ () C:\Users\XXXX XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-31 10:10 - 2014-08-06 10:55 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-31 10:10 - 2013-02-24 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-31 10:09 - 2013-02-24 19:39 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-31 09:44 - 2014-08-07 20:56 - 02931200 ___SH () C:\Users\XXXX XXXX\Desktop\Thumbs.db
2015-01-31 09:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-31 07:56 - 2014-08-15 15:44 - 00000000 ____D () C:\Users\XXXX XXXX\AppData\Local\Adobe
2015-01-31 07:56 - 2012-04-02 19:28 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-31 07:56 - 2012-04-02 19:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-31 07:56 - 2011-11-15 21:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-30 19:03 - 2014-09-10 06:10 - 00000000 ____D () C:\Users\Versuch\AppData\Roaming\SimpleScreenshot
2015-01-27 20:12 - 2014-11-10 20:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 06:18 - 2014-11-16 12:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 07:21 - 2012-06-10 14:07 - 00000000 ____D () C:\Users\XXXX XXXX\Documents\Bewerbungen
2015-01-25 17:19 - 2011-11-14 06:34 - 00702664 _____ () C:\Windows\system32\perfh007.dat
2015-01-25 17:19 - 2011-11-14 06:34 - 00151424 _____ () C:\Windows\system32\perfc007.dat
2015-01-25 17:19 - 2009-07-14 06:13 - 01629998 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-23 21:11 - 2013-11-02 09:43 - 00000000 ____D () C:\Users\XXXX XXXX\AppData\Roaming\Skype
2015-01-20 14:50 - 2014-09-10 06:09 - 00000000 ____D () C:\Users\Versuch
2015-01-20 14:50 - 2013-05-22 21:33 - 00000000 ____D () C:\Users\XXXX XXXX\AppData\Local\RescueTime.com
2015-01-20 14:50 - 2012-03-30 17:57 - 00000000 ____D () C:\Users\XXXX
2015-01-20 14:50 - 2011-12-01 21:23 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-01-20 14:50 - 2011-11-20 16:01 - 00000000 ____D () C:\Users\XXXX XXXX\AppData\Roaming\SimpleScreenshot
2015-01-20 14:50 - 2009-11-05 01:26 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-20 14:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-20 06:21 - 2011-11-13 22:46 - 00000000 ____D () C:\Users\XXXX XXXX
2015-01-18 20:07 - 2012-04-07 11:49 - 00000000 ____D () C:\Users\XXXX XXXX\Documents\Finanzen
2015-01-15 18:59 - 2013-07-13 08:36 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 18:46 - 2011-11-18 19:58 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 05:55 - 2014-06-15 19:34 - 00000000 ____D () C:\Users\XXXX XXXX\AppData\Local\gtk-2.0
2015-01-13 05:55 - 2012-08-29 10:11 - 00000000 ____D () C:\Users\XXXX XXXX\.gimp-2.8
2015-01-08 09:55 - 2011-11-15 21:40 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 18:47 - 2012-03-23 13:19 - 00000000 ____D () C:\Users\XXXX XXXX\Documents\Cellula
2015-01-03 15:28 - 2012-03-11 19:16 - 00000000 ____D () C:\Users\XXXX XXXX\Documents\ERGO
2015-01-03 10:51 - 2012-03-11 19:16 - 00000000 ____D () C:\Users\XXXX XXXX\Documents\SP

==================== Files in the root of some directories =======

2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\XXXX XXXX\AppData\Roaming\FMLW
2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\XXXX XXXX\AppData\Roaming\MLSC
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\XXXX XXXX\AppData\Roaming\NWAUR
2014-06-28 07:10 - 2014-07-23 21:30 - 14159872 _____ () C:\Users\XXXX XXXX\AppData\Roaming\Sandra.mdb
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\XXXX XXXX\AppData\Roaming\UHTQPK
2015-01-30 20:51 - 2015-01-30 20:51 - 0000600 _____ () C:\Users\XXXX XXXX\AppData\Roaming\winscp.rnd
2012-04-20 18:28 - 2014-07-07 01:20 - 0006656 _____ () C:\Users\XXXX XXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-22 21:07 - 2014-09-22 21:07 - 0001482 _____ () C:\Users\XXXX XXXX\AppData\Local\RecConfig.xml
2015-01-13 05:55 - 2015-01-13 05:55 - 0009429 _____ () C:\Users\XXXX XXXX\AppData\Local\recently-used.xbel
2013-08-12 21:15 - 2013-08-12 21:15 - 0007603 _____ () C:\Users\XXXX XXXX\AppData\Local\Resmon.ResmonCfg
2012-03-31 10:26 - 2012-03-31 10:26 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-11-13 22:53 - 2011-11-13 22:57 - 0008282 _____ () C:\ProgramData\ArcadeDeluxe3.log
2014-09-22 19:19 - 2014-10-06 19:45 - 0008737 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-31 13:31

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by XXXXX XXXXX at 2015-02-01 09:00:56
Running from C:\Users\XXXXX XXXXX\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.7112 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.0.7112 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.29 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.124.1120 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.124.1120 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3004 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.2009.1217 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3000 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.103 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}) (Version: 1.4.17.35005 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.4.17.35005 - Alcor Micro Corp.) Hidden
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
Alle meine Passworte 4.13 (HKLM\...\AllemeinePassworte) (Version:  - Mirko Böer)
Allway Sync version 12.16.9 (HKLM-x32\...\Allway Sync_is1) (Version:  - Botkind Inc)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1105 - Alps Electric)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{11F38253-8940-FFDA-D131-B14120C357E4}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avi2Dvd 0.6.4 (HKLM-x32\...\Avi2Dvd) (Version: 0.6.4 - TrustFm)
Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Backup Manager Basic (x32 Version: 2.0.0.29 - NewTech Infosystems) Hidden
BatteryCare 0.9.10.0 (HKLM-x32\...\{C6A6036D-FBD0-4324-BEAA-C0845257160C}_is1) (Version: 0.9.10.0 - Filipe Lourenço)
BitTorrent (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\BitTorrent) (Version: 7.9.2.31638 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Booster-Web (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Booster-Web) (Version: 4 - ${CompanyName})
Broadcom Gigabit NetLink Controller (HKLM\...\{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}) (Version: 12.33.03 - Broadcom Corporation)
Canon MP160 Benutzerregistrierung (HKLM-x32\...\Canon MP160 Benutzerregistrierung) (Version:  - )
ccc-core-static (x32 Version: 2009.1209.2335.42329 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP)
Chandler 1.0.3 (HKLM-x32\...\Chandler) (Version: 1.0.3 - Open Source Applications Foundation)
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)
CoreAAC Audio Decoder (remove only) (HKLM-x32\...\CoreAAC Audio Decoder) (Version:  - )
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
EinsteinBrainTrainer (remove only) (HKLM-x32\...\EinsteinBrainTrainer) (Version:  - )
Ekahau HeatMapper (HKLM\...\Heatmapper-1.1.4.39795) (Version: 1.1.4.39795 - Ekahau Inc.)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
ffdshow [rev 3299] [2010-03-03] (HKLM-x32\...\ffdshow_is1) (Version: 1.0.0.3299 - )
Fiat eco:Drive (HKLM-x32\...\com.fiat.convergence.385E4263E7379A5D22A7076E99B02868EFF10711.1) (Version: 2.0.2 - Fiat Group Automobiles)
Fiat eco:Drive (x32 Version: 2.0.2 - Fiat Group Automobiles) Hidden
First Class Flurry (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}) (Version:  - Oberon Media)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.105.325 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.3.321 - Foxit Corporation)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free DVD Video Burner version 3.0.4.426 (HKLM-x32\...\Free DVD Video Burner_is1) (Version:  - DVDVideoSoft Limited.)
Free System Utilities (HKLM-x32\...\{ad2818b3-1616-4ec8-855d-be6936103e5a}) (Version: 1.1.0.70 - Covus Freemium GmbH)
Free SystemUtilities (x32 Version: 1.1.0.70 - Covus Freemium GmbH) Hidden
Free YouTube Download version 3.1.37.918 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.37.918 - DVDVideoSoft Ltd.)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0_RC_10 - )
FRITZ!Box-Fernzugang einrichten (HKLM-x32\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
FrostWire 5.3.5 (HKLM-x32\...\FrostWire 5) (Version: 5.3.5.0 - FrostWire Team)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photosmart 5520 series - Grundlegende Software für das Gerät (HKLM\...\{4F396B08-301D-4E53-A372-95A7E93ABD04}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.007 - HTC Corporation)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Join Air (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - ZTE Corporation)
Kassenbuch (HKLM-x32\...\{29531C6B-7B64-4C53-B54A-6C8AB5DE2159}) (Version: 1.0.0 - Office Consult GmbH)
K-Lite Codec Pack 9.2.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.2.0 - )
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.05 - Acer Inc.)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MediaHuman YouTube to MP3 Converter Version 3.3 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.3 - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 (KB971118) (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971118)) (Version:  - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 Language Pack - DEU (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 Language Pack - DEU) (Version:  - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MPC-HC 1.7.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.0.1 - Vitalwerks Internet Solutions LLC)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6623 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6623 - NewTech Infosystems) Hidden
O&O Defrag Free Edition (HKLM\...\{C10CAF82-9D36-4D9A-9DC0-C4549F06B519}) (Version: 14.1.431 - O&O Software GmbH)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF24 Creator 6.8.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
pomodairo (HKLM-x32\...\{EEBEA077-AB92-5083-ECB1-C15BD842D00B}) (Version: 1.9 - UNKNOWN)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Random Dresser (HKLM-x32\...\RandomDresser) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
RescueTime 2.2.1 (HKLM-x32\...\{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1) (Version:  - RescueTime.com)
Restorer2000 3.3 (HKLM-x32\...\Restorer2000_is1) (Version: 3.3 - Bitmart Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shutdown Manager (HKLM-x32\...\{C457BA5F-35F9-480C-90F8-5C91DB443A15}_is1) (Version: 2.0.7 - Daniel Höllig)
SimpleScreenshot 1.40 (HKLM-x32\...\SimpleScreenshot) (Version:  - )
SiSoftware Sandra Lite 2014.SP2a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 20.35.2014.6 - SiSoftware)
SIW version 2011.10.29 (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.10.29 - Topala Software Solutions)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Steganos Safe 14 (HKLM-x32\...\{13B7FBFB-622E-4002-8570-594798E6167D}) (Version: 14.2.2 - Steganos Software GmbH)
Steuer-Spar-Erklärung 2008 (HKLM-x32\...\{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}) (Version: 13.02.0000 - Akademische Arbeitsgemeinschaft)
Steuer-Spar-Erklärung 2009 (HKLM-x32\...\{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}) (Version: 14.01.0000 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2010 (HKLM-x32\...\{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}) (Version: 15.15 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2011 (HKLM-x32\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.18 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.14 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.12.92 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.25.123 - Akademische Arbeitsgemeinschaft)
Streamripper (Remove only) (HKLM-x32\...\Streamripper) (Version:  - )
Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten (HKLM\...\{CAD7B6DD-9C82-4D17-BAE8-3E9AE4971B90}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
Time Stamp (HKLM-x32\...\Time Stamp_is1) (Version:  - 3.23.2010-0313)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.0.0 - TP-LINK)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
Tunatic (HKLM-x32\...\Tunatic) (Version:  - )
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinPatrol (HKLM\...\{6E575124-6D34-4E65-9375-7D69468A6089}) (Version: 30.9 - BillP Studios)
WinRAR 5.10 Beta 4 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Zuzahlungsrechner (HKLM-x32\...\{B2C69E77-F209-4B63-8676-4F32B27E162B}) (Version: 3.6.0 - sfr-software-fuers-heim)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1242904208-471078349-2963378918-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\XXXXX XXXXX\AppData\Roaming\moters\supna.dll No File <==== ATTENTION

==================== Restore Points  =========================

14-01-2015 08:05:58 Windows Update
15-01-2015 18:45:05 Windows Update
16-01-2015 05:01:13 Windows Modules Installer
20-01-2015 06:35:31 Windows Update
21-01-2015 00:02:16 Windows Update
27-01-2015 20:19:44 Windows Update
31-01-2015 17:38:41 Removed Java 7 Update 67
31-01-2015 23:45:00 SteuerSparErklärung 2015 wurde installiert.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-02-01 08:39 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0CAEEB6B-A216-4E04-9EA6-AC310639FD8D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {13DABB31-ABBE-4704-8EDF-E28147F8962C} - \SMWPUpd No Task File <==== ATTENTION
Task: {23CEA58C-8E99-49B6-96E0-E0033F148659} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {26DA7882-781D-4FC9-B1A5-5F5B1F7227FE} - System32\Tasks\{6A246FB0-E753-4188-9543-22389AB30F4E} => pcalua.exe -a "C:\Users\XXXXX XXXXX\Downloads\Chandler_win_1.0.3.exe" -d "C:\Users\XXXXX XXXXX\Downloads"
Task: {331D0C36-5AAC-434D-A64B-8F53AF5F083F} - System32\Tasks\zupa3002 => C:\PROGRA~2\TabNav\zupa3002.exe
Task: {38C51694-B081-4739-8E17-069D4A49D4D4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {47C46238-A6C4-4C4B-BE85-E6E1425608CB} - System32\Tasks\{144D2C4F-2583-452B-AC74-C64839CF03CC} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller" -c -hunter
Task: {5A42985A-DC32-4FE1-8210-CA09F67316FC} - System32\Tasks\HPCustPartic.exe_{96420065-3C4E-4B3E-96DB-DB0760F51DDD} => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {5B5D6CC7-9FA7-4441-9A09-8A3C4EA669FD} - System32\Tasks\{9B880EC1-DC3B-45D7-A7BB-4E131A7A884F} => pcalua.exe -a "C:\Users\XXXXX XXXXX\Downloads\esetsmartinstaller_enu.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {5E1E681C-C0F1-4E87-8C95-38A011634E9C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {658A7160-D5FE-40D6-8358-5AC71CDD5600} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Arbeitscomputer-XXXXX XXXXX Arbeitscomputer => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: {739C86AB-D488-4894-A94A-E1C873D935C4} - System32\Tasks\{239C0599-E784-4910-B228-5D5AB8D346A6} => pcalua.exe -a "C:\Users\XXXXX XXXXX\Downloads\HiJackThis204.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {773149FF-2A04-41E8-AEF1-735F0738EC51} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {792B72B2-C51B-4379-B2AA-007529DB50F0} - System32\Tasks\{8D77E667-A31C-4EB4-B209-1E559B732CBC} => pcalua.exe -a "C:\Program Files (x86)\Canon\IJEREG\MP160\UNINST.EXE"
Task: {79995E4D-7C32-4800-8797-6893DD64333B} - System32\Tasks\{186E3D0B-D440-49E7-8F64-7917C92B0863} => pcalua.exe -a "C:\Users\XXXXX XXXXX\AppData\Roaming\omiga-plus\UninstallManager.exe" -c -ptid=obw <==== ATTENTION
Task: {7AEAE564-35D2-434E-8BC2-12BF5BC672DE} - System32\Tasks\HPCustParticipation HP Deskjet 3070 B611 series => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {7EED0456-B087-4708-8496-6474B917CECB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {92533B9B-37E7-4E54-B7DE-F8B0B255CFEE} - System32\Tasks\{4781B96F-C3F4-45CF-AB6F-C64C9AD3E88D} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{319D91C6-3D44-436C-9F79-36C0D22372DC}\setup.exe" -d "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK" -c -runfromtemp -removeonly
Task: {9C395D30-C0E5-4B3A-A232-E38DA71A3827} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A1D835EF-9220-45A2-811E-2CA5B38166BF} - System32\Tasks\hpUrlLauncher.exe_{4AF7A75F-FDE8-41B8-80D9-5C3EBC32D019} => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\utils\hpUrlLauncher.exe
Task: {A8889BDD-EEA6-44D8-85E8-4A53B4C6FFC7} - System32\Tasks\avaxvyvax => C:\Users\XXXXX XXXXX\AppData\Local\avaxvyvax\avaxvyvax.exe
Task: {B7A342C6-6ABF-492E-9250-2C92CB583846} - System32\Tasks\{A2A68590-5CAE-4C98-8B98-D18CC5E4C073} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{3DB0448D-AD82-4923-B305-D001E521A964}\setup.exe" -c -runfromtemp -l0x407 -removeonly
Task: {B99335C8-3858-4912-916A-9AC2D8DFC005} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {BBBF9E37-C1CD-4CF0-A783-CE021D6D2928} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {C3A9171A-C2B0-4DD2-90FB-60F5166A5C06} - System32\Tasks\sondhschedule => C:\Users\XXXXX
Task: {CE5325CF-BB63-4751-AB56-BD427BEAA0D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-31] (Adobe Systems Incorporated)
Task: {D8BC15BF-E6F5-4406-95E2-4C359424AE7D} - \SMW_UpdateTask_Time_333035393833303830392d5a556c6c4a5a575750414134 No Task File <==== ATTENTION
Task: {DA50F050-8700-4A90-9184-FBA2F85ECA89} - System32\Tasks\Inst_Rep => C:\Users\XXXXX XXXXX\AppData\Local\Installer\Install_24189\DCytdieamo_amodc_setup.exe [2015-01-31] ()
Task: {E36CA599-B047-467B-99AF-5E380AFECE05} - System32\Tasks\{AC797CD7-B058-4AC8-84B2-B2307D6AFF9B} => C:\Program Files (x86)\Chandler1.0.3\chandler.exe
Task: {E85DBE85-E344-4E48-A05A-ACF97445121F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {E9A74425-992C-4024-A0F4-03BCF765A15D} - \SPBIW_UpdateTask_Time_333035393833303830392d5a556c6c4a5a575750414134 No Task File <==== ATTENTION
Task: {F30712C0-5F79-4616-BFEE-8D27E1822469} - System32\Tasks\{581487AC-8AAF-40E1-A997-6B8519F0C5EC} => C:\Program Files (x86)\Chandler1.0.3\chandler.exe
Task: {FC0397BA-8222-41E7-836D-453BA55E74DB} - System32\Tasks\{2E665153-C229-4C02-9699-2F4EF08B1807} => pcalua.exe -a C:\Users\DANIEL~1\AppData\Local\Temp\InstallFlashPlayer.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2007-10-04 14:32 - 2007-10-04 14:32 - 00122880 _____ () C:\Program Files (x86)\Common Files\AAV\aavus.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BotkindSyncService => 2
MSCONFIG\Services: FoxitCloudUpdateService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NoIPDUCService4 => 2
MSCONFIG\Services: NTI IScheduleSvc => 2
MSCONFIG\Services: NTIBackupSvc => 3
MSCONFIG\Services: NTISchedulerSvc => 2
MSCONFIG\Services: OODefragAgent => 2
MSCONFIG\Services: PassThru Service => 2
MSCONFIG\Services: PDF Architect Helper Service => 2
MSCONFIG\Services: PDF Architect Service => 2
MSCONFIG\Services: SandraAgentSrv => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\Services: TomTomHOMEService => 2
MSCONFIG\Services: Updater Service => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart

========================= Accounts: ==========================

Administrator (S-1-5-21-1242904208-471078349-2963378918-500 - Administrator - Disabled)
XXXXX XXXXX (S-1-5-21-1242904208-471078349-2963378918-1000 - Administrator - Enabled) => C:\Users\XXXXX XXXXX
XXXXX (S-1-5-21-1242904208-471078349-2963378918-1003 - Limited - Enabled) => C:\Users\XXXXX
Gast (S-1-5-21-1242904208-471078349-2963378918-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1242904208-471078349-2963378918-1002 - Limited - Enabled)
Versuch (S-1-5-21-1242904208-471078349-2963378918-1004 - Administrator - Enabled) => C:\Users\Versuch

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/31/2015 05:20:22 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
   bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)


System errors:
=============
Error: (02/01/2015 08:40:11 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (02/01/2015 08:39:59 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (02/01/2015 08:39:15 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (02/01/2015 08:39:14 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (02/01/2015 08:35:41 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (02/01/2015 08:02:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SPDRIVER_1361.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (01/31/2015 11:28:38 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (01/31/2015 11:28:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (01/31/2015 11:28:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (01/31/2015 11:28:36 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.


Microsoft Office Sessions:
=========================
Error: (01/31/2015 05:20:22 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
   bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)


CodeIntegrity Errors:
===================================
  Date: 2015-02-01 08:39:15.425
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-01 08:39:15.175
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-01 08:39:14.941
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-01 08:39:14.692
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.971
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.769
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.550
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.332
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:01.069
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\DANIEL~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:00.711
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\DANIEL~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 37%
Total physical RAM: 3956.5 MB
Available physical RAM: 2463.49 MB
Total Pagefile: 7911.18 MB
Available Pagefile: 6194.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:290.05 GB) (Free:108.79 GB) NTFS
Drive d: (DATA) (Fixed) (Total:290.4 GB) (Free:285.17 GB) NTFS
Drive f: (INTENSO) (Removable) (Total:14.44 GB) (Free:14.44 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 6D48B855)
Partition 1: (Not Active) - (Size=15.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=290.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=290.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.5 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.

==================== End Of Log ============================

Bootsektor · 01.02.2015, 17:06

Hallo,

bitte achte darauf, dass du den Username in den Fixes wieder einsetzt!

Nachdem wir hier fertig sind, ändere bitte alle Passwörter

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKLM-x32\...\Run: [SimpleScreenshot] => C:\PROGRA~2\SSS\SIMPLESCREENSHOT.EXE
BHO: Booster-Web helper -> {B5147546-9359-4D9B-8B36-F54C54555799} -> C:\Program Files (x86)\Booster-Web\Booster-Web.dll (App LLC)
BHO-x32: Booster-Web helper -> {B5147546-9359-4D9B-8B36-F54C54555799} -> C:\Program Files (x86)\Booster-Web\Booster-Web.dll (App LLC)
FF SearchPlugin: C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\searchplugins\trovi.xml
FF Extension: Booster Web - C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\jid1-U7omKQ6kQfxMaQ@jetpack [2015-01-31]
FF Extension: Zoom It - C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{680219c9-7bbf-5dfc-84d8-33b88668b4ab} [2015-01-31]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {13DABB31-ABBE-4704-8EDF-E28147F8962C} - \SMWPUpd No Task File <==== ATTENTION
Task: {331D0C36-5AAC-434D-A64B-8F53AF5F083F} - System32\Tasks\zupa3002 => C:\PROGRA~2\TabNav\zupa3002.exe
Task: {773149FF-2A04-41E8-AEF1-735F0738EC51} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {79995E4D-7C32-4800-8797-6893DD64333B} - System32\Tasks\{186E3D0B-D440-49E7-8F64-7917C92B0863} => pcalua.exe -a "C:\Users\XXXXX XXXXX\AppData\Roaming\omiga-plus\UninstallManager.exe" -c -ptid=obw <==== ATTENTION
Task: {A8889BDD-EEA6-44D8-85E8-4A53B4C6FFC7} - System32\Tasks\avaxvyvax => C:\Users\XXXXX XXXXX\AppData\Local\avaxvyvax\avaxvyvax.exe
Task: {B99335C8-3858-4912-916A-9AC2D8DFC005} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {C3A9171A-C2B0-4DD2-90FB-60F5166A5C06} - System32\Tasks\sondhschedule => C:\Users\XXXXX
Task: {D8BC15BF-E6F5-4406-95E2-4C359424AE7D} - \SMW_UpdateTask_Time_333035393833303830392d5a556c6c4a5a575750414134 No Task File <==== ATTENTION
Task: {DA50F050-8700-4A90-9184-FBA2F85ECA89} - System32\Tasks\Inst_Rep => C:\Users\XXXXX XXXXX\AppData\Local\Installer\Install_24189\DCytdieamo_amodc_setup.exe [2015-01-31] ()
Task: {E9A74425-992C-4024-A0F4-03BCF765A15D} - \SPBIW_UpdateTask_Time_333035393833303830392d5a556c6c4a5a575750414134 No Task File <==== ATTENTION
c:\program files (x86)\sss
C:\Program Files (x86)\Booster-Web
C:\Windows\System32\Tasks\sondhschedule
C:\Windows\System32\Tasks\zupa3002
C:\Program Files (x86)\878e2246-8f7a-48fe-89f9-845dc6abbab7
C:\Program Files (x86)\ed55547d-8d98-4039-96d9-00407eb30671
C:\Program Files (x86)\38307773-d954-48f2-8127-93df0ea63e4a
C:\ProgramData\{06467b43-d78a-a739-0646-67b43d78ed0f}
C:\Users\XXXX XXXX\AppData\Local\avaxvyvax
C:\Windows\System32\Tasks\avaxvyvax
C:\Users\XXXX XXXX\AppData\Roaming\UHTQPK
C:\Users\XXXX XXXX\AppData\Roaming\NWAUR
C:\Users\XXXX XXXX\AppData\Roaming\MLSC
C:\Users\XXXX XXXX\AppData\Roaming\FMLW
C:\C:\Program Files (x86)\TabNav
C:\PROGRAM Files\COMMON files\System\SysMenu.dll
C:\Users\XXXXX XXXXX\AppData\Roaming\omiga-plus\UninstallManager.exe
C:\Users\XXXXX XXXXX\AppData\Local\Installer\Install_24189\DCytdieamo_amodc_setup.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Starte noch einmal FRST.

Setze den Haken bei addition.txt und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop (oder in dem Verzeichnis in dem FRST liegt) gespeichert.
Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.

magigstar · 01.02.2015, 22:02

Fixlog...

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
Ran by XXXXXX XXXXXX at 2015-02-01 21:49:59 Run:2
Running from C:\Users\XXXXXX XXXXXX\Desktop
Loaded Profiles: XXXXXX XXXXXX (Available profiles: XXXXXX XXXXXX & XXXXXX & Versuch)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [SimpleScreenshot] => C:\PROGRA~2\SSS\SIMPLESCREENSHOT.EXE
BHO: Booster-Web helper -> {B5147546-9359-4D9B-8B36-F54C54555799} -> C:\Program Files (x86)\Booster-Web\Booster-Web.dll (App LLC)
BHO-x32: Booster-Web helper -> {B5147546-9359-4D9B-8B36-F54C54555799} -> C:\Program Files (x86)\Booster-Web\Booster-Web.dll (App LLC)
FF SearchPlugin: C:\Users\XXXXXX XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\searchplugins\trovi.xml
FF Extension: Booster Web - C:\Users\XXXXXX XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\jid1-U7omKQ6kQfxMaQ@jetpack [2015-01-31]
FF Extension: Zoom It - C:\Users\XXXXXX XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{680219c9-7bbf-5dfc-84d8-33b88668b4ab} [2015-01-31]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {13DABB31-ABBE-4704-8EDF-E28147F8962C} - \SMWPUpd No Task File <==== ATTENTION
Task: {331D0C36-5AAC-434D-A64B-8F53AF5F083F} - System32\Tasks\zupa3002 => C:\PROGRA~2\TabNav\zupa3002.exe
Task: {773149FF-2A04-41E8-AEF1-735F0738EC51} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {79995E4D-7C32-4800-8797-6893DD64333B} - System32\Tasks\{186E3D0B-D440-49E7-8F64-7917C92B0863} => pcalua.exe -a "C:\Users\XXXXXXX XXXXXX\AppData\Roaming\omiga-plus\UninstallManager.exe" -c -ptid=obw <==== ATTENTION
Task: {A8889BDD-EEA6-44D8-85E8-4A53B4C6FFC7} - System32\Tasks\avaxvyvax => C:\Users\XXXXXXX XXXXXX\AppData\Local\avaxvyvax\avaxvyvax.exe
Task: {B99335C8-3858-4912-916A-9AC2D8DFC005} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {C3A9171A-C2B0-4DD2-90FB-60F5166A5C06} - System32\Tasks\sondhschedule => C:\Users\XXXXX
Task: {D8BC15BF-E6F5-4406-95E2-4C359424AE7D} - \SMW_UpdateTask_Time_333035393833303830392d5a556c6c4a5a575750414134 No Task File <==== ATTENTION
Task: {DA50F050-8700-4A90-9184-FBA2F85ECA89} - System32\Tasks\Inst_Rep => C:\Users\XXXXXXX XXXXXX\AppData\Local\Installer\Install_24189\DCytdieamo_amodc_setup.exe [2015-01-31] ()
Task: {E9A74425-992C-4024-A0F4-03BCF765A15D} - \SPBIW_UpdateTask_Time_333035393833303830392d5a556c6c4a5a575750414134 No Task File <==== ATTENTION
c:\program files (x86)\sss
C:\Program Files (x86)\Booster-Web
C:\Windows\System32\Tasks\sondhschedule
C:\Windows\System32\Tasks\zupa3002
C:\Program Files (x86)\878e2246-8f7a-48fe-89f9-845dc6abbab7
C:\Program Files (x86)\ed55547d-8d98-4039-96d9-00407eb30671
C:\Program Files (x86)\38307773-d954-48f2-8127-93df0ea63e4a
C:\ProgramData\{06467b43-d78a-a739-0646-67b43d78ed0f}
C:\Users\XXXXXX XXXXXX\AppData\Local\avaxvyvax
C:\Windows\System32\Tasks\avaxvyvax
C:\Users\XXXXXX XXXXXX\AppData\Roaming\UHTQPK
C:\Users\XXXXXX XXXXXX\AppData\Roaming\NWAUR
C:\Users\XXXXXX XXXXXX\AppData\Roaming\MLSC
C:\Users\XXXXXX XXXXXX\AppData\Roaming\FMLW
C:\C:\Program Files (x86)\TabNav
C:\PROGRAM Files\COMMON files\System\SysMenu.dll
C:\Users\XXXXXX XXXXXX\AppData\Roaming\omiga-plus\UninstallManager.exe
C:\Users\XXXXXX XXXXXX\AppData\Local\Installer\Install_24189\DCytdieamo_amodc_setup.exe
         
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SimpleScreenshot => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B5147546-9359-4D9B-8B36-F54C54555799}" => Key deleted successfully.
"HKCR\CLSID\{B5147546-9359-4D9B-8B36-F54C54555799}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B5147546-9359-4D9B-8B36-F54C54555799}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{B5147546-9359-4D9B-8B36-F54C54555799}" => Key deleted successfully.
C:\Users\XXXXXX XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\searchplugins\trovi.xml => Moved successfully.
C:\Users\XXXXXX XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\jid1-U7omKQ6kQfxMaQ@jetpack => Moved successfully.
C:\Users\XXXXXX XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{680219c9-7bbf-5dfc-84d8-33b88668b4ab} => Moved successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1242904208-471078349-2963378918-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{13DABB31-ABBE-4704-8EDF-E28147F8962C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13DABB31-ABBE-4704-8EDF-E28147F8962C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWPUpd" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{331D0C36-5AAC-434D-A64B-8F53AF5F083F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{331D0C36-5AAC-434D-A64B-8F53AF5F083F}" => Key deleted successfully.
C:\Windows\System32\Tasks\zupa3002 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\zupa3002" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{773149FF-2A04-41E8-AEF1-735F0738EC51}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{773149FF-2A04-41E8-AEF1-735F0738EC51}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\SMupdate2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79995E4D-7C32-4800-8797-6893DD64333B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79995E4D-7C32-4800-8797-6893DD64333B}" => Key deleted successfully.
C:\Windows\System32\Tasks\{186E3D0B-D440-49E7-8F64-7917C92B0863} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{186E3D0B-D440-49E7-8F64-7917C92B0863}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8889BDD-EEA6-44D8-85E8-4A53B4C6FFC7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8889BDD-EEA6-44D8-85E8-4A53B4C6FFC7}" => Key deleted successfully.
C:\Windows\System32\Tasks\avaxvyvax => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avaxvyvax" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B99335C8-3858-4912-916A-9AC2D8DFC005}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B99335C8-3858-4912-916A-9AC2D8DFC005}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C3A9171A-C2B0-4DD2-90FB-60F5166A5C06}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3A9171A-C2B0-4DD2-90FB-60F5166A5C06}" => Key deleted successfully.
C:\Windows\System32\Tasks\sondhschedule => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\sondhschedule" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8BC15BF-E6F5-4406-95E2-4C359424AE7D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8BC15BF-E6F5-4406-95E2-4C359424AE7D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_333035393833303830392d5a556c6c4a5a575750414134" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA50F050-8700-4A90-9184-FBA2F85ECA89}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA50F050-8700-4A90-9184-FBA2F85ECA89}" => Key deleted successfully.
C:\Windows\System32\Tasks\Inst_Rep => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Inst_Rep" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E9A74425-992C-4024-A0F4-03BCF765A15D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9A74425-992C-4024-A0F4-03BCF765A15D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_333035393833303830392d5a556c6c4a5a575750414134" => Key deleted successfully.
"c:\program files (x86)\sss" => File/Directory not found.
C:\Program Files (x86)\Booster-Web => Moved successfully.
"C:\Windows\System32\Tasks\sondhschedule" => File/Directory not found.
"C:\Windows\System32\Tasks\zupa3002" => File/Directory not found.
C:\Program Files (x86)\878e2246-8f7a-48fe-89f9-845dc6abbab7 => Moved successfully.
C:\Program Files (x86)\ed55547d-8d98-4039-96d9-00407eb30671 => Moved successfully.
C:\Program Files (x86)\38307773-d954-48f2-8127-93df0ea63e4a => Moved successfully.
C:\ProgramData\{06467b43-d78a-a739-0646-67b43d78ed0f} => Moved successfully.
C:\Users\XXXXXX XXXXXX\AppData\Local\avaxvyvax => Moved successfully.
"C:\Windows\System32\Tasks\avaxvyvax" => File/Directory not found.
C:\Users\XXXXXX XXXXXX\AppData\Roaming\UHTQPK => Moved successfully.
C:\Users\XXXXXX XXXXXX\AppData\Roaming\NWAUR => Moved successfully.
C:\Users\XXXXXX XXXXXX\AppData\Roaming\MLSC => Moved successfully.
C:\Users\XXXXXX XXXXXX\AppData\Roaming\FMLW => Moved successfully.
"C:\C:\Program Files (x86)\TabNav" => File/Directory not found.
C:\PROGRAM Files\COMMON files\System\SysMenu.dll => Moved successfully.
"C:\Users\XXXXXX XXXXXX\AppData\Roaming\omiga-plus\UninstallManager.exe" => File/Directory not found.
C:\Users\XXXXXX XXXXXX\AppData\Local\Installer\Install_24189\DCytdieamo_amodc_setup.exe => Moved successfully.

==== End of Fixlog 21:50:00 ====

FRST:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by XXXXXX XXXXXX (administrator) on ARBEITSCOMPUTER on 01-02-2015 21:52:07
Running from C:\Users\XXXXXX XXXXXX\Desktop
Loaded Profiles: XXXXXX XXXXXX (Available profiles: XXXXXX XXXXXX & XXXXXX & Versuch)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Common Files\AAV\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Windows\snuvcdsm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\PLFSetI.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(RescueTime, Inc.) C:\Program Files (x86)\RescueTime\RescueTime.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mirko Böer) C:\Program Files\AmP\AmP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SNUVCDSM] => C:\Windows\snuvcdsm.exe [30080 2011-01-13] ()
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-29] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetL] => C:\Windows\PLFSetL.exe [99712 2011-01-13] (Sonix Technology Co., Ltd.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2011-11-13] ()
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-11] (Egis Technology Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-07-22] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-02] (Dritek System Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-23] (BillP Studios)
Startup: C:\Users\XXXXXX XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk
ShortcutTarget: RescueTime.lnk -> C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1242904208-471078349-2963378918-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: unissales -> {7e0aaab3-ba7d-4a2d-b1e6-4289ce4d1b1e} -> C:\Program Files (x86)\unissales\9vFbOLvEX4RE1d.x64.dll No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\XXXXXX XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: Zoom It - C:\Users\XXXXXX XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{f3ed9e96-8429-593c-c858-ebf7b2bc0864} [2015-02-01]
FF Extension: LeechBlock - C:\Users\XXXXXX XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2014-12-07]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7F3C43B3-690F-4276-959F-1C74A797CA2A&SearchSource=55&CUI=&UM=8&UP=SP9050A32E-D786-4A42-9E49-5663C4588ECE&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7F3C43B3-690F-4276-959F-1C74A797CA2A&SearchSource=55&CUI=&UM=8&UP=SP9050A32E-D786-4A42-9E49-5663C4588ECE&SSPV="
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (Google Präsentationen) - C:\Users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-01]
CHR Extension: (Google Docs) - C:\Users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-25]
CHR Extension: (Google Drive) - C:\Users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-26]
CHR Extension: (YouTube) - C:\Users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-25]
CHR Extension: (Google-Suche) - C:\Users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-25]
CHR Extension: (Google Tabellen) - C:\Users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-01]
CHR Extension: (Avira Browserschutz) - C:\Users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-26]
CHR Extension: (Google Wallet) - C:\Users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-26]
CHR Extension: (Google Mail) - C:\Users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-25]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Common Files\AAV\aavus.exe [122880 2007-10-04] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
S4 BotkindSyncService; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [182784 2013-10-10] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S4 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241704 2014-03-25] (Foxit Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-11] (Egis Technology Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 NoIPDUCService4; C:\Program Files (x86)\No-IP\ducservice.exe [11264 2013-01-24] () [File not signed]
S4 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3051848 2011-01-25] (O&O Software GmbH)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] () [File not signed]
S4 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S4 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) [File not signed]
S4 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe [72344 2008-05-19] (SiSoftware) [File not signed]
S4 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [247152 2010-04-27] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 EkaProt6; C:\Windows\System32\DRIVERS\ekaprot6.sys [27288 2012-03-23] (Ekahau Inc.)
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [109144 2014-01-30] (Softwareentwicklung Remus - ArchiCrypt - )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806592 2011-01-13] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 21:52 - 2015-02-01 21:52 - 00020391 _____ () C:\Users\XXXXXX XXXXXX\Desktop\FRST.txt
2015-02-01 21:45 - 2015-02-01 21:45 - 01156136 _____ (Ruiware) C:\Users\XXXXXX XXXXXX\Downloads\wpsetup(1).exe
2015-02-01 08:55 - 2015-02-01 08:55 - 00039830 _____ () C:\ComboFix.txt
2015-02-01 01:01 - 2015-02-01 00:56 - 05611408 ____R (Swearware) C:\Users\XXXXXX XXXXXX\Desktop\ComboFix.exe
2015-02-01 00:56 - 2015-02-01 00:56 - 05611408 ____R (Swearware) C:\Users\XXXXXX XXXXXX\Downloads\ComboFix.exe
2015-02-01 00:46 - 2015-02-01 00:46 - 00000249 _____ () C:\Users\XXXXXX XXXXXX\Desktop\Link.URL
2015-01-31 23:47 - 2015-01-31 23:51 - 00002169 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2015.lnk
2015-01-31 20:29 - 2015-01-31 20:29 - 00000269 _____ () C:\Users\XXXXXX XXXXXX\Desktop\FREELETICS.URL
2015-01-31 17:50 - 2015-02-01 08:59 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Desktop\FRST-OlderVersion
2015-01-31 17:48 - 2015-01-31 17:48 - 00000337 _____ () C:\Users\XXXXXX XXXXXX\Desktop\Samsung Tab - kein Speicherplatz - Android-Hilfe.de.URL
2015-01-31 17:00 - 2015-01-31 17:01 - 00001671 _____ () C:\Users\XXXXXX XXXXXX\Desktop\JRT.txt
2015-01-31 16:55 - 2015-01-31 16:55 - 00057200 _____ () C:\Users\XXXXXX XXXXXX\Desktop\ Malwarebytes Anti-Malware .txt
2015-01-31 15:22 - 2015-01-31 15:22 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-31 15:03 - 2015-01-31 15:03 - 02194432 _____ () C:\Users\XXXXXX XXXXXX\Desktop\AdwCleaner_4.109.exe
2015-01-31 15:03 - 2015-01-31 15:03 - 01707939 _____ (Thisisu) C:\Users\XXXXXX XXXXXX\Desktop\JRT.exe
2015-01-31 11:33 - 2015-01-31 11:33 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Documents\TokensBackup
2015-01-31 10:12 - 2015-02-01 08:59 - 02131456 _____ (Farbar) C:\Users\XXXXXX XXXXXX\Desktop\FRST64.exe
2015-01-31 10:10 - 2015-01-31 10:10 - 00001101 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-31 09:43 - 2015-01-31 09:46 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Desktop\Ordnung
2015-01-31 09:35 - 2015-01-31 09:35 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Booster-Web
2015-01-31 09:34 - 2015-01-31 10:01 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Roaming\Booster-Web
2015-01-31 09:32 - 2015-01-31 09:32 - 00001117 _____ () C:\Users\XXXXXX XXXXXX\Desktop\Continue installation .lnk
2015-01-31 09:31 - 2015-01-31 09:31 - 00000000 ____D () C:\ProgramData\SearchModulePlus
2015-01-31 09:06 - 2015-01-31 17:44 - 00000000 ____D () C:\Program Files (x86)\Hearthstone Stream Browser
2015-01-31 09:06 - 2015-01-31 09:06 - 00000000 ____D () C:\Windows\SysWOW64\AMD64
2015-01-31 08:57 - 2015-01-31 08:57 - 01191200 _____ () C:\Users\XXXXXX XXXXXX\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2015-01-31 08:52 - 2014-12-14 10:53 - 00378640 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll
2015-01-31 08:52 - 2014-12-14 10:53 - 00332568 _____ (CartCrunch Israel Ltd.) C:\Windows\SysWOW64\ColorMedia.dll
2015-01-30 20:51 - 2015-01-30 20:51 - 00000600 _____ () C:\Users\XXXXXX XXXXXX\AppData\Roaming\winscp.rnd
2015-01-30 20:08 - 2015-01-30 20:08 - 00000000 ____D () C:\Users\Versuch\AppData\Roaming\PDF Architect
2015-01-30 20:08 - 2015-01-30 20:08 - 00000000 ____D () C:\Users\Versuch\AppData\Local\IsolatedStorage
2015-01-30 19:16 - 2015-01-30 19:17 - 00000000 ____D () C:\Users\Versuch\AppData\OICE_15_974FA576_32C1D314_2072
2015-01-27 21:08 - 2015-02-01 21:31 - 00005190 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Arbeitscomputer-XXXXXX XXXXXX Arbeitscomputer
2015-01-20 06:34 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-20 06:34 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-20 06:34 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-20 06:34 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-20 06:34 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-20 06:34 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-20 06:34 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 08:06 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:06 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:06 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 08:06 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:06 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 08:06 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 05:55 - 2015-01-13 05:55 - 00009429 _____ () C:\Users\XXXXXX XXXXXX\AppData\Local\recently-used.xbel

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 21:52 - 2014-08-21 20:10 - 00000000 ____D () C:\FRST
2015-02-01 21:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-02-01 21:17 - 2012-09-20 04:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-01 21:17 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-01 21:17 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-01 21:12 - 2011-11-13 21:43 - 01403085 _____ () C:\Windows\WindowsUpdate.log
2015-02-01 21:08 - 2014-06-18 08:20 - 00027853 _____ () C:\Windows\setupact.log
2015-02-01 21:08 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-01 12:05 - 2012-08-14 18:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-01 11:54 - 2012-03-25 11:40 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Documents\Steuerfälle
2015-02-01 08:55 - 2014-08-24 12:03 - 00000000 ____D () C:\Qoobox
2015-02-01 08:50 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-01 08:41 - 2014-06-20 13:07 - 00112126 _____ () C:\Windows\PFRO.log
2015-02-01 08:40 - 2013-10-13 19:47 - 00000000 ____D () C:\Windows\erdnt
2015-02-01 08:40 - 2009-07-14 03:34 - 24379392 _____ () C:\Windows\system32\config\system.bak
2015-02-01 08:40 - 2009-07-14 03:34 - 113508352 _____ () C:\Windows\system32\config\software.bak
2015-02-01 08:40 - 2009-07-14 03:34 - 05505024 _____ () C:\Windows\system32\config\default.bak
2015-02-01 08:40 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-02-01 08:40 - 2009-07-14 03:34 - 00032768 _____ () C:\Windows\system32\config\security.bak
2015-02-01 08:39 - 2009-11-05 01:49 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-01-31 23:47 - 2012-03-25 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps
2015-01-31 23:47 - 2012-03-25 11:26 - 00000000 ____D () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft
2015-01-31 17:39 - 2013-09-19 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-31 17:39 - 2012-03-11 02:08 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-31 17:19 - 2011-11-14 06:15 - 00000000 ____D () C:\Windows\Lan
2015-01-31 15:24 - 2014-08-05 14:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-31 15:22 - 2014-08-05 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-31 15:22 - 2014-08-05 14:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-31 15:08 - 2014-11-16 12:18 - 00001025 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-31 15:08 - 2014-11-16 12:18 - 00001013 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-31 15:08 - 2014-10-25 07:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-31 15:08 - 2014-08-24 18:36 - 00000000 ____D () C:\AdwCleaner
2015-01-31 15:08 - 2011-11-20 15:41 - 00001021 _____ () C:\Users\XXXXXX XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-31 10:10 - 2014-08-06 10:55 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-31 10:10 - 2013-02-24 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-31 10:09 - 2013-02-24 19:39 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-31 09:44 - 2014-08-07 20:56 - 02931200 ___SH () C:\Users\XXXXXX XXXXXX\Desktop\Thumbs.db
2015-01-31 07:56 - 2014-08-15 15:44 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Local\Adobe
2015-01-31 07:56 - 2012-04-02 19:28 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-31 07:56 - 2012-04-02 19:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-31 07:56 - 2011-11-15 21:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-30 19:03 - 2014-09-10 06:10 - 00000000 ____D () C:\Users\Versuch\AppData\Roaming\SimpleScreenshot
2015-01-27 20:12 - 2014-11-10 20:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 06:18 - 2014-11-16 12:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 07:21 - 2012-06-10 14:07 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Documents\Bewerbungen
2015-01-25 17:19 - 2011-11-14 06:34 - 00702664 _____ () C:\Windows\system32\perfh007.dat
2015-01-25 17:19 - 2011-11-14 06:34 - 00151424 _____ () C:\Windows\system32\perfc007.dat
2015-01-25 17:19 - 2009-07-14 06:13 - 01629998 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-23 21:11 - 2013-11-02 09:43 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Roaming\Skype
2015-01-20 14:50 - 2014-09-10 06:09 - 00000000 ____D () C:\Users\Versuch
2015-01-20 14:50 - 2013-05-22 21:33 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Local\RescueTime.com
2015-01-20 14:50 - 2012-03-30 17:57 - 00000000 ____D () C:\Users\XXXXXX
2015-01-20 14:50 - 2011-12-01 21:23 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-01-20 14:50 - 2011-11-20 16:01 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Roaming\SimpleScreenshot
2015-01-20 14:50 - 2009-11-05 01:26 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-20 14:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-20 06:21 - 2011-11-13 22:46 - 00000000 ____D () C:\Users\XXXXXX XXXXXX
2015-01-18 20:07 - 2012-04-07 11:49 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Documents\Finanzen
2015-01-15 18:59 - 2013-07-13 08:36 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 18:46 - 2011-11-18 19:58 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 05:55 - 2014-06-15 19:34 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Local\gtk-2.0
2015-01-13 05:55 - 2012-08-29 10:11 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\.gimp-2.8
2015-01-08 09:55 - 2011-11-15 21:40 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 18:47 - 2012-03-23 13:19 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Documents\Cellula
2015-01-03 15:28 - 2012-03-11 19:16 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Documents\ERGO
2015-01-03 10:51 - 2012-03-11 19:16 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Documents\SP

==================== Files in the root of some directories =======

2014-06-28 07:10 - 2014-07-23 21:30 - 14159872 _____ () C:\Users\XXXXXX XXXXXX\AppData\Roaming\Sandra.mdb
2015-01-30 20:51 - 2015-01-30 20:51 - 0000600 _____ () C:\Users\XXXXXX XXXXXX\AppData\Roaming\winscp.rnd
2012-04-20 18:28 - 2014-07-07 01:20 - 0006656 _____ () C:\Users\XXXXXX XXXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-22 21:07 - 2014-09-22 21:07 - 0001482 _____ () C:\Users\XXXXXX XXXXXX\AppData\Local\RecConfig.xml
2015-01-13 05:55 - 2015-01-13 05:55 - 0009429 _____ () C:\Users\XXXXXX XXXXXX\AppData\Local\recently-used.xbel
2013-08-12 21:15 - 2013-08-12 21:15 - 0007603 _____ () C:\Users\XXXXXX XXXXXX\AppData\Local\Resmon.ResmonCfg
2012-03-31 10:26 - 2012-03-31 10:26 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-11-13 22:53 - 2011-11-13 22:57 - 0008282 _____ () C:\ProgramData\ArcadeDeluxe3.log
2014-09-22 19:19 - 2014-10-06 19:45 - 0008737 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\XXXXXX XXXXXX\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-31 13:31

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by XXXXXX XXXXXX at 2015-02-01 21:53:33
Running from C:\Users\XXXXXX XXXXXX\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.7112 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.0.7112 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.29 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.124.1120 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.124.1120 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3004 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.2009.1217 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3000 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.103 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}) (Version: 1.4.17.35005 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.4.17.35005 - Alcor Micro Corp.) Hidden
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
Alle meine Passworte 4.13 (HKLM\...\AllemeinePassworte) (Version:  - Mirko Böer)
Allway Sync version 12.16.9 (HKLM-x32\...\Allway Sync_is1) (Version:  - Botkind Inc)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1105 - Alps Electric)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{11F38253-8940-FFDA-D131-B14120C357E4}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avi2Dvd 0.6.4 (HKLM-x32\...\Avi2Dvd) (Version: 0.6.4 - TrustFm)
Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Backup Manager Basic (x32 Version: 2.0.0.29 - NewTech Infosystems) Hidden
BatteryCare 0.9.10.0 (HKLM-x32\...\{C6A6036D-FBD0-4324-BEAA-C0845257160C}_is1) (Version: 0.9.10.0 - Filipe Lourenço)
BitTorrent (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\BitTorrent) (Version: 7.9.2.31638 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Booster-Web (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Booster-Web) (Version: 4 - ${CompanyName})
Broadcom Gigabit NetLink Controller (HKLM\...\{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}) (Version: 12.33.03 - Broadcom Corporation)
Canon MP160 Benutzerregistrierung (HKLM-x32\...\Canon MP160 Benutzerregistrierung) (Version:  - )
ccc-core-static (x32 Version: 2009.1209.2335.42329 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP)
Chandler 1.0.3 (HKLM-x32\...\Chandler) (Version: 1.0.3 - Open Source Applications Foundation)
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)
CoreAAC Audio Decoder (remove only) (HKLM-x32\...\CoreAAC Audio Decoder) (Version:  - )
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
EinsteinBrainTrainer (remove only) (HKLM-x32\...\EinsteinBrainTrainer) (Version:  - )
Ekahau HeatMapper (HKLM\...\Heatmapper-1.1.4.39795) (Version: 1.1.4.39795 - Ekahau Inc.)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
ffdshow [rev 3299] [2010-03-03] (HKLM-x32\...\ffdshow_is1) (Version: 1.0.0.3299 - )
Fiat eco:Drive (HKLM-x32\...\com.fiat.convergence.385E4263E7379A5D22A7076E99B02868EFF10711.1) (Version: 2.0.2 - Fiat Group Automobiles)
Fiat eco:Drive (x32 Version: 2.0.2 - Fiat Group Automobiles) Hidden
First Class Flurry (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}) (Version:  - Oberon Media)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.105.325 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.3.321 - Foxit Corporation)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free DVD Video Burner version 3.0.4.426 (HKLM-x32\...\Free DVD Video Burner_is1) (Version:  - DVDVideoSoft Limited.)
Free System Utilities (HKLM-x32\...\{ad2818b3-1616-4ec8-855d-be6936103e5a}) (Version: 1.1.0.70 - Covus Freemium GmbH)
Free SystemUtilities (x32 Version: 1.1.0.70 - Covus Freemium GmbH) Hidden
Free YouTube Download version 3.1.37.918 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.37.918 - DVDVideoSoft Ltd.)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0_RC_10 - )
FRITZ!Box-Fernzugang einrichten (HKLM-x32\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
FrostWire 5.3.5 (HKLM-x32\...\FrostWire 5) (Version: 5.3.5.0 - FrostWire Team)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photosmart 5520 series - Grundlegende Software für das Gerät (HKLM\...\{4F396B08-301D-4E53-A372-95A7E93ABD04}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.007 - HTC Corporation)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Join Air (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - ZTE Corporation)
Kassenbuch (HKLM-x32\...\{29531C6B-7B64-4C53-B54A-6C8AB5DE2159}) (Version: 1.0.0 - Office Consult GmbH)
K-Lite Codec Pack 9.2.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.2.0 - )
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.05 - Acer Inc.)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MediaHuman YouTube to MP3 Converter Version 3.3 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.3 - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 (KB971118) (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971118)) (Version:  - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 Language Pack - DEU (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 Language Pack - DEU) (Version:  - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MPC-HC 1.7.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.0.1 - Vitalwerks Internet Solutions LLC)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6623 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6623 - NewTech Infosystems) Hidden
O&O Defrag Free Edition (HKLM\...\{C10CAF82-9D36-4D9A-9DC0-C4549F06B519}) (Version: 14.1.431 - O&O Software GmbH)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF24 Creator 6.8.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
pomodairo (HKLM-x32\...\{EEBEA077-AB92-5083-ECB1-C15BD842D00B}) (Version: 1.9 - UNKNOWN)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Random Dresser (HKLM-x32\...\RandomDresser) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
RescueTime 2.2.1 (HKLM-x32\...\{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1) (Version:  - RescueTime.com)
Restorer2000 3.3 (HKLM-x32\...\Restorer2000_is1) (Version: 3.3 - Bitmart Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shutdown Manager (HKLM-x32\...\{C457BA5F-35F9-480C-90F8-5C91DB443A15}_is1) (Version: 2.0.7 - Daniel Höllig)
SimpleScreenshot 1.40 (HKLM-x32\...\SimpleScreenshot) (Version:  - )
SiSoftware Sandra Lite 2014.SP2a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 20.35.2014.6 - SiSoftware)
SIW version 2011.10.29 (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.10.29 - Topala Software Solutions)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Steganos Safe 14 (HKLM-x32\...\{13B7FBFB-622E-4002-8570-594798E6167D}) (Version: 14.2.2 - Steganos Software GmbH)
Steuer-Spar-Erklärung 2008 (HKLM-x32\...\{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}) (Version: 13.02.0000 - Akademische Arbeitsgemeinschaft)
Steuer-Spar-Erklärung 2009 (HKLM-x32\...\{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}) (Version: 14.01.0000 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2010 (HKLM-x32\...\{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}) (Version: 15.15 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2011 (HKLM-x32\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.18 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.14 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.12.92 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.25.123 - Akademische Arbeitsgemeinschaft)
Streamripper (Remove only) (HKLM-x32\...\Streamripper) (Version:  - )
Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten (HKLM\...\{CAD7B6DD-9C82-4D17-BAE8-3E9AE4971B90}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
Time Stamp (HKLM-x32\...\Time Stamp_is1) (Version:  - 3.23.2010-0313)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.0.0 - TP-LINK)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
Tunatic (HKLM-x32\...\Tunatic) (Version:  - )
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinPatrol (HKLM\...\{6E575124-6D34-4E65-9375-7D69468A6089}) (Version: 30.9 - BillP Studios)
WinRAR 5.10 Beta 4 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Zuzahlungsrechner (HKLM-x32\...\{B2C69E77-F209-4B63-8676-4F32B27E162B}) (Version: 3.6.0 - sfr-software-fuers-heim)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1242904208-471078349-2963378918-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\XXXXXX XXXXXX\AppData\Roaming\moters\supna.dll No File <==== ATTENTION

==================== Restore Points  =========================

14-01-2015 08:05:58 Windows Update
15-01-2015 18:45:05 Windows Update
16-01-2015 05:01:13 Windows Modules Installer
20-01-2015 06:35:31 Windows Update
21-01-2015 00:02:16 Windows Update
27-01-2015 20:19:44 Windows Update
31-01-2015 17:38:41 Removed Java 7 Update 67
31-01-2015 23:45:00 SteuerSparErklärung 2015 wurde installiert.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-02-01 08:39 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0CAEEB6B-A216-4E04-9EA6-AC310639FD8D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {23CEA58C-8E99-49B6-96E0-E0033F148659} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {26DA7882-781D-4FC9-B1A5-5F5B1F7227FE} - System32\Tasks\{6A246FB0-E753-4188-9543-22389AB30F4E} => pcalua.exe -a "C:\Users\XXXXXX XXXXXX\Downloads\Chandler_win_1.0.3.exe" -d "C:\Users\XXXXXX XXXXXX\Downloads"
Task: {38C51694-B081-4739-8E17-069D4A49D4D4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {47C46238-A6C4-4C4B-BE85-E6E1425608CB} - System32\Tasks\{144D2C4F-2583-452B-AC74-C64839CF03CC} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller" -c -hunter
Task: {5A42985A-DC32-4FE1-8210-CA09F67316FC} - System32\Tasks\HPCustPartic.exe_{96420065-3C4E-4B3E-96DB-DB0760F51DDD} => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {5B5D6CC7-9FA7-4441-9A09-8A3C4EA669FD} - System32\Tasks\{9B880EC1-DC3B-45D7-A7BB-4E131A7A884F} => pcalua.exe -a "C:\Users\XXXXXX XXXXXX\Downloads\esetsmartinstaller_enu.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {5E1E681C-C0F1-4E87-8C95-38A011634E9C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {658A7160-D5FE-40D6-8358-5AC71CDD5600} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Arbeitscomputer-XXXXXX XXXXXX Arbeitscomputer => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: {739C86AB-D488-4894-A94A-E1C873D935C4} - System32\Tasks\{239C0599-E784-4910-B228-5D5AB8D346A6} => pcalua.exe -a "C:\Users\XXXXXX XXXXXX\Downloads\HiJackThis204.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {792B72B2-C51B-4379-B2AA-007529DB50F0} - System32\Tasks\{8D77E667-A31C-4EB4-B209-1E559B732CBC} => pcalua.exe -a "C:\Program Files (x86)\Canon\IJEREG\MP160\UNINST.EXE"
Task: {7AEAE564-35D2-434E-8BC2-12BF5BC672DE} - System32\Tasks\HPCustParticipation HP Deskjet 3070 B611 series => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {7EED0456-B087-4708-8496-6474B917CECB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {92533B9B-37E7-4E54-B7DE-F8B0B255CFEE} - System32\Tasks\{4781B96F-C3F4-45CF-AB6F-C64C9AD3E88D} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{319D91C6-3D44-436C-9F79-36C0D22372DC}\setup.exe" -d "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK" -c -runfromtemp -removeonly
Task: {9C395D30-C0E5-4B3A-A232-E38DA71A3827} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A1D835EF-9220-45A2-811E-2CA5B38166BF} - System32\Tasks\hpUrlLauncher.exe_{4AF7A75F-FDE8-41B8-80D9-5C3EBC32D019} => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\utils\hpUrlLauncher.exe
Task: {B7A342C6-6ABF-492E-9250-2C92CB583846} - System32\Tasks\{A2A68590-5CAE-4C98-8B98-D18CC5E4C073} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{3DB0448D-AD82-4923-B305-D001E521A964}\setup.exe" -c -runfromtemp -l0x407 -removeonly
Task: {BBBF9E37-C1CD-4CF0-A783-CE021D6D2928} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {CE5325CF-BB63-4751-AB56-BD427BEAA0D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-31] (Adobe Systems Incorporated)
Task: {E36CA599-B047-467B-99AF-5E380AFECE05} - System32\Tasks\{AC797CD7-B058-4AC8-84B2-B2307D6AFF9B} => C:\Program Files (x86)\Chandler1.0.3\chandler.exe
Task: {E85DBE85-E344-4E48-A05A-ACF97445121F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {F30712C0-5F79-4616-BFEE-8D27E1822469} - System32\Tasks\{581487AC-8AAF-40E1-A997-6B8519F0C5EC} => C:\Program Files (x86)\Chandler1.0.3\chandler.exe
Task: {FC0397BA-8222-41E7-836D-453BA55E74DB} - System32\Tasks\{2E665153-C229-4C02-9699-2F4EF08B1807} => pcalua.exe -a C:\Users\DANIEL~1\AppData\Local\Temp\InstallFlashPlayer.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2007-10-04 14:32 - 2007-10-04 14:32 - 00122880 _____ () C:\Program Files (x86)\Common Files\AAV\aavus.exe
2011-01-13 09:04 - 2011-01-13 09:04 - 00030080 _____ () C:\Windows\snuvcdsm.exe
2011-11-13 22:52 - 2011-11-13 22:51 - 00200704 _____ () C:\Windows\PLFSetI.exe
2009-07-29 13:10 - 2009-07-29 13:10 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-11-13 21:44 - 2011-11-13 21:44 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-12-28 14:38 - 2014-04-22 19:39 - 00645592 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BotkindSyncService => 2
MSCONFIG\Services: FoxitCloudUpdateService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NoIPDUCService4 => 2
MSCONFIG\Services: NTI IScheduleSvc => 2
MSCONFIG\Services: NTIBackupSvc => 3
MSCONFIG\Services: NTISchedulerSvc => 2
MSCONFIG\Services: OODefragAgent => 2
MSCONFIG\Services: PassThru Service => 2
MSCONFIG\Services: PDF Architect Helper Service => 2
MSCONFIG\Services: PDF Architect Service => 2
MSCONFIG\Services: SandraAgentSrv => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\Services: TomTomHOMEService => 2
MSCONFIG\Services: Updater Service => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart

========================= Accounts: ==========================

Administrator (S-1-5-21-1242904208-471078349-2963378918-500 - Administrator - Disabled)
XXXXXX XXXXXX (S-1-5-21-1242904208-471078349-2963378918-1000 - Administrator - Enabled) => C:\Users\XXXXXX XXXXXX
XXXXXX (S-1-5-21-1242904208-471078349-2963378918-1003 - Limited - Enabled) => C:\Users\XXXXXX
Gast (S-1-5-21-1242904208-471078349-2963378918-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1242904208-471078349-2963378918-1002 - Limited - Enabled)
Versuch (S-1-5-21-1242904208-471078349-2963378918-1004 - Administrator - Enabled) => C:\Users\Versuch

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/01/2015 09:09:18 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
   bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (01/31/2015 05:20:22 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
   bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)


System errors:
=============
Error: (02/01/2015 09:17:29 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (02/01/2015 08:40:11 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (02/01/2015 08:39:59 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (02/01/2015 08:39:15 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (02/01/2015 08:39:14 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (02/01/2015 08:35:41 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (02/01/2015 08:02:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SPDRIVER_1361.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (01/31/2015 11:28:38 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (01/31/2015 11:28:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (01/31/2015 11:28:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.


Microsoft Office Sessions:
=========================
Error: (02/01/2015 09:09:18 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
   bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (01/31/2015 05:20:22 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
   bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)


CodeIntegrity Errors:
===================================
  Date: 2015-02-01 08:39:15.425
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-01 08:39:15.175
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-01 08:39:14.941
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-01 08:39:14.692
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.971
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.769
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.550
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.332
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:01.069
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\DANIEL~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:00.711
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\DANIEL~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 38%
Total physical RAM: 3956.5 MB
Available physical RAM: 2438.69 MB
Total Pagefile: 7911.18 MB
Available Pagefile: 5998.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:290.05 GB) (Free:108.58 GB) NTFS
Drive d: (DATA) (Fixed) (Total:290.4 GB) (Free:285.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 6D48B855)
Partition 1: (Not Active) - (Size=15.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=290.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=290.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Bootsektor · 02.02.2015, 23:41

Ok,

wie läuft der Rechner denn nun?

Schritt 1
Downloade Dir bitte Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad.
Starte Malwarebytes' Anti-Malware (MBAM).
Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
Klicke im Anschluss auf Suchlauf, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf jetzt starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Aktionen anwenden.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Wähle Exportieren auf Textdatei (.txt) und speichere die Datei als mbam.txt auf dem Desktop ab.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 2
Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3
Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

magigstar · 05.02.2015, 21:39

Sorry, dass ich die Woche nicht da war.
Musste spontan nach Italien fliegen bzw. nach Sizilien und alles stehen und liegen lassen.

Der Computer hat immer noch ein wenig Probleme.
Auch weitere Tabs öffnen sich, wenn ich etwas anklicke.
Scheinbar ist da noch einiges dran.

Dieses Protokoll ist praktisch noch vor Deiner Hilfestellung.
Da habe ich schon Malwarebytes laufen lassen.

Ich werde Malwarebytes erneut laufen lassen und ein frisches Protokoll nachreichen

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 31.01.2015
Suchlauf-Zeit: 15:49:23
Logdatei:  Malwarebytes Anti-Malware .txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.31.03
Rootkit Datenbank: v2015.01.14.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: XXXX XXXX

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 464859
Verstrichene Zeit: 1 Std, 2 Min, 43 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 34
PUP.Optional.TabNav.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{1BCB34DC-BA6D-4B44-B786-4E259598A7C8}, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4AEC2270-2E5F-40C8-BE5A-E5A5264714C0}, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{62163814-0C94-4DC3-BA99-5E9E2420C914}, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{68AEA825-D48B-4A56-87F0-6FCE988A2C48}, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7AF435BC-80A9-466E-938B-32E4482EBD65}, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{85CEBABD-A775-41E2-8B67-FE06104F06ED}, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AE92A5AB-E575-4487-BCC0-96D333E5346C}, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{CDB85458-AE08-4106-B699-B946FF4A61CD}, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E1964712-F369-4B2B-8B66-3911C3CD4F02}, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4AEC2270-2E5F-40C8-BE5A-E5A5264714C0}, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{62163814-0C94-4DC3-BA99-5E9E2420C914}, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{68AEA825-D48B-4A56-87F0-6FCE988A2C48}, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7AF435BC-80A9-466E-938B-32E4482EBD65}, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{85CEBABD-A775-41E2-8B67-FE06104F06ED}, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AE92A5AB-E575-4487-BCC0-96D333E5346C}, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{CDB85458-AE08-4106-B699-B946FF4A61CD}, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E1964712-F369-4B2B-8B66-3911C3CD4F02}, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1BCB34DC-BA6D-4B44-B786-4E259598A7C8}, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TabNav, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, , [717eb7468108f046c9f48e730401bc44], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, , [b43b9d609eebcf673389f110fc093cc4], 
PUP.Optional.Cinema.A, HKLM\SOFTWARE\WOW6432NODE\CinemaP-1.4cV31.01, , [8f6068955b2e61d57c1a52454bb87b85], 
PUP.Optional.Cinema.A, HKLM\SOFTWARE\WOW6432NODE\CinemaP-1.4cV31.01-nv, , [737c28d5c1c8ea4cc5d13b5c0df68080], 
PUP.Optional.Cinema.A, HKLM\SOFTWARE\WOW6432NODE\CinemaP-1.4cV31.01-nv-ie, , [698698652762d1659afcdbbca45f7987], 
PUP.Optional.Cinema.A, HKU\S-1-5-21-1242904208-471078349-2963378918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CinemaP-1.4cV31.01-nv, , [519e03fa4d3c58dea3f4019692714ab6], 
PUP.Optional.Cinema.A, HKU\S-1-5-21-1242904208-471078349-2963378918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CinemaP-1.4cV31.01-nv-ie, , [8c6341bcef9a87afe5b21e79e41f36ca], 
PUP.Optional.Softonic.A, HKU\S-1-5-21-1242904208-471078349-2963378918-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, , [ab4454a9157487af53e6a6e1ba4920e0], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1242904208-471078349-2963378918-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, , [11def508a4e5fa3c6f409004ee155ca4], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1242904208-471078349-2963378918-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, , [d51a6796068370c676390094bf448a76], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, , [44ab5e9f58311a1ccce4e67a22e106fa], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, , [44ab5e9f58311a1ccce4e67a22e106fa], 
PUP.Optional.Goobzo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SMUpdPlus, , [ea0549b4f19865d1edbced7c0df6f40c], 
PUP.Optional.Goobzo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Search Module Plus, , [ea0549b4f19865d1edbced7c0df6f40c], 
PUP.Optional.Cinema.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CinemaP-1.4cV31.01, , [d01f32cb494031051c9af575eb1807f9], 

Registrierungswerte: 1
PUP.Optional.ShopperPro, HKU\S-1-5-21-1242904208-471078349-2963378918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SPDriver, C:\Program Files (x86)\ShopperPro\JSDriver\1361.0.0.0\jsdrv.exe, , [925d6499d9b08fa7d54c0b8fc043e11f]

Registrierungsdaten: 2
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|CustomizeSearch, http://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}, Gut: (www.google.com), Schlecht: (http://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}),,[33bcd825e3a637ffb34cb9f5838248b8]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}, Gut: (www.google.com), Schlecht: (http://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}),,[648bd6272d5cb3831de3bcf341c47f81]

Ordner: 26
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.Extutil.A, C:\Users\XXXX XXXX\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, , [e20d9f5e0782a78ff8ba1e4061a28977], 
PUP.Optional.Managera.A, C:\Users\XXXX XXXX\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, , [935caa531b6edf5706ad97c7a65db848], 
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.215855, , [44ab5e9f58311a1ccce4e67a22e106fa], 
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.262501, , [77780eef3d4c310560503b2558ab57a9], 
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.55868, , [836cc13cbdcc2a0c565ab9a744bf718f], 
PUP.Optional.MBot.A, C:\Program Files (x86)\mbot_de_465, , [2fc047b64544f24407ea1353b053b44c], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo, , [ea0549b4f19865d1edbced7c0df6f40c], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus, , [ea0549b4f19865d1edbced7c0df6f40c], 
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro, , [2bc4e21b95f463d37937a1c842c18f71], 
PUP.Optional.Cinema.A, C:\Program Files (x86)\CinemaP-1.4cV31.01, , [d01f32cb494031051c9af575eb1807f9], 
PUP.Optional.SmootherWeb.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\jetpack\jid1-U7omKQ6kQfxMaQ@jetpack, , [b837f508b4d552e418b5dc99956ee21e], 
PUP.Optional.SmootherWeb.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\jetpack\jid1-U7omKQ6kQfxMaQ@jetpack\simple-storage, , [b837f508b4d552e418b5dc99956ee21e], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\api, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\defaults, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\defaults\preferences, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\userCode, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\locale, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\locale\en-US, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\skin, , [658aa25baadf181e9a0b82fbba4937c9], 

Dateien: 234
PUP.Optional.Nova.A, C:\Program Files (x86)\38307773-d954-48f2-8127-93df0ea63e4a\a9ef88e0-f506-4e98-ac14-3d4f63dfe73b.dll, , [856ad627b2d738feef88e71e21e1f10f], 
PUP.Optional.Nova.A, C:\Program Files (x86)\878e2246-8f7a-48fe-89f9-845dc6abbab7\8d66f909-3014-4d22-9e7f-d261cf0dd56b.dll, , [fdf2c23bddac2313116656afb34fd42c], 
PUP.Optional.Nova.A, C:\Program Files (x86)\878e2246-8f7a-48fe-89f9-845dc6abbab7\dbd42d83-f0c0-4bd2-926f-4759e6025efe.dll, , [529dd22be7a238fec9aeb5501fe3df21], 
PUP.Optional.Nova.A, C:\Program Files (x86)\Acer\3edae5d6-b855-40ec-a07b-dac4903be76c.dll, , [1ed131cc9feaa69043349075956d17e9], 
PUP.Optional.Nova.A, C:\Program Files (x86)\Acer\e3422fba-763c-4c24-89fe-8ab2ed5f0ef7.dll, , [668936c7d6b370c61067de27c141857b], 
PUP.Optional.Nova.A, C:\Program Files (x86)\CinemaP-1.4cV31.01\ba5cbe1b-a00a-4d46-81e4-746cea11eaa3.dll, , [7a757984d6b393a388efcd38ed155fa1], 
PUP.Optional.CrossRider.A, C:\Program Files (x86)\CinemaP-1.4cV31.01\beddc3a5-14c1-4be6-a132-5174f13a7c15-64.exe, , [34bbb548b2d771c565516a75d1347789], 
PUP.Optional.CrossRider.A, C:\Program Files (x86)\CinemaP-1.4cV31.01\utils.exe, , [32bd15e8b5d4e74f84e699b33fc12cd4], 
PUP.Optional.Nova.A, C:\Program Files (x86)\ed55547d-8d98-4039-96d9-00407eb30671\1bf076f2-6fef-4672-9735-b8e6aaaeec3b.dll, , [13dc9e5f7712a98d1562a164639fb749], 
PUP.Optional.Somoto, C:\$RECYCLE.BIN\S-1-5-21-1242904208-471078349-2963378918-1000\$RVYPVX1.exe, , [24cb1de03455211503ca8c86d82a916f], 
PUP.Optional.OutBrowse, C:\$RECYCLE.BIN\S-1-5-21-1242904208-471078349-2963378918-1000\$RWRW0XK.exe, , [23cc1ae3c6c3a6901844059bab5a6e92], 
PUP.Optional.Conduit.A, C:\Users\XXXX XXXX\AppData\Local\Temp\SearchProtectINT.exe, , [925da15cb8d1a98dba1b3f022bd6d828], 
PUP.Optional.EZDownloader.A, C:\Users\XXXX XXXX\AppData\Local\Temp\6c5CCA96\temp\EzDownloader_setup.exe, , [35baa85511782f07758c58c8b54b51af], 
PUP.Optional.MultiPlug.A, C:\Users\XXXX XXXX\AppData\Local\Temp\6c5CCA96\temp\hpds_setup.exe, , [27c804f9c5c476c095982cfe38caf20e], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Local\Temp\Install_12248\ins_cr.exe, , [a946e31af59459dd40c22abc1fe2fd03], 
PUP.Optional.Goobzo, C:\Users\XXXX XXXX\AppData\Local\Temp\Install_6391\ins_smk.exe, , [01eec03da7e2c07600a42c5420e5c23e], 
PUP.Optional.SearchProtect, C:\Users\XXXX XXXX\AppData\Local\avaxvyvax\avaxvyvax.exe, , [13dc04f9ff8a1f174a302ee3758d3fc1], 
PUP.Optional.SearchProtect.A, C:\Users\XXXX XXXX\AppData\Local\avaxvyvax\pbqrmvbub, , [bf3055a85b2ea09668ada40e40c1659b], 
PUP.Optional.SearchProtect.A, C:\Windows\AppPatch\AppPatch64\VCLdr64.dll, , [86698e6f1e6b88ae65b0c5ed8e73837d], 
PUP.Optional.SearchProtect.A, C:\Windows\AppPatch\nbin\VC32Loader.dll, , [cc23d924fe8b300648cd8f23e41dab55], 
PUP.Optional.SearchModule.A, C:\Windows\System32\Tasks\SMWPUpd, , [10df6b925d2cdf57cce4443d13f008f8], 
PUP.Optional.Flowsurf.A, C:\Windows\temp\abengine.log, , [a64995685c2da690f82bfe86e71c13ed], 
PUP.Optional.ShopperPro, C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333035393833303830392d5a556c6c4a5a575750414134, , [8d62dc219feabf77f035e0b85ba8c43c], 
PUP.Optional.Goobzo, C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333035393833303830392d5a556c6c4a5a575750414134, , [ed02cc31fe8b70c6fccd3e5a31d29e62], 
PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, , [f3fcad505237f73fa51bd22fbd48857b], 
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\abengine.dll, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\abengine.exe, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\abengine.tlb, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\abengine64.dll, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\abenginecert.dll, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\abenginep.exe, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\abenginew.exe, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\abenginewd.dll, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\file.txt, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\freebl3.dll, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\jis.exe, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\lengine.exe, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\lengine.ini, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\lengine64.exe, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\libnspr4.dll, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\libplc4.dll, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\libplds4.dll, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\list.txt, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\nss3.dll, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\nssckbi.dll, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\nssdbm3.dll, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\nssutil3.dll, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\proc.txt, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\proc2.txt, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\reg.txt, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\smime3.dll, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\softokn3.dll, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\sq.exe, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\sqlite3.dll, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\ssl3.dll, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\term.txt, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\uninstall.exe, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\zupa3002.exe, , [509f0feee1a80f27c4f071984eb73bc5], 
PUP.Optional.Extutil.A, C:\Users\XXXX XXXX\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, , [e20d9f5e0782a78ff8ba1e4061a28977], 
PUP.Optional.Extutil.A, C:\Users\XXXX XXXX\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, , [e20d9f5e0782a78ff8ba1e4061a28977], 
PUP.Optional.Extutil.A, C:\Users\XXXX XXXX\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, , [e20d9f5e0782a78ff8ba1e4061a28977], 
PUP.Optional.Managera.A, C:\Users\XXXX XXXX\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, , [935caa531b6edf5706ad97c7a65db848], 
PUP.Optional.Managera.A, C:\Users\XXXX XXXX\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, , [935caa531b6edf5706ad97c7a65db848], 
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.215855\GoogleCrashHandler.exe, , [44ab5e9f58311a1ccce4e67a22e106fa], 
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.215855\GoogleUpdate.exe, , [44ab5e9f58311a1ccce4e67a22e106fa], 
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.215855\GoogleUpdateBroker.exe, , [44ab5e9f58311a1ccce4e67a22e106fa], 
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.215855\GoogleUpdateHelper.msi, , [44ab5e9f58311a1ccce4e67a22e106fa], 
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.215855\GoogleUpdateOnDemand.exe, , [44ab5e9f58311a1ccce4e67a22e106fa], 
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.215855\goopdate.dll, , [44ab5e9f58311a1ccce4e67a22e106fa], 
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.215855\goopdateres_en.dll, , [44ab5e9f58311a1ccce4e67a22e106fa], 
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.215855\npGoogleUpdate4.dll, , [44ab5e9f58311a1ccce4e67a22e106fa], 
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.215855\psmachine.dll, , [44ab5e9f58311a1ccce4e67a22e106fa], 
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.215855\psuser.dll, , [44ab5e9f58311a1ccce4e67a22e106fa], 
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.262501\GoogleCrashHandler.exe, , [77780eef3d4c310560503b2558ab57a9], 
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.262501\GoogleUpdate.exe, , [77780eef3d4c310560503b2558ab57a9], 
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.262501\GoogleUpdateBroker.exe, , [77780eef3d4c310560503b2558ab57a9], 
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.262501\GoogleUpdateHelper.msi, , [77780eef3d4c310560503b2558ab57a9], 
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.262501\GoogleUpdateOnDemand.exe, , [77780eef3d4c310560503b2558ab57a9], 
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.262501\goopdate.dll, , [77780eef3d4c310560503b2558ab57a9], 
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.262501\goopdateres_en.dll, , [77780eef3d4c310560503b2558ab57a9], 
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.262501\npGoogleUpdate4.dll, , [77780eef3d4c310560503b2558ab57a9], 
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.262501\psmachine.dll, , [77780eef3d4c310560503b2558ab57a9], 
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.262501\psuser.dll, , [77780eef3d4c310560503b2558ab57a9], 
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.55868\GoogleCrashHandler.exe, , [836cc13cbdcc2a0c565ab9a744bf718f], 
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.55868\GoogleUpdate.exe, , [836cc13cbdcc2a0c565ab9a744bf718f], 
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.55868\GoogleUpdateBroker.exe, , [836cc13cbdcc2a0c565ab9a744bf718f], 
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.55868\GoogleUpdateHelper.msi, , [836cc13cbdcc2a0c565ab9a744bf718f], 
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.55868\GoogleUpdateOnDemand.exe, , [836cc13cbdcc2a0c565ab9a744bf718f], 
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.55868\goopdate.dll, , [836cc13cbdcc2a0c565ab9a744bf718f], 
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.55868\goopdateres_en.dll, , [836cc13cbdcc2a0c565ab9a744bf718f], 
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.55868\npGoogleUpdate4.dll, , [836cc13cbdcc2a0c565ab9a744bf718f], 
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.55868\psmachine.dll, , [836cc13cbdcc2a0c565ab9a744bf718f], 
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.55868\psuser.dll, , [836cc13cbdcc2a0c565ab9a744bf718f], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\SBIEBrowserHelperObject.dll, , [ea0549b4f19865d1edbced7c0df6f40c], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\SCHelper.exe, , [ea0549b4f19865d1edbced7c0df6f40c], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\Search.lnk, , [ea0549b4f19865d1edbced7c0df6f40c], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\sma.exe, , [ea0549b4f19865d1edbced7c0df6f40c], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smci32.dll, , [ea0549b4f19865d1edbced7c0df6f40c], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smci64.dll, , [ea0549b4f19865d1edbced7c0df6f40c], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smei32.dll, , [ea0549b4f19865d1edbced7c0df6f40c], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smei64.dll, , [ea0549b4f19865d1edbced7c0df6f40c], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smfi32.dll, , [ea0549b4f19865d1edbced7c0df6f40c], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smfi64.dll, , [ea0549b4f19865d1edbced7c0df6f40c], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smi32.exe, , [ea0549b4f19865d1edbced7c0df6f40c], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smi64.exe, , [ea0549b4f19865d1edbced7c0df6f40c], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smoi32.dll, , [ea0549b4f19865d1edbced7c0df6f40c], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smoi64.dll, , [ea0549b4f19865d1edbced7c0df6f40c], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smp.exe, , [ea0549b4f19865d1edbced7c0df6f40c], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smri32.dll, , [ea0549b4f19865d1edbced7c0df6f40c], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smri64.dll, , [ea0549b4f19865d1edbced7c0df6f40c], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smu.exe, , [ea0549b4f19865d1edbced7c0df6f40c], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\SMUninstall.exe, , [ea0549b4f19865d1edbced7c0df6f40c], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smw.sys, , [ea0549b4f19865d1edbced7c0df6f40c], 
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro\spbia.exe, , [2bc4e21b95f463d37937a1c842c18f71], 
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro\spbici32.dll, , [2bc4e21b95f463d37937a1c842c18f71], 
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro\spbici64.dll, , [2bc4e21b95f463d37937a1c842c18f71], 
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro\spbii32.exe, , [2bc4e21b95f463d37937a1c842c18f71], 
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro\spbii64.exe, , [2bc4e21b95f463d37937a1c842c18f71], 
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro\spbiu.exe, , [2bc4e21b95f463d37937a1c842c18f71], 
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro\spbiw.sys, , [2bc4e21b95f463d37937a1c842c18f71], 
PUP.Optional.Cinema.A, C:\Program Files (x86)\CinemaP-1.4cV31.01\82c9399f-6c00-412e-9964-05c27db8ea3a.dll, , [d01f32cb494031051c9af575eb1807f9], 
PUP.Optional.Cinema.A, C:\Program Files (x86)\CinemaP-1.4cV31.01\beddc3a5-14c1-4be6-a132-5174f13a7c15.xpi, , [d01f32cb494031051c9af575eb1807f9], 
PUP.Optional.Cinema.A, C:\Program Files (x86)\CinemaP-1.4cV31.01\bgNova.html, , [d01f32cb494031051c9af575eb1807f9], 
PUP.Optional.Cinema.A, C:\Program Files (x86)\CinemaP-1.4cV31.01\Uninstall.exe, , [d01f32cb494031051c9af575eb1807f9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome.manifest, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\install.rdf, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\2e61c5641c8960992cac249b9b2a775e.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\50ea661ae9290662f6564923954b96ab.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\616be79461c0e7c1d48182dc89f201f2.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\ae634e438d7bac46cd21b8e1f17ce6af.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\background.html, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\browser.xul, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\dialog.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\f3c1760896b07877c2af41f802fb4aee.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\fee971c3fc89ff3400341f3a4b241986.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\ffCoreFilesIndex.txt, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\options.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\options.xul, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\search_dialog.xul, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\api\04ce4e1ef9bb25cd63266a6ca905235c.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\api\43a5950d1e3613f07f5dd5fe36f8570b.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\api\78429c54e9c0684702c52ce546b6037e.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\api\7cb88cd91ffacc2af6ad7e7fa2b6dbf0.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\api\87db14bf8e24836a744aa32291a9cdc6.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\api\92c4c7f063acaef6ad59abb3865c8df8.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\api\a566648a5650506eb184f9e3735bd15e.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\api\a7fe69fb7e0f086f472bd1d0579920da.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\api\aa847fd3c0cb935d27495f920de5c433.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\api\b6822480e3620b3595cbd46f4b27846c.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\api\c832aef2d201aea4ce618e265330470b.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\api\d06a86fc0ec0c1497e9a181b9bef24d7.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\api\d427c3fb160b39ea25f9ec887a81df16.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\api\ebec8321f0057985bda58b9660bd8b35.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\api\fd905910a9b10071b6acf93266cb1c03.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\api\fef45a9ea40d9e561f9daf52f04361d6.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\0d8c18a3f2a7774a42fd042e0acb82d8.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\19d0162e0b8eebd41a6158f7a93d9406.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\1a68024078ec576428d1b7a6a6a82645.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\35909570179b4fbae5b97c3512c49fec.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\371583a974de66c957a9fb5254a7ed49.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\387082cc174d0f7c93c66f9a3751e734.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\422d734c5a304576d8e885e84c9ccc43.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\4aa32452694c627b3c024681ef07d1c3.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\58feb168c3ad27060cef39467aac4241.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\62b27b370a65d23e9444b45ae9afa3fb.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\8ab848c3b12580f045111939fd82fc5e.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\8c9e6a4f91e47a877bdc3ca17c717a4e.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\92016c70ea98b3cadd2e83fe8f2bfb88.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\94d426e62c0d2ea8166a01e67e66d8a1.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\9ae60443a18a7acb458e9b5e5b1cab18.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\a286fe02feada72a753ae85e280096fc.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\c3fd1aaadbf94beb6e849d6cd47dae91.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\c98d9699d61d0880119d220b2352a981.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\dfbab2bc7049047fbc7564eb9cc080e1.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\fc064e3b4a5e6afa4e3c584ce640597b.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\installer.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\defaults\preferences\prefs.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\manifest.xml, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins.json, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\1.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\102.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\104.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\13.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\14.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\16.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\17.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\177.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\180.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\182.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\183.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\184.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\195.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\200.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\207.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\21.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\22.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\220.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\223.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\242.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\246.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\253.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\263.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\28.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\286.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\288.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\301.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\345.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\354.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\4.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\47.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\64.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\7.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\72.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\78.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\9.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\91.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\98.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\userCode\background.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\userCode\extension.js, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\locale\en-US\translations.dtd, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\skin\button1.png, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\skin\button2.png, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\skin\button3.png, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\skin\button4.png, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\skin\button5.png, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\skin\crossrider_statusbar.png, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\skin\icon128.png, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\skin\icon16.png, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\skin\icon24.png, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\skin\icon48.png, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\skin\panelarrow-up.png, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\skin\popup.html, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\skin\skin.css, , [658aa25baadf181e9a0b82fbba4937c9], 
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\skin\update.css, , [658aa25baadf181e9a0b82fbba4937c9], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

Neues Protokoll:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 05.02.2015
Suchlauf-Zeit: 20:53:28
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.05.08
Rootkit Datenbank: v2015.02.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: XXXX XXXX

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 453044
Verstrichene Zeit: 35 Min, 13 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 2
PUP.Optional.iWebar.A, HKLM\SOFTWARE\WOW6432NODE\iWebar-nv-ie, In Quarantäne, [b725df3b05856accb1ea33517d8601ff], 
PUP.Optional.iWebar.A, HKU\S-1-5-21-1242904208-471078349-2963378918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\iWebar-nv-ie, Löschen bei Neustart, [f5e71dfd4a40bb7b336994f058abf10f], 

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 2
PUP.Optional.SmootherWeb.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\jetpack\jid1-U7omKQ6kQfxMaQ@jetpack, In Quarantäne, [e1fb71a97f0bc17589634534c142bd43], 
PUP.Optional.SmootherWeb.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\jetpack\jid1-U7omKQ6kQfxMaQ@jetpack\simple-storage, In Quarantäne, [e1fb71a97f0bc17589634534c142bd43], 

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

Immer noch, neue Tabs werden automatisch geöffnet.
Werbe-Pupups und kleine Werbe-Pupups laden

01.02.2015, 01:19	#10
Bootsektor Ruhe in Frieden † 2019	Habe Mist gebaut... Was ist denn der genaue Wortlaut der Fehlermeldung? __________________ Grüße stolzes Mitglied von UNITE Du hast Lob oder Verbesserungsvorschläge? Du findest unsere Arbeit gut und möchtest uns finanziell unterstützen? -> Spende

Habe Mist gebaut...

Plagegeister aller Art und deren Bekämpfung: Habe Mist gebaut...

Habe Mist gebaut...

Habe Mist gebaut...

Habe Mist gebaut...

Habe Mist gebaut...

Habe Mist gebaut...

Habe Mist gebaut...

Habe Mist gebaut...

Habe Mist gebaut...

Habe Mist gebaut...

Habe Mist gebaut...

Habe Mist gebaut...

Habe Mist gebaut...

Habe Mist gebaut...

Habe Mist gebaut...

Habe Mist gebaut...

Ähnliche Themen: Habe Mist gebaut...

31.01.2015, 09:01	#1
magigstar	Habe Mist gebaut... Hallo Leute, ich glaube, ich habe Mist gebaut... Sagt euch "omiga-plus" was? Firefox startet nun mit omiga-plus, auch im Suchfeld. Soweit habe ich sie nun deinstallieren können. Aber ich glaube, jetzt ist es Trovi, die omiga-plus ersetzt hat, irgendwie... Also echt komisch...

01.02.2015, 01:03	#9
magigstar	Habe Mist gebaut... Es ist echt komisch... Ich habe alles deaktiviert. Habe ComboFix auf den Desktop verschoben. Ich klicke an, es lädt bzw. wird ausgespackt. Aber dann nichts... Starte ich ComboFix erneut, kommt gleich eine Fehlermeldung, die ich ignorieren, wiederholen oder abbrechen kann.