Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Alles rund um Windows (https://www.trojaner-board.de/alles-rund-um-windows/)
-   -   Windows 7 - Skype Update - Umleitung auf skype.gmw.cn (https://www.trojaner-board.de/157390-windows-7-skype-update-umleitung-skype-gmw-cn.html)

Anmoir 08.08.2014 21:10
Windows 7 - Skype Update - Umleitung auf skype.gmw.cn
 
Mir ist gerade folgendes passiert.

Ich wollte Skype nach langer Zeit mal wieder nutzen. Da wird mir schon direkt beim Start und noch vor dem Login angezeigt, dass ich Skype updaten müsste. Ich klicke einen Link und meine dann auf einer authentischen Skype Seite zu sein. Ich glaube, ich habe dann den Download Link angeklickt. Ich bekomme daraufhin vom Firefox browser add-on RequestPolicy, die Mitteilung angezeigt, ob ich denn nun wirklich auf skype.gmw.cn umgeleitet werden möchte. Dies kam mir spanisch vor, sodass ich dies verneint habe.

Ich habe dann über Skype direkt ein Update initiiert: "Eingeloggt >> Hilfe >> Auf Aktualisierung" prüfen und habe darüber ein Update durchgeführt.

Mir ist sonst bisher nichts weiteres aufgefallen, aber ich bin nun doch ein wenig verstört und misstrauisch, um nicht zu sagen paranoid. Ich habe leider keine Screenshots angefertigt und kann das Beschriebene nicht reproduzieren.

Wie schätzt du die Sache ein? Lieber auf Nummer sicher gehen und einen kompletten Trojaner check machen?

cosinus 08.08.2014 22:00
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Anmoir 08.08.2014 22:55
Ich habe keine weiteren Logs.

Es ist beeindruckend was FRST zu Tage fördert.

Vielen Dank für Ihre bzw. deine Hilfe.


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-08-2014
Ran by ***** (administrator) on T61 on 08-08-2014 23:34:48
Running from C:\Users\*****\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\WWU Client\cvpnd.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Károly Pados) C:\Program Files (x86)\TinyWall\TinyWall.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Károly Pados) C:\Program Files (x86)\TinyWall\TinyWall.exe
(hxxp://www.SteveMiller.net) C:\Users\*****\Downloads\Software\puretext20_x86\PureText.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Bartels Media GmbH) C:\Program Files (x86)\PhraseExpress\phraseexpress.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(CyberGhost S.R.L.) C:\Program Files\CyberGhost 5\CyberGhost.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(The OpenVPN Project) C:\Program Files\CyberGhost 5\Data\OpenVPN\openvpn.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be

moved.)

HKLM\...\Run: [TinyWall Controller] => C:\Program Files (x86)\TinyWall\TinyWall.exe [649176 2013-07-14] (Károly Pados)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH

& Co. KG)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2010624 2013-07-20]

(Dominik Reichl)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog

Devices, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3226777461-1414976616-3206541535-1000\...\Run: [PureText] => C:\Users\*****\Downloads\Software

\puretext20_x86\PureText.exe [28672 2012-12-18] (hxxp://www.SteveMiller.net)
HKU\S-1-5-21-3226777461-1414976616-3206541535-1000\...\MountPoints2: {f502cbef-987a-11e3-9dd0-001e37d6ddec} - F:\LaunchU3.exe

-a
HKU\S-1-5-21-3226777461-1414976616-3206541535-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [PureText] => C:\Users

\*****\Downloads\Software\puretext20_x86\PureText.exe [28672 2012-12-18] (hxxp://www.SteveMiller.net)
HKU\S-1-5-21-3226777461-1414976616-3206541535-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f502cbef-987a-

11e3-9dd0-001e37d6ddec} - F:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PhraseExpress.lnk
ShortcutTarget: PhraseExpress.lnk -> C:\Program Files (x86)\PhraseExpress\phraseexpress.exe (Bartels Media GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe ()
ShellIconOverlayIdentifiers:  0Cloudfogger -> {F5DF5511-92ED-4772-ACD6-A131630324FE} => C:\Program Files\Cloudfogger

\CfShellEx64_1.4.2041.dll (Cloudfogger GmbH)
ShellIconOverlayIdentifiers:  1Cloudfogger -> {14E5B85E-5A8A-4F67-ADA1-B07161924220} => C:\Program Files\Cloudfogger

\CfShellEx64_1.4.2041.dll (Cloudfogger GmbH)
ShellIconOverlayIdentifiers:  2Cloudfogger -> {7EAFE6FC-6935-4EEF-8553-E7F1D44BAB7A} => C:\Program Files\Cloudfogger

\CfShellEx64_1.4.2041.dll (Cloudfogger GmbH)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox

\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox

\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox

\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox

\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32:  0Cloudfogger -> {F5DF5511-92ED-4772-ACD6-A131630324FE} => C:\Program Files\Cloudfogger

\CfShellEx_1.4.2041.dll (Cloudfogger GmbH)
ShellIconOverlayIdentifiers-x32:  1Cloudfogger -> {14E5B85E-5A8A-4F67-ADA1-B07161924220} => C:\Program Files\Cloudfogger

\CfShellEx_1.4.2041.dll (Cloudfogger GmbH)
ShellIconOverlayIdentifiers-x32:  2Cloudfogger -> {7EAFE6FC-6935-4EEF-8553-E7F1D44BAB7A} => C:\Program Files\Cloudfogger

\CfShellEx_1.4.2041.dll (Cloudfogger GmbH)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming

\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming

\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming

\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8887;https=127.0.0.1:8887
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6AE000F42815CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office

\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle

Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office

\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll

(Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office

\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Dragon NaturallySpeaking Rich Internet Application Support - Extension -> {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} ->

C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll (Nuance Communications, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll

(Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office

\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin

\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - No CLSID Value -
Tcpip\Parameters: [DhcpNameServer] 95.169.183.219 89.41.60.38 37.221.175.198
Tcpip\..\Interfaces\{035FF806-E7A8-495E-9F89-8667F08F0E99}: [NameServer]95.169.183.219,89.41.60.38
Tcpip\..\Interfaces\{72590D10-C886-4CCF-B253-C5AB1CAA5AFE}: [NameServer]95.169.183.219,89.41.60.38

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default
FF DefaultSearchEngine: Startpage HTTPS - Deutsch
FF SelectedSearchEngine: Startpage HTTPS - Deutsch
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF

Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle

Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft

Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software

\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF

Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle

Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle

Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll (

Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker

Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF

Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software

Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\searchplugins\startpage-https---

deutsch.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\searchplugins\startpage-https---

uk.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\searchplugins\startpage-https.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\blekko-ssl.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\duckduckgo-ssl-javascript-

free.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-de-ssl.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-encrypted-no-

personalization.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick---deutsch.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---

deutsch.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---

english.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-eng-ger.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-esp-ale.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-fra-all.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\metager2.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-deutsch.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-english.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https.xml
FF Extension: German Dictionary - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\de-

DE@dictionaries.addons.mozilla.org [2014-07-03]
FF Extension: British English Dictionary (Updated) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default

\Extensions\en-gb@flyingtophat.co.uk [2013-10-23]
FF Extension: HTTPS-Everywhere - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\https-

everywhere@eff.org [2014-07-05]
FF Extension: KeeFox - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions

\keefox@chris.tomlinson [2014-07-05]
FF Extension: Zotero Word for Windows Integration - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default

\Extensions\zoteroWinWordIntegration@zotero.org [2014-06-02]
FF Extension: Ghostery - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions

\firefox@ghostery.com.xpi [2013-08-14]
FF Extension: IPFlood - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions

\ipfuck@p4ul.info.xpi [2014-08-06]
FF Extension: Readability - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions

\readability@readability.com.xpi [2013-01-05]
FF Extension: RequestPolicy - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions

\requestpolicy@requestpolicy.com.xpi [2013-08-16]
FF Extension: Test Pilot - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions

\testpilot@labs.mozilla.com.xpi [2012-12-18]
FF Extension: Zotero - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions

\zotero@chnm.gmu.edu.xpi [2013-04-18]
FF Extension: RefControl - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\{455D905A-

D37C-4643-A9E2-F6FEFAA0424A}.xpi [2013-09-01]
FF Extension: NoScript - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\{73a6fe31-595d-

460b-a920-fcc0f8843232}.xpi [2012-12-19]
FF Extension: Cookie Controller - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions

\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi [2012-12-19]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\{d10d0bf8-

f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-19]
FF Extension: BetterPrivacy - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\{d40f5e7b-

d2cf-4856-b441-cc613eeffbe3}.xpi [2012-12-19]
FF Extension: DownThemAll! - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\{DDC359D1-

844A-42a7-9AA1-88A850A938A8}.xpi [2013-01-08]
FF Extension: HTTPS-Everywhere - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\https-

everywhere@eff.org [2014-08-08]
FF Extension: DownloadHelper - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{b9db16a4-6edc-

47ec-a1f4-b86292ed211d} [2014-08-08]
FF Extension: JonDoFox - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{437be45a-4114-11dd-

b9ab-71d256d89593}.xpi [2014-07-23]
FF Extension: No Name - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{73a6fe31-595d-460b-a920-

fcc0f8843232}.xpi [2014-07-22]
FF Extension: Cookie Controller - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{ac2cfa60-bc96-

11e0-962b-0800200c9a66}.xpi [2014-07-22]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{d10d0bf8-f5b5-c8b4-

a8b2-2b9879e08c5d}.xpi [2014-06-11]
FF Extension: No Name - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{fa8476cf-a98c-4e08-99b4-

65a69cb4b7d4}.xpi [2014-06-11]
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance

\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files (x86)\Nuance

\NaturallySpeaking12\Program\ffShim.xpi [2013-02-11]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance

\NaturallySpeaking12\Program\chromeShim.crx [2013-02-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless

listed separately.)

R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2008-07-15] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH

& Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co.

KG)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-06-12] (CyberGhost S.R.L)
R2 CVPND; C:\Program Files (x86)\Cisco Systems\WWU Client\cvpnd.exe [1529856 2011-03-04] (Cisco Systems, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37176 2014-06-05] (The OpenVPN Project)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 TinyWall; C:\Program Files (x86)\TinyWall\TinyWall.exe [649176 2013-07-14] (Károly Pados) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless

listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-01] (Avira Operations GmbH & Co. KG)
R1 CBFilterFS; C:\Windows\system32\drivers\cbfltfs.sys [147720 2012-11-16] (EldoS Corporation)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352520 2012-12-04] (EldoS Corporation)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
S3 prwntdrv; C:\Windows\system32\prwntdrv.sys [16776 2010-08-25] () [File not signed]
S3 prwntdrv; C:\Windows\SysWOW64\prwntdrv.sys [13704 2010-08-25] () [File not signed]
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-08-20] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-08-20] ()
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-08-03] (The OpenVPN Project)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-06-11] (Cisco Systems, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately

to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-08 23:34 - 2014-08-08 23:35 - 00023294 _____ () C:\Users\*****\Desktop\FRST.txt
2014-08-08 23:34 - 2014-08-08 23:35 - 00000000 ____D () C:\FRST
2014-08-08 23:32 - 2014-08-08 23:32 - 02094080 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-08-08 23:18 - 2014-08-08 23:19 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-08 23:18 - 2014-08-08 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes

Anti-Malware
2014-08-08 23:18 - 2014-08-08 23:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-08 23:18 - 2014-08-08 23:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-08 23:18 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-08 23:18 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-08 23:18 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-08 22:56 - 2014-08-08 22:56 - 00000831 _____ () C:\Users\*****\Desktop\Computer.lnk
2014-08-08 22:17 - 2014-08-08 22:17 - 00010593 _____ () C:\Windows\CSTBox.INI
2014-08-08 21:29 - 2014-08-08 21:29 - 00000000 ____D () C:\Users\*****\AppData\Local\Skype
2014-08-08 21:29 - 2014-08-08 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-07 14:19 - 2014-08-07 14:19 - 00000919 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk
2014-08-07 14:19 - 2014-08-07 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2014-08-07 14:19 - 2014-08-07 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2014-08-07 13:45 - 2014-08-07 14:32 - 00000000 ____D () C:\Users\*****\AppData\Local\CyberGhost
2014-08-07 13:44 - 2014-08-07 13:45 - 00000000 ____D () C:\Program Files\TAP-Windows
2014-08-07 13:44 - 2014-08-07 13:45 - 00000000 ____D () C:\Program Files\CyberGhost 5
2014-08-07 13:44 - 2014-08-07 13:44 - 00001739 _____ () C:\Users\*****\Desktop\CyberGhost 5.lnk
2014-08-07 13:44 - 2014-08-07 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2014-08-06 12:08 - 2014-08-08 19:15 - 00003264 _____ () C:\Windows\System32\Tasks\SamsungMagician
2014-08-06 12:08 - 2014-08-06 12:08 - 00000000 ____D () C:\ProgramData\Samsung
2014-08-06 12:08 - 2014-08-06 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2014-08-06 12:08 - 2014-08-06 12:08 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-07-27 18:05 - 2014-07-27 18:05 - 00001276 _____ () C:\Users\*****\Desktop\TB_3.6.3.lnk
2014-07-27 13:37 - 2014-07-27 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2014-07-27 13:31 - 2014-07-27 13:31 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-27 13:31 - 2014-07-27 13:31 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-27 13:31 - 2014-07-27 13:31 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-27 13:31 - 2014-07-27 13:31 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-07-27 13:31 - 2014-07-27 13:31 - 00000000 ____D () C:\Program Files\Java
2014-07-27 13:29 - 2014-07-27 13:29 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-27 13:29 - 2014-07-27 13:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-27 13:29 - 2014-07-27 13:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-27 13:29 - 2014-07-27 13:29 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-27 13:29 - 2014-07-27 13:29 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-27 13:23 - 2014-07-27 13:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-27 13:21 - 2014-07-27 13:21 - 05018624 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-27 13:19 - 2014-07-27 13:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-07-27 13:07 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-27 13:07 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-27 13:07 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-27 13:07 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-27 13:07 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-27 13:07 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-27 13:07 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-27 13:07 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-27 13:07 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-27 13:07 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-27 13:07 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-27 13:07 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-27 13:07 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-27 13:07 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-27 13:07 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-27 13:07 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-27 13:07 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-27 13:07 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-27 13:07 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-27 13:07 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-27 13:07 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-27 13:07 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-27 13:07 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-27 13:07 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-27 13:07 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-27 13:07 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-27 13:07 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-27 13:07 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-27 13:07 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-27 13:07 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-27 13:07 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-27 13:07 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-27 13:07 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-27 13:07 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-27 13:07 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-27 13:07 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-27 13:07 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-27 13:07 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-27 13:07 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-27 13:07 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-27 13:07 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-27 13:07 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-27 13:07 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-27 13:07 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-27 13:07 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-27 13:07 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-27 13:07 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-27 13:07 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-27 13:07 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-27 13:07 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-27 13:07 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-27 13:07 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-27 13:07 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-27 13:07 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-27 13:07 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-27 13:07 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-27 13:07 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-27 13:07 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-27 13:07 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-27 13:07 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-27 13:07 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-27 13:07 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-27 13:07 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-27 13:07 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-27 13:07 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-27 13:07 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-27 13:07 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-27 13:07 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-27 13:07 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-27 13:07 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-27 13:07 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-27 13:07 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-27 13:07 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-27 13:07 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-27 13:07 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-27 13:07 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-27 13:07 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-27 13:07 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-27 13:07 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-08 23:35 - 2014-08-08 23:34 - 00023294 _____ () C:\Users\*****\Desktop\FRST.txt
2014-08-08 23:35 - 2014-08-08 23:34 - 00000000 ____D () C:\FRST
2014-08-08 23:32 - 2014-08-08 23:32 - 02094080 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-08-08 23:19 - 2014-08-08 23:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-08 23:18 - 2014-08-08 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes

Anti-Malware
2014-08-08 23:18 - 2014-08-08 23:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-08 23:18 - 2014-08-08 23:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-08 22:56 - 2014-08-08 22:56 - 00000831 _____ () C:\Users\*****\Desktop\Computer.lnk
2014-08-08 22:53 - 2012-12-20 19:24 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2014-08-08 22:17 - 2014-08-08 22:17 - 00010593 _____ () C:\Windows\CSTBox.INI
2014-08-08 21:29 - 2014-08-08 21:29 - 00000000 ____D () C:\Users\*****\AppData\Local\Skype
2014-08-08 21:29 - 2014-08-08 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-08 21:29 - 2013-01-30 09:44 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-08 21:29 - 2012-12-20 19:24 - 00000000 ____D () C:\ProgramData\Skype
2014-08-08 19:19 - 2009-07-14 06:45 - 00020720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-

1.C7483456-A289-439d-8115-601632D005A0
2014-08-08 19:19 - 2009-07-14 06:45 - 00020720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-

0.C7483456-A289-439d-8115-601632D005A0
2014-08-08 19:16 - 2012-12-15 15:13 - 01714955 _____ () C:\Windows\WindowsUpdate.log
2014-08-08 19:15 - 2014-08-06 12:08 - 00003264 _____ () C:\Windows\System32\Tasks\SamsungMagician
2014-08-08 19:15 - 2013-08-25 16:48 - 00003554 _____ () C:\Windows\System32\Tasks\PrivaZer_cleanup
2014-08-08 19:15 - 2013-08-22 22:47 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-08 19:15 - 2009-07-14 07:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-08 19:14 - 2013-09-18 18:19 - 00000000 ____D () C:\Windows\pss
2014-08-08 19:11 - 2013-08-23 10:23 - 00035168 _____ () C:\Windows\setupact.log
2014-08-08 19:11 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-08 01:45 - 2012-12-19 14:52 - 00000000 ____D () C:\Users\*****\Documents\PhraseExpress
2014-08-07 21:00 - 2013-08-14 17:31 - 00000000 ____D () C:\Users\*****\AppData\Local\privazer
2014-08-07 16:30 - 2013-03-18 22:32 - 00001303 _____ () C:\Users\*****\Desktop\2013.lnk
2014-08-07 14:44 - 2012-12-15 16:35 - 00000000 ____D () C:\Users\*****\AppData\Roaming\KeePass
2014-08-07 14:32 - 2014-08-07 13:45 - 00000000 ____D () C:\Users\*****\AppData\Local\CyberGhost
2014-08-07 14:29 - 2012-12-15 15:13 - 00000000 ____D () C:\Users\*****\AppData\Local\VirtualStore
2014-08-07 14:19 - 2014-08-07 14:19 - 00000919 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk
2014-08-07 14:19 - 2014-08-07 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2014-08-07 14:19 - 2014-08-07 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2014-08-07 14:19 - 2013-08-19 18:14 - 00000000 ____D () C:\Program Files\OpenVPN
2014-08-07 13:45 - 2014-08-07 13:44 - 00000000 ____D () C:\Program Files\TAP-Windows
2014-08-07 13:45 - 2014-08-07 13:44 - 00000000 ____D () C:\Program Files\CyberGhost 5
2014-08-07 13:44 - 2014-08-07 13:44 - 00001739 _____ () C:\Users\*****\Desktop\CyberGhost 5.lnk
2014-08-07 13:44 - 2014-08-07 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2014-08-06 21:28 - 2012-12-15 16:36 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-06 21:28 - 2012-12-15 16:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-06 21:05 - 2012-12-15 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron
2014-08-06 21:05 - 2012-12-15 18:04 - 00000000 ____D () C:\Program Files (x86)\SRWare Iron
2014-08-06 13:09 - 2012-12-18 22:11 - 00000000 ____D () C:\Users\*****\AppData\Roaming\XnView
2014-08-06 12:08 - 2014-08-06 12:08 - 00000000 ____D () C:\ProgramData\Samsung
2014-08-06 12:08 - 2014-08-06 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2014-08-06 12:08 - 2014-08-06 12:08 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-08-06 11:43 - 2014-07-03 21:46 - 00011094 _____ () C:\Windows\SecuniaPackage.log
2014-08-06 11:43 - 2013-08-18 21:03 - 00001005 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-31 12:28 - 2013-08-23 22:26 - 00208044 _____ () C:\Windows\PFRO.log
2014-07-31 12:28 - 2012-12-18 11:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-27 18:05 - 2014-07-27 18:05 - 00001276 _____ () C:\Users\*****\Desktop\TB_3.6.3.lnk
2014-07-27 18:02 - 2012-12-15 16:36 - 00000000 ____D () C:\Users\*****\Downloads\Software
2014-07-27 16:03 - 2012-12-18 11:18 - 00000000 ____D () C:\Users\*****\AppData\Local\Thunderbird
2014-07-27 14:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-27 14:14 - 2012-12-15 16:26 - 00000000 ___RD () C:\Office
2014-07-27 13:37 - 2014-07-27 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2014-07-27 13:37 - 2013-05-07 11:54 - 00000000 ____D () C:\ProgramData\Cisco
2014-07-27 13:37 - 2013-05-07 11:54 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-07-27 13:31 - 2014-07-27 13:31 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-27 13:31 - 2014-07-27 13:31 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-27 13:31 - 2014-07-27 13:31 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-27 13:31 - 2014-07-27 13:31 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-07-27 13:31 - 2014-07-27 13:31 - 00000000 ____D () C:\Program Files\Java
2014-07-27 13:29 - 2014-07-27 13:29 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-27 13:29 - 2014-07-27 13:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-27 13:29 - 2014-07-27 13:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-27 13:29 - 2014-07-27 13:29 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-27 13:29 - 2014-07-27 13:29 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-27 13:23 - 2014-07-27 13:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-27 13:21 - 2014-07-27 13:21 - 05018624 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-27 13:20 - 2014-07-27 13:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-07-27 13:15 - 2013-08-15 00:00 - 00416704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-27 13:14 - 2011-04-12 10:28 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-27 13:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-27 13:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-27 13:12 - 2012-12-15 18:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-27 13:11 - 2013-04-18 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft

Silverlight
2014-07-27 13:10 - 2013-04-18 12:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-27 13:10 - 2013-04-18 12:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-27 13:02 - 2013-05-07 14:23 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\avgnt.exe
C:\Users\*****\AppData\Local\Temp\jre1.7.offline.exe
C:\Users\*****\AppData\Local\Temp\Maint000.exe
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe
C:\Users\*****\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\*****\AppData\Local\Temp\vpnclient_setup.exe
C:\Users\*****\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-07 20:05

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-08-2014
Ran by ***** at 2014-08-08 23:35:33
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be

uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AbiWord 2.8.6 (HKLM-x32\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
Active@ Partition Recovery 9.0 (HKLM-x32\...\{9D7E3F86-DAA8-4894-96D6-A0AB26291A16}_is1) (Version: 9.0 - LSoft Technologies

Inc)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\{3FC9A6DE-C105-4576-8F63-656FFB1BF8EB}) (Version: 14.0.0.145 - Adobe Systems

Incorporated)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2000764158.48.56.12324074 - Audible, Inc.)
AutoHotkey 1.1.12.00 (HKLM\...\AutoHotkey) (Version: 1.1.12.00 - Lexikos)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Basic PAYE Tools - Real Time Information (HKLM-x32\...\Basic PAYE Tools - Real Time Information) (Version: 13.2.13232.64 - HM

Revenue & Customs)
Basic PAYE Tools 2012 (HKLM-x32\...\Basic PAYE Tools 2012) (Version: 4.2.1.20469 - HM Revenue & Customs)
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05170 - Cisco

Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05170 - Cisco Systems, Inc.) Hidden
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
Cloudfogger (HKLM\...\{E5A0D9A8-3711-4DB2-833C-FF79EF65830D}_is1) (Version: 1.4.2041.0 - Cloudfogger GmbH)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}

_Office14.PROPLUSR_{043645C8-48EC-458F-B9BD-9C8F15CEF6F7}) (Version:  - Microsoft)
Deutsch (Deutschland) - Denglisch (HKLM\...\{F4CE63B1-0172-4569-B364-CFDE3DBC2B5A}) (Version: 1.0.3.40 - Folke Ashberg,

www.ashberg.de)
Dragon NaturallySpeaking 12 (HKLM-x32\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.50.000 - Nuance Communications

Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
EaseUS Partition Recovery 5.6.1 (HKLM-x32\...\EaseUS Partition Recovery_is1) (Version:  - EaseUS)
English – Deutsche Sonderzeichen (HKLM\...\{5C4D3BD1-E741-46D1-B5BE-CF06A9F8B87A}) (Version: 1.0.3.40 - Company)
FreeFileSync 6.0 (HKLM-x32\...\FreeFileSync) (Version: 6.0 - Zenju)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.2.0.001 - HTC Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Java 7 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417065FF}) (Version: 7.0.650 - Oracle)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Jitsi (HKLM\...\{072C769F-0D49-4868-BE7F-DCE58CCBA681}) (Version: 2.2.4603.9615 - Jitsi)
KeePass Password Safe 2.23 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version:  - Dominik Reichl)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes

Corporation)
MAXQDA 10 Reader (R240113) (HKLM-x32\...\MAXQDA10Reader) (Version: (R240113) - VERBI Software.Consult.Sozialforschung GmbH)
MicroSIP (remove only) (HKLM-x32\...\MicroSIP) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft

Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Keyboard Layout Creator 1.4 (HKLM-x32\...\{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}) (Version: 1.4.6000 - Microsoft

Corp.)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2010 - German/Deutsch (HKLM\...\Office14.OMUI.de-de) (Version: 14.0.7015.1000 - Microsoft

Corporation)
Microsoft Office O MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 -

Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version:

9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version:

9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version:

9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version:

9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version:

10.0.40219 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 7.6.1 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool

Solution Ltd.)
MiniTool Power Data Recovery (HKLM-x32\...\MiniTool Power Data Recovery_is1) (Version:  - MiniTool Solution Ltd.)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 31.0 (x86 en-GB)) (Version: 31.0 - Mozilla)
MP3 Skype Recorder (HKLM-x32\...\{CB606F47-7D0E-40DF-95BB-0E5413A1295F}) (Version: 3.1.3 - Alexander Nikiforov)
MPC-HC 1.7.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.1 - Notepad++ Team)
OpenVPN 2.3.4-I002  (HKLM\...\OpenVPN) (Version: 2.3.4-I002 - )
PaperCut MF Client 11.0 (HKLM-x32\...\PaperCut MF Client_is1) (Version:  - PaperCut Software International Pty Ltd)
PdaNet+ for Android 4.01 (HKLM-x32\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd)
PhraseExpress v9.1.36 (HKLM-x32\...\PhraseExpress_is1) (Version: 9.1.36 - Bartels Media GmbH)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.8 - )
PrivaZer (HKCU\...\PrivaZer) (Version: 2.0.1.0 - Goversoft LLC)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.4.0 - Samsung Electronics)
Secunia PSI (3.0.0.7011) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}

_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 64-Bit Edition (HKLM\...\{90140000-0100-0407-1000-

0000000FF1CE}_Office14.OMUI.de-de_{F8F9897A-AA29-43EB-8847-94E0253CD458}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Sony Player Plug-in for Windows Media Player (HKLM-x32\...\Sony Player Plug-in for Windows Media Player) (Version:  - )
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.7255 - Analog Devices)
SRWare Iron version SRWare Iron 36.0.1950.0 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron

36.0.1950.0 - SRWare)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.43 - )
TinyWall (HKLM-x32\...\{E87F67CD-B72A-4B47-A01D-28CD16AC0711}) (Version: 2.1.4.0 - Károly Pados)
Tresorit (HKLM-x32\...\{3CD44037-27F5-4A9E-93F6-B3877416AB03}) (Version: 0.5.2.81 - Tresorit)
UFR II Printer Driver Uninstaller (HKLM\...\Canon UFR II Printer Driver) (Version: 6, 0, 0, 0 - Canon Inc.)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}

_Office14.PROPLUSR_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}

_Office14.PROPLUSR_{17815BC8-062D-49BE-B40C-B54149C85CE3}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}

_Office14.PROPLUSR_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}

_Office14.PROPLUSR_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}

_Office14.PROPLUSR_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{E636FE63-

842B-4F4B-9884-DA189ACC0B91}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{E636FE63-

842B-4F4B-9884-DA189ACC0B91}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E636FE63-

842B-4F4B-9884-DA189ACC0B91}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}

_Office14.PROPLUSR_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}

_Office14.PROPLUSR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}

_Office14.PROPLUSR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}

_Office14.PROPLUSR_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}

_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}

_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}

_Office14.PROPLUSR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}

_Office14.PROPLUSR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}

_Office14.PROPLUSR_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0100-0407-1000-0000000FF1CE}

_Office14.OMUI.de-de_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}

_Office14.PROPLUSR_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}

_Office14.PROPLUSR_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}

_Office14.OMUI.de-de_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}

_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}

_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}

_Office14.PROPLUSR_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}

_Office14.PROPLUSR_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}

_Office14.PROPLUSR_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}

_Office14.PROPLUSR_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}

_Office14.OMUI.de-de_{8F699D53-05FB-488E-B7D3-E4E47257BE5D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}

_Office14.OMUI.de-de_{324703B5-6765-489D-9B9B-B082D34F882E}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}

_Office14.PROPLUSR_{324703B5-6765-489D-9B9B-B082D34F882E}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}

_Office14.OMUI.de-de_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}

_Office14.PROPLUSR_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}

_Office14.PROPLUSR_{860EE8B1-0B9F-4A8A-91FE-649CD3C6754C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}

_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}

_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}

_Office14.OMUI.de-de_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}

_Office14.PROPLUSR_{DBAC8ED2-9287-499E-AD66-590C7413C7DE}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}

_Office14.PROPLUSR_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}

_Office14.OMUI.de-de_{FD360122-6829-4497-97C1-1BF578EF695B}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}

_Office14.PROPLUSR_{393B360E-62F8-463D-B914-1ECDC1359A46}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}

_Office14.PROPLUSR_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}

_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}

_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}

_Office14.PROPLUSR_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}

_Office14.PROPLUSR_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_

{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
XnView 2.13 (HKLM-x32\...\XnView_is1) (Version: 2.13 - Gougelet Pierre-e)
XP Codec Pack (HKLM-x32\...\XP Codec Pack) (Version: 2.5.3 - XP Codec Pack team)
xplorer² lite 32 bit (HKLM-x32\...\xplorer2l) (Version: 2.2.0.2 - Zabkat)
Zattoo4 4.0.5 (HKLM-x32\...\Zattoo4) (Version: 4.0.5 - Zattoo Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3226777461-1414976616-3206541535-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-

C0CE100EA736}\localserver32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3226777461-1414976616-3206541535-1000_Classes\CLSID\{822E4859-CCDD-476C-ABDF-

7F7A894A3CB7}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Tresorit\v0.5\TresoritExt64_1.dll ()
CustomCLSID: HKU\S-1-5-21-3226777461-1414976616-3206541535-1000_Classes\CLSID\{822E485A-CCDD-476C-ABDF-

7F7A894A3CB7}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Tresorit\v0.5\TresoritExt64_1.dll ()
CustomCLSID: HKU\S-1-5-21-3226777461-1414976616-3206541535-1000_Classes\CLSID\{822E485B-CCDD-476C-ABDF-

7F7A894A3CB7}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Tresorit\v0.5\TresoritExt64_1.dll ()
CustomCLSID: HKU\S-1-5-21-3226777461-1414976616-3206541535-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-

CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3226777461-1414976616-3206541535-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-

CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3226777461-1414976616-3206541535-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-

CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3226777461-1414976616-3206541535-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-

CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

==================== Restore Points  =========================

03-07-2014 19:33:25 Windows Update
03-07-2014 19:40:49 Windows Update
03-07-2014 20:16:47 Installed Universal Adb Driver
05-07-2014 13:04:27 Installed OpenVPN Client
05-07-2014 13:11:02 Installed Cisco AnyConnect Secure Mobility Client
27-07-2014 11:08:39 Windows Update
07-08-2014 11:44:53 Device Driver Package Install: TAP-Windows Provider V9 Network adapters
07-08-2014 12:17:20 Removed OpenVPN Client
08-08-2014 20:14:57 Removed MSXML 4.0 SP2 (KB954430)
08-08-2014 20:15:16 Removed MSXML 4.0 SP2 (KB973688)
08-08-2014 20:15:32 Removed MSXML 4.0 SP3 Parser (KB2758694)
08-08-2014 20:15:45 Removed MSXML 4.0 SP3 Parser
08-08-2014 20:15:59 Removed MSXML 4.0 SP2 Parser and SDK

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to

be moved.)

Task: {283586A3-4B36-4044-9405-F6720D949EBA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013

-07-22] (Piriform Ltd)
Task: {283C3DF4-0ACB-4F22-9911-DC0CAB03F9FD} - System32\Tasks\PrivaZer_cleanup => C:\Program Files (x86)\PrivaZer\PrivaZer.exe

[2013-08-14] (Goversoft LLC)
Task: {66418B0E-1AC5-4DD3-92E9-586AF04F3B42} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung

Magician\Samsung Magician.exe [2014-05-19] (Samsung Electronics.)

==================== Loaded Modules (whitelisted) =============

2013-09-30 16:20 - 2012-12-06 13:09 - 00136704 _____ () C:\Windows\System32\zlhp1600.dll
2013-07-21 15:01 - 2012-12-07 18:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2013-08-15 00:48 - 2013-08-15 00:48 - 00084952 _____ () C:\Windows\assembly\GAC_MSIL\TinyWall.XmlSerializers

\2.1.4.0__d9a8adbcd0c171b3\TinyWall.XmlSerializers.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures

\OFFICE.ODF
2010-10-20 17:23 - 2010-10-20 17:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2014-06-03 00:27 - 2014-06-03 00:27 - 00046080 _____ () C:\Users\*****\AppData\Local\KeePass\PluginCache\c3GfFtVBmF9t1qGb90Jb

\Fleck2.dll
2014-06-11 05:34 - 2014-06-11 05:34 - 00063400 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client

\zlib1.dll
2011-03-04 13:49 - 2011-03-04 13:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\WWU Client\vpnapi.dll
2012-12-19 14:50 - 2013-04-22 18:25 - 00445648 _____ () C:\Program Files (x86)\PhraseExpress\pexlang.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared

\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 17:45 - 2010-10-20 17:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office

\Office14\1033\GrooveIntlResource.dll
2014-08-07 13:44 - 2014-06-05 13:57 - 00161992 _____ () C:\Program Files\CyberGhost 5\Data\OpenVPN\liblzo2-2.dll
2014-08-07 13:44 - 2014-06-05 13:57 - 00112776 _____ () C:\Program Files\CyberGhost 5\Data\OpenVPN\libpkcs11-helper-1.dll
2014-07-27 13:23 - 2014-07-27 13:23 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-04-25 09:52 - 2013-04-25 09:52 - 00608656 _____ () C:\Users\*****\AppData\Roaming\Tresorit\v0.5\TresoritExt86_1.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MicroSIP.lnk => C:

\Windows\pss\MicroSIP.lnk.Startup
MSCONFIG\startupfolder: C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk => C:

\Windows\pss\PdaNet Desktop.lnk.Startup
MSCONFIG\startupfolder: C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Magician.lnk =>

C:\Windows\pss\Samsung Magician.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect

Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: Cloudfogger => "C:\Program Files\Cloudfogger\Cloudfogger.exe" --silent
MSCONFIG\startupreg: DNS7reminder => "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData

\Nuance\NaturallySpeaking12\Ereg.ini"
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
MSCONFIG\startupreg: PaperCut MF Client => "C:\Program Files (x86)\PaperCut MF Client\pc-client.exe" /silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow

the instructions.

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow

the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/08/2014 07:12:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND

TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2014 08:05:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS

\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line

C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/07/2014 03:00:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND

TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2014 01:31:16 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={3AD29240-C910-43D4-BB56-283808B3C163}: The user T61\***** dialed a connection named Germany_Frankfurt which

has failed. The error code returned on failure is 789.

Error: (08/07/2014 01:28:35 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={ABE8526C-CAC4-4ACA-B63D-5D9A9E7CE609}: The user T61\***** dialed a connection named Germany_Frankfurt which

has failed. The error code returned on failure is 0.

Error: (08/07/2014 01:27:02 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={B82F29AF-E5D8-4B6A-95AF-2556AE404D71}: The user T61\***** dialed a connection named Germany_Düsseldorf

which has failed. The error code returned on failure is 789.

Error: (08/07/2014 01:08:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND

TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2014 09:01:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND

TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2014 11:21:07 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at:

<hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (08/06/2014 11:20:38 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at:

<hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.


System errors:
=============
Error: (08/08/2014 07:12:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (08/08/2014 07:12:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CyberGhost 5 Client Service service failed to start due to the following error:
%%1053

Error: (08/08/2014 07:12:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the CyberGhost 5 Client Service service to connect.

Error: (08/07/2014 02:59:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (08/07/2014 01:07:20 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (08/06/2014 08:59:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (08/06/2014 11:08:13 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (07/31/2014 00:28:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (07/27/2014 01:15:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (07/27/2014 01:00:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom


Microsoft Office Sessions:
=========================
Error: (08/08/2014 07:12:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND

TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2014 08:05:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files

(x86)\Nuance\NaturallySpeaking12\Program\dragon_support_packager.exe

Error: (08/07/2014 03:00:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND

TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2014 01:31:16 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {3AD29240-C910-43D4-BB56-283808B3C163}T61\*****Germany_Frankfurt789

Error: (08/07/2014 01:28:35 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {ABE8526C-CAC4-4ACA-B63D-5D9A9E7CE609}T61\*****Germany_Frankfurt0

Error: (08/07/2014 01:27:02 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {B82F29AF-E5D8-4B6A-95AF-2556AE404D71}T61\*****Germany_Düsseldorf789

Error: (08/07/2014 01:08:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND

TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2014 09:01:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND

TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2014 11:21:07 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (08/06/2014 11:20:38 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.


CodeIntegrity Errors:
===================================
  Date: 2014-08-08 23:34:18.905
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows

\System32\AEADIAPR.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-08 23:34:16.627
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows

\System32\AEADIAPR.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-08 23:33:16.071
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows

\System32\AEADIAPR.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-08 23:22:04.712
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows

\System32\AEADIAPR.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-08 23:17:55.473
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows

\System32\AEADIAPR.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-08 22:57:45.651
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows

\System32\AEADIAPR.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-08 22:57:26.266
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows

\System32\AEADIAPR.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-08 22:57:24.623
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows

\System32\AEADIAPR.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-08 22:57:22.524
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows

\System32\AEADIAPR.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-08 22:57:20.798
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows

\System32\AEADIAPR.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 51%
Total physical RAM: 4022.3 MB
Available physical RAM: 1941.63 MB
Total Pagefile: 8042.77 MB
Available Pagefile: 5798.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Samsung 830) (Fixed) (Total:119.14 GB) (Free:17.7 GB) NTFS
Drive d: () (Fixed) (Total:25 GB) (Free:5.14 GB) NTFS
Drive e: (OfficeBackup) (Fixed) (Total:64.29 GB) (Free:10.92 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 93 GB) (Disk ID: 3C614189)
Partition 1: (Active) - (Size=25 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=64 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=4 GB) - (Type=02)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 9B6DE948)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus 08.08.2014 23:20
Die Logs sind leider unlesbar, da Zeilenumbrüche drin sind. Stell bitte sicher, dass du die Logs mit einem einfach Texteditor öffnest. Ich empfehle Notepad++ ? Wikipedia

Anmoir 09.08.2014 10:30
Noch ein Versuch:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-08-2014
Ran by ***** (administrator) on T61 on 08-08-2014 23:34:48
Running from C:\Users\*****\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\WWU Client\cvpnd.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Károly Pados) C:\Program Files (x86)\TinyWall\TinyWall.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Károly Pados) C:\Program Files (x86)\TinyWall\TinyWall.exe
(hxxp://www.SteveMiller.net) C:\Users\*****\Downloads\Software\puretext20_x86\PureText.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Bartels Media GmbH) C:\Program Files (x86)\PhraseExpress\phraseexpress.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(CyberGhost S.R.L.) C:\Program Files\CyberGhost 5\CyberGhost.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(The OpenVPN Project) C:\Program Files\CyberGhost 5\Data\OpenVPN\openvpn.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TinyWall Controller] => C:\Program Files (x86)\TinyWall\TinyWall.exe [649176 2013-07-14] (Károly Pados)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2010624 2013-07-20] (Dominik Reichl)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3226777461-1414976616-3206541535-1000\...\Run: [PureText] => C:\Users\*****\Downloads\Software\puretext20_x86\PureText.exe [28672 2012-12-18] (hxxp://www.SteveMiller.net)
HKU\S-1-5-21-3226777461-1414976616-3206541535-1000\...\MountPoints2: {f502cbef-987a-11e3-9dd0-001e37d6ddec} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3226777461-1414976616-3206541535-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [PureText] => C:\Users\*****\Downloads\Software\puretext20_x86\PureText.exe [28672 2012-12-18] (hxxp://www.SteveMiller.net)
HKU\S-1-5-21-3226777461-1414976616-3206541535-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f502cbef-987a-11e3-9dd0-001e37d6ddec} - F:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PhraseExpress.lnk
ShortcutTarget: PhraseExpress.lnk -> C:\Program Files (x86)\PhraseExpress\phraseexpress.exe (Bartels Media GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe ()
ShellIconOverlayIdentifiers:  0Cloudfogger -> {F5DF5511-92ED-4772-ACD6-A131630324FE} => C:\Program Files\Cloudfogger\CfShellEx64_1.4.2041.dll (Cloudfogger GmbH)
ShellIconOverlayIdentifiers:  1Cloudfogger -> {14E5B85E-5A8A-4F67-ADA1-B07161924220} => C:\Program Files\Cloudfogger\CfShellEx64_1.4.2041.dll (Cloudfogger GmbH)
ShellIconOverlayIdentifiers:  2Cloudfogger -> {7EAFE6FC-6935-4EEF-8553-E7F1D44BAB7A} => C:\Program Files\Cloudfogger\CfShellEx64_1.4.2041.dll (Cloudfogger GmbH)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32:  0Cloudfogger -> {F5DF5511-92ED-4772-ACD6-A131630324FE} => C:\Program Files\Cloudfogger\CfShellEx_1.4.2041.dll (Cloudfogger GmbH)
ShellIconOverlayIdentifiers-x32:  1Cloudfogger -> {14E5B85E-5A8A-4F67-ADA1-B07161924220} => C:\Program Files\Cloudfogger\CfShellEx_1.4.2041.dll (Cloudfogger GmbH)
ShellIconOverlayIdentifiers-x32:  2Cloudfogger -> {7EAFE6FC-6935-4EEF-8553-E7F1D44BAB7A} => C:\Program Files\Cloudfogger\CfShellEx_1.4.2041.dll (Cloudfogger GmbH)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8887;https=127.0.0.1:8887
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6AE000F42815CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Dragon NaturallySpeaking Rich Internet Application Support - Extension -> {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll (Nuance Communications, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - No CLSID Value -
Tcpip\Parameters: [DhcpNameServer] 95.169.183.219 89.41.60.38 37.221.175.198
Tcpip\..\Interfaces\{035FF806-E7A8-495E-9F89-8667F08F0E99}: [NameServer]95.169.183.219,89.41.60.38
Tcpip\..\Interfaces\{72590D10-C886-4CCF-B253-C5AB1CAA5AFE}: [NameServer]95.169.183.219,89.41.60.38

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default
FF DefaultSearchEngine: Startpage HTTPS - Deutsch
FF SelectedSearchEngine: Startpage HTTPS - Deutsch
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\searchplugins\startpage-https---uk.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\searchplugins\startpage-https.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\blekko-ssl.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\duckduckgo-ssl-javascript-free.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-de-ssl.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-encrypted-no-personalization.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick---deutsch.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---deutsch.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---english.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-eng-ger.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-esp-ale.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-fra-all.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\metager2.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-deutsch.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-english.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https.xml
FF Extension: German Dictionary - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-07-03]
FF Extension: British English Dictionary (Updated) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\en-gb@flyingtophat.co.uk [2013-10-23]
FF Extension: HTTPS-Everywhere - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\https-everywhere@eff.org [2014-07-05]
FF Extension: KeeFox - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\keefox@chris.tomlinson [2014-07-05]
FF Extension: Zotero Word for Windows Integration - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\zoteroWinWordIntegration@zotero.org [2014-06-02]
FF Extension: Ghostery - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\firefox@ghostery.com.xpi [2013-08-14]
FF Extension: IPFlood - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\ipfuck@p4ul.info.xpi [2014-08-06]
FF Extension: Readability - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\readability@readability.com.xpi [2013-01-05]
FF Extension: RequestPolicy - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\requestpolicy@requestpolicy.com.xpi [2013-08-16]
FF Extension: Test Pilot - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\testpilot@labs.mozilla.com.xpi [2012-12-18]
FF Extension: Zotero - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\zotero@chnm.gmu.edu.xpi [2013-04-18]
FF Extension: RefControl - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2013-09-01]
FF Extension: NoScript - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-12-19]
FF Extension: Cookie Controller - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi [2012-12-19]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-19]
FF Extension: BetterPrivacy - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-12-19]
FF Extension: DownThemAll! - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-01-08]
FF Extension: HTTPS-Everywhere - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\https-everywhere@eff.org [2014-08-08]
FF Extension: DownloadHelper - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-08-08]
FF Extension: JonDoFox - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{437be45a-4114-11dd-b9ab-71d256d89593}.xpi [2014-07-23]
FF Extension: No Name - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-22]
FF Extension: Cookie Controller - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi [2014-07-22]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-11]
FF Extension: No Name - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi [2014-06-11]
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013-02-11]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2013-02-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2008-07-15] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-06-12] (CyberGhost S.R.L)
R2 CVPND; C:\Program Files (x86)\Cisco Systems\WWU Client\cvpnd.exe [1529856 2011-03-04] (Cisco Systems, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37176 2014-06-05] (The OpenVPN Project)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 TinyWall; C:\Program Files (x86)\TinyWall\TinyWall.exe [649176 2013-07-14] (Károly Pados) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-01] (Avira Operations GmbH & Co. KG)
R1 CBFilterFS; C:\Windows\system32\drivers\cbfltfs.sys [147720 2012-11-16] (EldoS Corporation)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352520 2012-12-04] (EldoS Corporation)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
S3 prwntdrv; C:\Windows\system32\prwntdrv.sys [16776 2010-08-25] () [File not signed]
S3 prwntdrv; C:\Windows\SysWOW64\prwntdrv.sys [13704 2010-08-25] () [File not signed]
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-08-20] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-08-20] ()
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-08-03] (The OpenVPN Project)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-06-11] (Cisco Systems, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-08 23:34 - 2014-08-08 23:35 - 00023294 _____ () C:\Users\*****\Desktop\FRST.txt
2014-08-08 23:34 - 2014-08-08 23:35 - 00000000 ____D () C:\FRST
2014-08-08 23:32 - 2014-08-08 23:32 - 02094080 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-08-08 23:18 - 2014-08-08 23:19 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-08 23:18 - 2014-08-08 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-08 23:18 - 2014-08-08 23:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-08 23:18 - 2014-08-08 23:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-08 23:18 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-08 23:18 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-08 23:18 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-08 22:56 - 2014-08-08 22:56 - 00000831 _____ () C:\Users\*****\Desktop\Computer.lnk
2014-08-08 22:17 - 2014-08-08 22:17 - 00010593 _____ () C:\Windows\CSTBox.INI
2014-08-08 21:29 - 2014-08-08 21:29 - 00000000 ____D () C:\Users\*****\AppData\Local\Skype
2014-08-08 21:29 - 2014-08-08 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-07 14:19 - 2014-08-07 14:19 - 00000919 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk
2014-08-07 14:19 - 2014-08-07 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2014-08-07 14:19 - 2014-08-07 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2014-08-07 13:45 - 2014-08-07 14:32 - 00000000 ____D () C:\Users\*****\AppData\Local\CyberGhost
2014-08-07 13:44 - 2014-08-07 13:45 - 00000000 ____D () C:\Program Files\TAP-Windows
2014-08-07 13:44 - 2014-08-07 13:45 - 00000000 ____D () C:\Program Files\CyberGhost 5
2014-08-07 13:44 - 2014-08-07 13:44 - 00001739 _____ () C:\Users\*****\Desktop\CyberGhost 5.lnk
2014-08-07 13:44 - 2014-08-07 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2014-08-06 12:08 - 2014-08-08 19:15 - 00003264 _____ () C:\Windows\System32\Tasks\SamsungMagician
2014-08-06 12:08 - 2014-08-06 12:08 - 00000000 ____D () C:\ProgramData\Samsung
2014-08-06 12:08 - 2014-08-06 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2014-08-06 12:08 - 2014-08-06 12:08 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-07-27 18:05 - 2014-07-27 18:05 - 00001276 _____ () C:\Users\*****\Desktop\TB_3.6.3.lnk
2014-07-27 13:37 - 2014-07-27 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2014-07-27 13:31 - 2014-07-27 13:31 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-27 13:31 - 2014-07-27 13:31 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-27 13:31 - 2014-07-27 13:31 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-27 13:31 - 2014-07-27 13:31 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-07-27 13:31 - 2014-07-27 13:31 - 00000000 ____D () C:\Program Files\Java
2014-07-27 13:29 - 2014-07-27 13:29 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-27 13:29 - 2014-07-27 13:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-27 13:29 - 2014-07-27 13:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-27 13:29 - 2014-07-27 13:29 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-27 13:29 - 2014-07-27 13:29 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-27 13:23 - 2014-07-27 13:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-27 13:21 - 2014-07-27 13:21 - 05018624 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-27 13:19 - 2014-07-27 13:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-07-27 13:07 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-27 13:07 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-27 13:07 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-27 13:07 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-27 13:07 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-27 13:07 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-27 13:07 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-27 13:07 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-27 13:07 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-27 13:07 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-27 13:07 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-27 13:07 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-27 13:07 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-27 13:07 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-27 13:07 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-27 13:07 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-27 13:07 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-27 13:07 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-27 13:07 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-27 13:07 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-27 13:07 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-27 13:07 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-27 13:07 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-27 13:07 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-27 13:07 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-27 13:07 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-27 13:07 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-27 13:07 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-27 13:07 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-27 13:07 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-27 13:07 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-27 13:07 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-27 13:07 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-27 13:07 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-27 13:07 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-27 13:07 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-27 13:07 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-27 13:07 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-27 13:07 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-27 13:07 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-27 13:07 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-27 13:07 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-27 13:07 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-27 13:07 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-27 13:07 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-27 13:07 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-27 13:07 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-27 13:07 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-27 13:07 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-27 13:07 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-27 13:07 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-27 13:07 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-27 13:07 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-27 13:07 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-27 13:07 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-27 13:07 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-27 13:07 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-27 13:07 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-27 13:07 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-27 13:07 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-27 13:07 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-27 13:07 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-27 13:07 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-27 13:07 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-27 13:07 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-27 13:07 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-27 13:07 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-27 13:07 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-27 13:07 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-27 13:07 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-27 13:07 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-27 13:07 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-27 13:07 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-27 13:07 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-27 13:07 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-27 13:07 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-27 13:07 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-27 13:07 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-27 13:07 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-08 23:35 - 2014-08-08 23:34 - 00023294 _____ () C:\Users\*****\Desktop\FRST.txt
2014-08-08 23:35 - 2014-08-08 23:34 - 00000000 ____D () C:\FRST
2014-08-08 23:32 - 2014-08-08 23:32 - 02094080 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-08-08 23:19 - 2014-08-08 23:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-08 23:18 - 2014-08-08 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-08 23:18 - 2014-08-08 23:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-08 23:18 - 2014-08-08 23:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-08 22:56 - 2014-08-08 22:56 - 00000831 _____ () C:\Users\*****\Desktop\Computer.lnk
2014-08-08 22:53 - 2012-12-20 19:24 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2014-08-08 22:17 - 2014-08-08 22:17 - 00010593 _____ () C:\Windows\CSTBox.INI
2014-08-08 21:29 - 2014-08-08 21:29 - 00000000 ____D () C:\Users\*****\AppData\Local\Skype
2014-08-08 21:29 - 2014-08-08 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-08 21:29 - 2013-01-30 09:44 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-08 21:29 - 2012-12-20 19:24 - 00000000 ____D () C:\ProgramData\Skype
2014-08-08 19:19 - 2009-07-14 06:45 - 00020720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-08 19:19 - 2009-07-14 06:45 - 00020720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-08 19:16 - 2012-12-15 15:13 - 01714955 _____ () C:\Windows\WindowsUpdate.log
2014-08-08 19:15 - 2014-08-06 12:08 - 00003264 _____ () C:\Windows\System32\Tasks\SamsungMagician
2014-08-08 19:15 - 2013-08-25 16:48 - 00003554 _____ () C:\Windows\System32\Tasks\PrivaZer_cleanup
2014-08-08 19:15 - 2013-08-22 22:47 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-08 19:15 - 2009-07-14 07:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-08 19:14 - 2013-09-18 18:19 - 00000000 ____D () C:\Windows\pss
2014-08-08 19:11 - 2013-08-23 10:23 - 00035168 _____ () C:\Windows\setupact.log
2014-08-08 19:11 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-08 01:45 - 2012-12-19 14:52 - 00000000 ____D () C:\Users\*****\Documents\PhraseExpress
2014-08-07 21:00 - 2013-08-14 17:31 - 00000000 ____D () C:\Users\*****\AppData\Local\privazer
2014-08-07 16:30 - 2013-03-18 22:32 - 00001303 _____ () C:\Users\*****\Desktop\2013.lnk
2014-08-07 14:44 - 2012-12-15 16:35 - 00000000 ____D () C:\Users\*****\AppData\Roaming\KeePass
2014-08-07 14:32 - 2014-08-07 13:45 - 00000000 ____D () C:\Users\*****\AppData\Local\CyberGhost
2014-08-07 14:29 - 2012-12-15 15:13 - 00000000 ____D () C:\Users\*****\AppData\Local\VirtualStore
2014-08-07 14:19 - 2014-08-07 14:19 - 00000919 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk
2014-08-07 14:19 - 2014-08-07 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2014-08-07 14:19 - 2014-08-07 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2014-08-07 14:19 - 2013-08-19 18:14 - 00000000 ____D () C:\Program Files\OpenVPN
2014-08-07 13:45 - 2014-08-07 13:44 - 00000000 ____D () C:\Program Files\TAP-Windows
2014-08-07 13:45 - 2014-08-07 13:44 - 00000000 ____D () C:\Program Files\CyberGhost 5
2014-08-07 13:44 - 2014-08-07 13:44 - 00001739 _____ () C:\Users\*****\Desktop\CyberGhost 5.lnk
2014-08-07 13:44 - 2014-08-07 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2014-08-06 21:28 - 2012-12-15 16:36 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-06 21:28 - 2012-12-15 16:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-06 21:05 - 2012-12-15 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron
2014-08-06 21:05 - 2012-12-15 18:04 - 00000000 ____D () C:\Program Files (x86)\SRWare Iron
2014-08-06 13:09 - 2012-12-18 22:11 - 00000000 ____D () C:\Users\*****\AppData\Roaming\XnView
2014-08-06 12:08 - 2014-08-06 12:08 - 00000000 ____D () C:\ProgramData\Samsung
2014-08-06 12:08 - 2014-08-06 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2014-08-06 12:08 - 2014-08-06 12:08 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-08-06 11:43 - 2014-07-03 21:46 - 00011094 _____ () C:\Windows\SecuniaPackage.log
2014-08-06 11:43 - 2013-08-18 21:03 - 00001005 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-31 12:28 - 2013-08-23 22:26 - 00208044 _____ () C:\Windows\PFRO.log
2014-07-31 12:28 - 2012-12-18 11:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-27 18:05 - 2014-07-27 18:05 - 00001276 _____ () C:\Users\*****\Desktop\TB_3.6.3.lnk
2014-07-27 18:02 - 2012-12-15 16:36 - 00000000 ____D () C:\Users\*****\Downloads\Software
2014-07-27 16:03 - 2012-12-18 11:18 - 00000000 ____D () C:\Users\*****\AppData\Local\Thunderbird
2014-07-27 14:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-27 14:14 - 2012-12-15 16:26 - 00000000 ___RD () C:\Office
2014-07-27 13:37 - 2014-07-27 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2014-07-27 13:37 - 2013-05-07 11:54 - 00000000 ____D () C:\ProgramData\Cisco
2014-07-27 13:37 - 2013-05-07 11:54 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-07-27 13:31 - 2014-07-27 13:31 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-27 13:31 - 2014-07-27 13:31 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-27 13:31 - 2014-07-27 13:31 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-27 13:31 - 2014-07-27 13:31 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-07-27 13:31 - 2014-07-27 13:31 - 00000000 ____D () C:\Program Files\Java
2014-07-27 13:29 - 2014-07-27 13:29 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-27 13:29 - 2014-07-27 13:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-27 13:29 - 2014-07-27 13:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-27 13:29 - 2014-07-27 13:29 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-27 13:29 - 2014-07-27 13:29 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-27 13:23 - 2014-07-27 13:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-27 13:21 - 2014-07-27 13:21 - 05018624 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-27 13:20 - 2014-07-27 13:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-07-27 13:15 - 2013-08-15 00:00 - 00416704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-27 13:14 - 2011-04-12 10:28 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-27 13:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-27 13:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-27 13:12 - 2012-12-15 18:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-27 13:11 - 2013-04-18 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-27 13:10 - 2013-04-18 12:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-27 13:10 - 2013-04-18 12:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-27 13:02 - 2013-05-07 14:23 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\avgnt.exe
C:\Users\*****\AppData\Local\Temp\jre1.7.offline.exe
C:\Users\*****\AppData\Local\Temp\Maint000.exe
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe
C:\Users\*****\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\*****\AppData\Local\Temp\vpnclient_setup.exe
C:\Users\*****\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-07 20:05

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-08-2014
Ran by ***** at 2014-08-08 23:35:33
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AbiWord 2.8.6 (HKLM-x32\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
Active@ Partition Recovery 9.0 (HKLM-x32\...\{9D7E3F86-DAA8-4894-96D6-A0AB26291A16}_is1) (Version: 9.0 - LSoft Technologies Inc)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\{3FC9A6DE-C105-4576-8F63-656FFB1BF8EB}) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2000764158.48.56.12324074 - Audible, Inc.)
AutoHotkey 1.1.12.00 (HKLM\...\AutoHotkey) (Version: 1.1.12.00 - Lexikos)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Basic PAYE Tools - Real Time Information (HKLM-x32\...\Basic PAYE Tools - Real Time Information) (Version: 13.2.13232.64 - HM Revenue & Customs)
Basic PAYE Tools 2012 (HKLM-x32\...\Basic PAYE Tools 2012) (Version: 4.2.1.20469 - HM Revenue & Customs)
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05170 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05170 - Cisco Systems, Inc.) Hidden
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
Cloudfogger (HKLM\...\{E5A0D9A8-3711-4DB2-833C-FF79EF65830D}_is1) (Version: 1.4.2041.0 - Cloudfogger GmbH)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{043645C8-48EC-458F-B9BD-9C8F15CEF6F7}) (Version:  - Microsoft)
Deutsch (Deutschland) - Denglisch (HKLM\...\{F4CE63B1-0172-4569-B364-CFDE3DBC2B5A}) (Version: 1.0.3.40 - Folke Ashberg, www.ashberg.de)
Dragon NaturallySpeaking 12 (HKLM-x32\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.50.000 - Nuance Communications Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
EaseUS Partition Recovery 5.6.1 (HKLM-x32\...\EaseUS Partition Recovery_is1) (Version:  - EaseUS)
English – Deutsche Sonderzeichen (HKLM\...\{5C4D3BD1-E741-46D1-B5BE-CF06A9F8B87A}) (Version: 1.0.3.40 - Company)
FreeFileSync 6.0 (HKLM-x32\...\FreeFileSync) (Version: 6.0 - Zenju)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.2.0.001 - HTC Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Java 7 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417065FF}) (Version: 7.0.650 - Oracle)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Jitsi (HKLM\...\{072C769F-0D49-4868-BE7F-DCE58CCBA681}) (Version: 2.2.4603.9615 - Jitsi)
KeePass Password Safe 2.23 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version:  - Dominik Reichl)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MAXQDA 10 Reader (R240113) (HKLM-x32\...\MAXQDA10Reader) (Version: (R240113) - VERBI Software.Consult.Sozialforschung GmbH)
MicroSIP (remove only) (HKLM-x32\...\MicroSIP) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Keyboard Layout Creator 1.4 (HKLM-x32\...\{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}) (Version: 1.4.6000 - Microsoft Corp.)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2010 - German/Deutsch (HKLM\...\Office14.OMUI.de-de) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office O MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 7.6.1 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
MiniTool Power Data Recovery (HKLM-x32\...\MiniTool Power Data Recovery_is1) (Version:  - MiniTool Solution Ltd.)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 31.0 (x86 en-GB)) (Version: 31.0 - Mozilla)
MP3 Skype Recorder (HKLM-x32\...\{CB606F47-7D0E-40DF-95BB-0E5413A1295F}) (Version: 3.1.3 - Alexander Nikiforov)
MPC-HC 1.7.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.1 - Notepad++ Team)
OpenVPN 2.3.4-I002  (HKLM\...\OpenVPN) (Version: 2.3.4-I002 - )
PaperCut MF Client 11.0 (HKLM-x32\...\PaperCut MF Client_is1) (Version:  - PaperCut Software International Pty Ltd)
PdaNet+ for Android 4.01 (HKLM-x32\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd)
PhraseExpress v9.1.36 (HKLM-x32\...\PhraseExpress_is1) (Version: 9.1.36 - Bartels Media GmbH)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.8 - )
PrivaZer (HKCU\...\PrivaZer) (Version: 2.0.1.0 - Goversoft LLC)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.4.0 - Samsung Electronics)
Secunia PSI (3.0.0.7011) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 64-Bit Edition (HKLM\...\{90140000-0100-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{F8F9897A-AA29-43EB-8847-94E0253CD458}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Sony Player Plug-in for Windows Media Player (HKLM-x32\...\Sony Player Plug-in for Windows Media Player) (Version:  - )
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.7255 - Analog Devices)
SRWare Iron version SRWare Iron 36.0.1950.0 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 36.0.1950.0 - SRWare)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.43 - )
TinyWall (HKLM-x32\...\{E87F67CD-B72A-4B47-A01D-28CD16AC0711}) (Version: 2.1.4.0 - Károly Pados)
Tresorit (HKLM-x32\...\{3CD44037-27F5-4A9E-93F6-B3877416AB03}) (Version: 0.5.2.81 - Tresorit)
UFR II Printer Driver Uninstaller (HKLM\...\Canon UFR II Printer Driver) (Version: 6, 0, 0, 0 - Canon Inc.)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{17815BC8-062D-49BE-B40C-B54149C85CE3}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{E636FE63-842B-4F4B-9884-DA189ACC0B91}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{E636FE63-842B-4F4B-9884-DA189ACC0B91}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E636FE63-842B-4F4B-9884-DA189ACC0B91}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0100-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{8F699D53-05FB-488E-B7D3-E4E47257BE5D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.OMUI.de-de_{324703B5-6765-489D-9B9B-B082D34F882E}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{324703B5-6765-489D-9B9B-B082D34F882E}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.OMUI.de-de_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{860EE8B1-0B9F-4A8A-91FE-649CD3C6754C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{DBAC8ED2-9287-499E-AD66-590C7413C7DE}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{FD360122-6829-4497-97C1-1BF578EF695B}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{393B360E-62F8-463D-B914-1ECDC1359A46}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
XnView 2.13 (HKLM-x32\...\XnView_is1) (Version: 2.13 - Gougelet Pierre-e)
XP Codec Pack (HKLM-x32\...\XP Codec Pack) (Version: 2.5.3 - XP Codec Pack team)
xplorer² lite 32 bit (HKLM-x32\...\xplorer2l) (Version: 2.2.0.2 - Zabkat)
Zattoo4 4.0.5 (HKLM-x32\...\Zattoo4) (Version: 4.0.5 - Zattoo Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3226777461-1414976616-3206541535-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3226777461-1414976616-3206541535-1000_Classes\CLSID\{822E4859-CCDD-476C-ABDF-7F7A894A3CB7}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Tresorit\v0.5\TresoritExt64_1.dll ()
CustomCLSID: HKU\S-1-5-21-3226777461-1414976616-3206541535-1000_Classes\CLSID\{822E485A-CCDD-476C-ABDF-7F7A894A3CB7}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Tresorit\v0.5\TresoritExt64_1.dll ()
CustomCLSID: HKU\S-1-5-21-3226777461-1414976616-3206541535-1000_Classes\CLSID\{822E485B-CCDD-476C-ABDF-7F7A894A3CB7}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Tresorit\v0.5\TresoritExt64_1.dll ()
CustomCLSID: HKU\S-1-5-21-3226777461-1414976616-3206541535-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3226777461-1414976616-3206541535-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3226777461-1414976616-3206541535-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3226777461-1414976616-3206541535-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

==================== Restore Points  =========================

03-07-2014 19:33:25 Windows Update
03-07-2014 19:40:49 Windows Update
03-07-2014 20:16:47 Installed Universal Adb Driver
05-07-2014 13:04:27 Installed OpenVPN Client
05-07-2014 13:11:02 Installed Cisco AnyConnect Secure Mobility Client
27-07-2014 11:08:39 Windows Update
07-08-2014 11:44:53 Device Driver Package Install: TAP-Windows Provider V9 Network adapters
07-08-2014 12:17:20 Removed OpenVPN Client
08-08-2014 20:14:57 Removed MSXML 4.0 SP2 (KB954430)
08-08-2014 20:15:16 Removed MSXML 4.0 SP2 (KB973688)
08-08-2014 20:15:32 Removed MSXML 4.0 SP3 Parser (KB2758694)
08-08-2014 20:15:45 Removed MSXML 4.0 SP3 Parser
08-08-2014 20:15:59 Removed MSXML 4.0 SP2 Parser and SDK

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {283586A3-4B36-4044-9405-F6720D949EBA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {283C3DF4-0ACB-4F22-9911-DC0CAB03F9FD} - System32\Tasks\PrivaZer_cleanup => C:\Program Files (x86)\PrivaZer\PrivaZer.exe [2013-08-14] (Goversoft LLC)
Task: {66418B0E-1AC5-4DD3-92E9-586AF04F3B42} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-05-19] (Samsung Electronics.)

==================== Loaded Modules (whitelisted) =============

2013-09-30 16:20 - 2012-12-06 13:09 - 00136704 _____ () C:\Windows\System32\zlhp1600.dll
2013-07-21 15:01 - 2012-12-07 18:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2013-08-15 00:48 - 2013-08-15 00:48 - 00084952 _____ () C:\Windows\assembly\GAC_MSIL\TinyWall.XmlSerializers\2.1.4.0__d9a8adbcd0c171b3\TinyWall.XmlSerializers.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 17:23 - 2010-10-20 17:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2014-06-03 00:27 - 2014-06-03 00:27 - 00046080 _____ () C:\Users\*****\AppData\Local\KeePass\PluginCache\c3GfFtVBmF9t1qGb90Jb\Fleck2.dll
2014-06-11 05:34 - 2014-06-11 05:34 - 00063400 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2011-03-04 13:49 - 2011-03-04 13:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\WWU Client\vpnapi.dll
2012-12-19 14:50 - 2013-04-22 18:25 - 00445648 _____ () C:\Program Files (x86)\PhraseExpress\pexlang.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 17:45 - 2010-10-20 17:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-08-07 13:44 - 2014-06-05 13:57 - 00161992 _____ () C:\Program Files\CyberGhost 5\Data\OpenVPN\liblzo2-2.dll
2014-08-07 13:44 - 2014-06-05 13:57 - 00112776 _____ () C:\Program Files\CyberGhost 5\Data\OpenVPN\libpkcs11-helper-1.dll
2014-07-27 13:23 - 2014-07-27 13:23 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-04-25 09:52 - 2013-04-25 09:52 - 00608656 _____ () C:\Users\*****\AppData\Roaming\Tresorit\v0.5\TresoritExt86_1.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MicroSIP.lnk => C:\Windows\pss\MicroSIP.lnk.Startup
MSCONFIG\startupfolder: C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk => C:\Windows\pss\PdaNet Desktop.lnk.Startup
MSCONFIG\startupfolder: C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Magician.lnk => C:\Windows\pss\Samsung Magician.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: Cloudfogger => "C:\Program Files\Cloudfogger\Cloudfogger.exe" --silent
MSCONFIG\startupreg: DNS7reminder => "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
MSCONFIG\startupreg: PaperCut MF Client => "C:\Program Files (x86)\PaperCut MF Client\pc-client.exe" /silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/08/2014 07:12:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2014 08:05:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/07/2014 03:00:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2014 01:31:16 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={3AD29240-C910-43D4-BB56-283808B3C163}: The user T61\***** dialed a connection named Germany_Frankfurt which has failed. The error code returned on failure is 789.

Error: (08/07/2014 01:28:35 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={ABE8526C-CAC4-4ACA-B63D-5D9A9E7CE609}: The user T61\***** dialed a connection named Germany_Frankfurt which has failed. The error code returned on failure is 0.

Error: (08/07/2014 01:27:02 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={B82F29AF-E5D8-4B6A-95AF-2556AE404D71}: The user T61\***** dialed a connection named Germany_Düsseldorf which has failed. The error code returned on failure is 789.

Error: (08/07/2014 01:08:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2014 09:01:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2014 11:21:07 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (08/06/2014 11:20:38 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.


System errors:
=============
Error: (08/08/2014 07:12:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (08/08/2014 07:12:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CyberGhost 5 Client Service service failed to start due to the following error:
%%1053

Error: (08/08/2014 07:12:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the CyberGhost 5 Client Service service to connect.

Error: (08/07/2014 02:59:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (08/07/2014 01:07:20 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (08/06/2014 08:59:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (08/06/2014 11:08:13 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (07/31/2014 00:28:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (07/27/2014 01:15:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (07/27/2014 01:00:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom


Microsoft Office Sessions:
=========================
Error: (08/08/2014 07:12:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2014 08:05:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\dragon_support_packager.exe

Error: (08/07/2014 03:00:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2014 01:31:16 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {3AD29240-C910-43D4-BB56-283808B3C163}T61\*****Germany_Frankfurt789

Error: (08/07/2014 01:28:35 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {ABE8526C-CAC4-4ACA-B63D-5D9A9E7CE609}T61\*****Germany_Frankfurt0

Error: (08/07/2014 01:27:02 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {B82F29AF-E5D8-4B6A-95AF-2556AE404D71}T61\*****Germany_Düsseldorf789

Error: (08/07/2014 01:08:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2014 09:01:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2014 11:21:07 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (08/06/2014 11:20:38 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.


CodeIntegrity Errors:
===================================
  Date: 2014-08-08 23:34:18.905
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\AEADIAPR.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-08 23:34:16.627
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\AEADIAPR.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-08 23:33:16.071
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\AEADIAPR.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-08 23:22:04.712
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\AEADIAPR.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-08 23:17:55.473
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\AEADIAPR.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-08 22:57:45.651
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\AEADIAPR.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-08 22:57:26.266
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\AEADIAPR.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-08 22:57:24.623
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\AEADIAPR.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-08 22:57:22.524
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\AEADIAPR.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-08 22:57:20.798
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\AEADIAPR.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 51%
Total physical RAM: 4022.3 MB
Available physical RAM: 1941.63 MB
Total Pagefile: 8042.77 MB
Available Pagefile: 5798.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Samsung 830) (Fixed) (Total:119.14 GB) (Free:17.7 GB) NTFS
Drive d: () (Fixed) (Total:25 GB) (Free:5.14 GB) NTFS
Drive e: (OfficeBackup) (Fixed) (Total:64.29 GB) (Free:10.92 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 93 GB) (Disk ID: 3C614189)
Partition 1: (Active) - (Size=25 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=64 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=4 GB) - (Type=02)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 9B6DE948)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus 09.08.2014 22:45
Adware/Junkware/Toolbars entfernen

1. Schritt: Malwarebytes

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




2. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



3. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




4. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Anmoir 11.08.2014 15:30
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 11/08/2014
Suchlauf-Zeit: 15:34:16
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.11.03
Rootkit Datenbank: v2014.08.04.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: *****

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 302640
Verstrichene Zeit: 10 Min, 4 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
Code:
# AdwCleaner v3.304 - Report created 11/08/2014 at 15:52:53
# Updated 08/08/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : ***** - T61
# Running from : C:\Users\*****\Desktop\adwcleaner_3.304.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\*****\AppData\Roaming\pdfforge
[x] Not Deleted : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Uninstall.exe

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\prefs.js ]

Line Deleted : user_pref("pttl.menu-search-groups-tab", false);
Line Deleted : user_pref("pttl.menu-search-groups-win", false);

[ File : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\jwgblw44.Tutanota\prefs.js ]


[ File : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1500 octets] - [11/08/2014 15:48:13]
AdwCleaner[S0].txt - [1434 octets] - [11/08/2014 15:52:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1494 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by ***** on 11/08/2014 at 15:58:50.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\puretext



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\extensions\staged
Emptied folder: C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\uuoc77xd.default\minidumps [71 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/08/2014 at 16:06:08.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-08-2014
Ran by ***** (administrator) on T61 on 11-08-2014 16:07:55
Running from C:\Users\*****\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\WWU Client\cvpnd.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Károly Pados) C:\Program Files (x86)\TinyWall\TinyWall.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Károly Pados) C:\Program Files (x86)\TinyWall\TinyWall.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(hxxp://www.SteveMiller.net) C:\Users\*****\Downloads\Software\puretext20_x86\PureText.exe
(Bartels Media GmbH) C:\Program Files (x86)\PhraseExpress\phraseexpress.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TinyWall Controller] => C:\Program Files (x86)\TinyWall\TinyWall.exe [649176 2013-07-14] (Károly Pados)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2010624 2013-07-20] (Dominik Reichl)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3226777461-1414976616-3206541535-1000\...\MountPoints2: {f502cbef-987a-11e3-9dd0-001e37d6ddec} - F:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PhraseExpress.lnk
ShortcutTarget: PhraseExpress.lnk -> C:\Program Files (x86)\PhraseExpress\phraseexpress.exe (Bartels Media GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe ()
ShellIconOverlayIdentifiers:  0Cloudfogger -> {F5DF5511-92ED-4772-ACD6-A131630324FE} => C:\Program Files\Cloudfogger\CfShellEx64_1.4.2041.dll (Cloudfogger GmbH)
ShellIconOverlayIdentifiers:  1Cloudfogger -> {14E5B85E-5A8A-4F67-ADA1-B07161924220} => C:\Program Files\Cloudfogger\CfShellEx64_1.4.2041.dll (Cloudfogger GmbH)
ShellIconOverlayIdentifiers:  2Cloudfogger -> {7EAFE6FC-6935-4EEF-8553-E7F1D44BAB7A} => C:\Program Files\Cloudfogger\CfShellEx64_1.4.2041.dll (Cloudfogger GmbH)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32:  0Cloudfogger -> {F5DF5511-92ED-4772-ACD6-A131630324FE} => C:\Program Files\Cloudfogger\CfShellEx_1.4.2041.dll (Cloudfogger GmbH)
ShellIconOverlayIdentifiers-x32:  1Cloudfogger -> {14E5B85E-5A8A-4F67-ADA1-B07161924220} => C:\Program Files\Cloudfogger\CfShellEx_1.4.2041.dll (Cloudfogger GmbH)
ShellIconOverlayIdentifiers-x32:  2Cloudfogger -> {7EAFE6FC-6935-4EEF-8553-E7F1D44BAB7A} => C:\Program Files\Cloudfogger\CfShellEx_1.4.2041.dll (Cloudfogger GmbH)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6AE000F42815CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Dragon NaturallySpeaking Rich Internet Application Support - Extension -> {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll (Nuance Communications, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - No CLSID Value -
Tcpip\Parameters: [DhcpNameServer] 128.176.0.28 128.176.0.13
Tcpip\..\Interfaces\{72590D10-C886-4CCF-B253-C5AB1CAA5AFE}: [NameServer]156.154.70.1,208.67.222.222

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default
FF DefaultSearchEngine: Startpage HTTPS - Deutsch
FF SelectedSearchEngine: Startpage HTTPS - Deutsch
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\searchplugins\startpage-https---uk.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\searchplugins\startpage-https.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\blekko-ssl.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\duckduckgo-ssl-javascript-free.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-de-ssl.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-encrypted-no-personalization.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick---deutsch.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---deutsch.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---english.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-eng-ger.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-esp-ale.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-fra-all.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\metager2.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-deutsch.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-english.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https.xml
FF Extension: German Dictionary - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-07-03]
FF Extension: British English Dictionary (Updated) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\en-gb@flyingtophat.co.uk [2013-10-23]
FF Extension: HTTPS-Everywhere - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\https-everywhere@eff.org [2014-07-05]
FF Extension: KeeFox - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\keefox@chris.tomlinson [2014-07-05]
FF Extension: Zotero Word for Windows Integration - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\zoteroWinWordIntegration@zotero.org [2014-06-02]
FF Extension: Ghostery - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\firefox@ghostery.com.xpi [2013-08-14]
FF Extension: IPFlood - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\ipfuck@p4ul.info.xpi [2014-08-06]
FF Extension: Readability - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\readability@readability.com.xpi [2013-01-05]
FF Extension: RequestPolicy - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\requestpolicy@requestpolicy.com.xpi [2013-08-16]
FF Extension: Test Pilot - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\testpilot@labs.mozilla.com.xpi [2012-12-18]
FF Extension: Zotero - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\zotero@chnm.gmu.edu.xpi [2013-04-18]
FF Extension: RefControl - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2013-09-01]
FF Extension: NoScript - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-12-19]
FF Extension: Cookie Controller - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi [2012-12-19]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-19]
FF Extension: BetterPrivacy - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-12-19]
FF Extension: DownThemAll! - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\uuoc77xd.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-01-08]
FF Extension: HTTPS-Everywhere - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\https-everywhere@eff.org [2014-08-08]
FF Extension: DownloadHelper - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-08-08]
FF Extension: JonDoFox - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{437be45a-4114-11dd-b9ab-71d256d89593}.xpi [2014-07-23]
FF Extension: No Name - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-22]
FF Extension: Cookie Controller - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi [2014-07-22]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-11]
FF Extension: No Name - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi [2014-06-11]
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013-02-11]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2013-02-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2008-07-15] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-06-12] (CyberGhost S.R.L)
R2 CVPND; C:\Program Files (x86)\Cisco Systems\WWU Client\cvpnd.exe [1529856 2011-03-04] (Cisco Systems, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37176 2014-06-05] (The OpenVPN Project)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 TinyWall; C:\Program Files (x86)\TinyWall\TinyWall.exe [649176 2013-07-14] (Károly Pados) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-01] (Avira Operations GmbH & Co. KG)
R1 CBFilterFS; C:\Windows\system32\drivers\cbfltfs.sys [147720 2012-11-16] (EldoS Corporation)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352520 2012-12-04] (EldoS Corporation)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
S3 prwntdrv; C:\Windows\system32\prwntdrv.sys [16776 2010-08-25] () [File not signed]
S3 prwntdrv; C:\Windows\SysWOW64\prwntdrv.sys [13704 2010-08-25] () [File not signed]
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-08-20] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-08-20] ()
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-08-03] (The OpenVPN Project)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [32472 2014-06-12] (VMware, Inc.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-06-11] (Cisco Systems, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-11 16:07 - 2014-08-11 16:08 - 00022497 _____ () C:\Users\*****\Desktop\FRST.txt
2014-08-11 16:06 - 2014-08-11 16:06 - 00001061 _____ () C:\Users\*****\Desktop\JRT.txt
2014-08-11 15:58 - 2014-08-11 15:58 - 00000000 ____D () C:\Windows\ERUNT
2014-08-11 15:57 - 2014-08-11 15:57 - 01016261 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2014-08-11 15:56 - 2014-08-11 15:56 - 00001578 _____ () C:\Users\*****\Desktop\AdwCleaner[S0].txt
2014-08-11 15:48 - 2014-08-11 15:53 - 00000000 ____D () C:\AdwCleaner
2014-08-11 15:46 - 2014-08-11 15:46 - 00001159 _____ () C:\Users\*****\Desktop\mbam.txt
2014-08-11 15:44 - 2014-08-11 15:44 - 00001160 _____ () C:\mbam1.txt
2014-08-11 15:33 - 2014-08-11 15:33 - 01366203 _____ () C:\Users\*****\Desktop\adwcleaner_3.304.exe
2014-08-09 02:14 - 2014-08-11 01:12 - 00000000 ____D () C:\Users\*****\AppData\Local\VMware
2014-08-09 02:14 - 2014-08-10 22:15 - 00000000 ____D () C:\Users\*****\AppData\Roaming\VMware
2014-08-09 02:12 - 2014-08-09 02:12 - 00000000 ____D () C:\Program Files (x86)\VMware Appliance
2014-08-09 02:03 - 2014-06-12 18:23 - 00359128 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2014-08-09 02:03 - 2014-06-12 18:23 - 00064728 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2014-08-09 02:03 - 2014-06-12 18:22 - 00931032 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2014-08-09 02:03 - 2014-06-12 18:22 - 00437976 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2014-08-09 02:03 - 2014-06-12 18:22 - 00032472 _____ (VMware, Inc.) C:\Windows\system32\Drivers\VMparport.sys
2014-08-09 02:03 - 2014-06-12 18:22 - 00031448 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2014-08-09 02:03 - 2014-06-12 18:21 - 00033496 _____ (VMware, Inc.) C:\Windows\system32\Drivers\VMkbd.sys
2014-08-09 02:03 - 2014-02-27 18:40 - 00054464 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2014-08-09 02:03 - 2013-10-08 18:21 - 00073296 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2014-08-09 02:03 - 2013-10-08 18:21 - 00067664 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2014-08-09 02:03 - 2013-10-08 18:21 - 00063568 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2014-08-09 02:02 - 2014-08-11 15:55 - 00000000 ____D () C:\ProgramData\VMware
2014-08-09 02:02 - 2014-08-09 02:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2014-08-09 02:02 - 2014-08-09 02:02 - 00000000 ____D () C:\Program Files\Common Files\VMware
2014-08-09 02:02 - 2014-08-09 02:02 - 00000000 ____D () C:\Program Files (x86)\VMware
2014-08-08 23:34 - 2014-08-11 16:08 - 00000000 ____D () C:\FRST
2014-08-08 23:32 - 2014-08-08 23:32 - 02094080 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-08-08 23:18 - 2014-08-11 15:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-08 23:18 - 2014-08-08 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-08 23:18 - 2014-08-08 23:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-08 23:18 - 2014-08-08 23:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-08 23:18 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-08 23:18 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-08 23:18 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-08 22:56 - 2014-08-08 22:56 - 00000831 _____ () C:\Users\*****\Desktop\Computer.lnk
2014-08-08 22:17 - 2014-08-08 22:17 - 00010593 _____ () C:\Windows\CSTBox.INI
2014-08-08 21:29 - 2014-08-08 21:29 - 00000000 ____D () C:\Users\*****\AppData\Local\Skype
2014-08-08 21:29 - 2014-08-08 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-07 14:19 - 2014-08-07 14:19 - 00000919 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk
2014-08-07 14:19 - 2014-08-07 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2014-08-07 14:19 - 2014-08-07 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2014-08-07 13:45 - 2014-08-07 14:32 - 00000000 ____D () C:\Users\*****\AppData\Local\CyberGhost
2014-08-07 13:44 - 2014-08-07 13:45 - 00000000 ____D () C:\Program Files\TAP-Windows
2014-08-07 13:44 - 2014-08-07 13:45 - 00000000 ____D () C:\Program Files\CyberGhost 5
2014-08-07 13:44 - 2014-08-07 13:44 - 00001739 _____ () C:\Users\*****\Desktop\CyberGhost 5.lnk
2014-08-07 13:44 - 2014-08-07 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2014-08-06 12:08 - 2014-08-08 19:15 - 00003264 _____ () C:\Windows\System32\Tasks\SamsungMagician
2014-08-06 12:08 - 2014-08-06 12:08 - 00000000 ____D () C:\ProgramData\Samsung
2014-08-06 12:08 - 2014-08-06 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2014-08-06 12:08 - 2014-08-06 12:08 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-07-27 18:05 - 2014-07-27 18:05 - 00001276 _____ () C:\Users\*****\Desktop\TB_3.6.3.lnk
2014-07-27 13:37 - 2014-07-27 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2014-07-27 13:31 - 2014-07-27 13:31 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-27 13:31 - 2014-07-27 13:31 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-27 13:31 - 2014-07-27 13:31 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-27 13:31 - 2014-07-27 13:31 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-07-27 13:31 - 2014-07-27 13:31 - 00000000 ____D () C:\Program Files\Java
2014-07-27 13:29 - 2014-07-27 13:29 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-27 13:29 - 2014-07-27 13:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-27 13:29 - 2014-07-27 13:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-27 13:29 - 2014-07-27 13:29 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-27 13:29 - 2014-07-27 13:29 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-27 13:23 - 2014-07-27 13:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-27 13:21 - 2014-07-27 13:21 - 05018624 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-27 13:19 - 2014-07-27 13:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-07-27 13:07 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-27 13:07 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-27 13:07 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-27 13:07 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-27 13:07 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-27 13:07 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-27 13:07 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-27 13:07 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-27 13:07 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-27 13:07 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-27 13:07 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-27 13:07 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-27 13:07 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-27 13:07 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-27 13:07 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-27 13:07 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-27 13:07 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-27 13:07 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-27 13:07 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-27 13:07 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-27 13:07 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-27 13:07 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-27 13:07 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-27 13:07 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-27 13:07 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-27 13:07 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-27 13:07 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-27 13:07 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-27 13:07 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-27 13:07 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-27 13:07 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-27 13:07 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-27 13:07 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-27 13:07 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-27 13:07 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-27 13:07 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-27 13:07 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-27 13:07 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-27 13:07 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-27 13:07 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-27 13:07 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-27 13:07 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-27 13:07 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-27 13:07 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-27 13:07 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-27 13:07 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-27 13:07 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-27 13:07 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-27 13:07 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-27 13:07 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-27 13:07 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-27 13:07 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-27 13:07 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-27 13:07 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-27 13:07 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-27 13:07 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-27 13:07 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-27 13:07 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-27 13:07 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-27 13:07 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-27 13:07 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-27 13:07 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-27 13:07 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-27 13:07 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-27 13:07 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-27 13:07 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-27 13:07 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-27 13:07 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-27 13:07 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-27 13:07 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-27 13:07 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-27 13:07 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-27 13:07 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-27 13:07 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-27 13:07 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-27 13:07 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-27 13:07 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-27 13:07 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-27 13:07 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-11 16:08 - 2014-08-11 16:07 - 00022497 _____ () C:\Users\*****\Desktop\FRST.txt
2014-08-11 16:08 - 2014-08-08 23:34 - 00000000 ____D () C:\FRST
2014-08-11 16:06 - 2014-08-11 16:06 - 00001061 _____ () C:\Users\*****\Desktop\JRT.txt
2014-08-11 16:04 - 2009-07-14 07:13 - 00786702 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-11 16:02 - 2009-07-14 06:45 - 00020720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-11 16:02 - 2009-07-14 06:45 - 00020720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-11 15:59 - 2012-12-15 15:13 - 01788570 _____ () C:\Windows\WindowsUpdate.log
2014-08-11 15:58 - 2014-08-11 15:58 - 00000000 ____D () C:\Windows\ERUNT
2014-08-11 15:57 - 2014-08-11 15:57 - 01016261 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2014-08-11 15:56 - 2014-08-11 15:56 - 00001578 _____ () C:\Users\*****\Desktop\AdwCleaner[S0].txt
2014-08-11 15:55 - 2014-08-09 02:02 - 00000000 ____D () C:\ProgramData\VMware
2014-08-11 15:55 - 2013-08-23 22:26 - 00208358 _____ () C:\Windows\PFRO.log
2014-08-11 15:55 - 2013-08-23 10:23 - 00035504 _____ () C:\Windows\setupact.log
2014-08-11 15:55 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-11 15:53 - 2014-08-11 15:48 - 00000000 ____D () C:\AdwCleaner
2014-08-11 15:46 - 2014-08-11 15:46 - 00001159 _____ () C:\Users\*****\Desktop\mbam.txt
2014-08-11 15:44 - 2014-08-11 15:44 - 00001160 _____ () C:\mbam1.txt
2014-08-11 15:33 - 2014-08-11 15:33 - 01366203 _____ () C:\Users\*****\Desktop\adwcleaner_3.304.exe
2014-08-11 15:29 - 2014-08-08 23:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-11 01:13 - 2012-12-19 14:52 - 00000000 ____D () C:\Users\*****\Documents\PhraseExpress
2014-08-11 01:13 - 2012-12-15 16:35 - 00000000 ____D () C:\Users\*****\AppData\Roaming\KeePass
2014-08-11 01:12 - 2014-08-09 02:14 - 00000000 ____D () C:\Users\*****\AppData\Local\VMware
2014-08-10 22:15 - 2014-08-09 02:14 - 00000000 ____D () C:\Users\*****\AppData\Roaming\VMware
2014-08-10 00:56 - 2012-12-15 16:26 - 00000000 ___RD () C:\Office
2014-08-09 02:12 - 2014-08-09 02:12 - 00000000 ____D () C:\Program Files (x86)\VMware Appliance
2014-08-09 02:02 - 2014-08-09 02:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2014-08-09 02:02 - 2014-08-09 02:02 - 00000000 ____D () C:\Program Files\Common Files\VMware
2014-08-09 02:02 - 2014-08-09 02:02 - 00000000 ____D () C:\Program Files (x86)\VMware
2014-08-09 02:02 - 2013-03-13 12:36 - 00791752 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-08-08 23:32 - 2014-08-08 23:32 - 02094080 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-08-08 23:18 - 2014-08-08 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-08 23:18 - 2014-08-08 23:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-08 23:18 - 2014-08-08 23:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-08 22:56 - 2014-08-08 22:56 - 00000831 _____ () C:\Users\*****\Desktop\Computer.lnk
2014-08-08 22:53 - 2012-12-20 19:24 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2014-08-08 22:17 - 2014-08-08 22:17 - 00010593 _____ () C:\Windows\CSTBox.INI
2014-08-08 21:29 - 2014-08-08 21:29 - 00000000 ____D () C:\Users\*****\AppData\Local\Skype
2014-08-08 21:29 - 2014-08-08 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-08 21:29 - 2013-01-30 09:44 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-08 21:29 - 2012-12-20 19:24 - 00000000 ____D () C:\ProgramData\Skype
2014-08-08 19:15 - 2014-08-06 12:08 - 00003264 _____ () C:\Windows\System32\Tasks\SamsungMagician
2014-08-08 19:15 - 2013-08-25 16:48 - 00003554 _____ () C:\Windows\System32\Tasks\PrivaZer_cleanup
2014-08-08 19:15 - 2013-08-22 22:47 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-08 19:14 - 2013-09-18 18:19 - 00000000 ____D () C:\Windows\pss
2014-08-07 21:00 - 2013-08-14 17:31 - 00000000 ____D () C:\Users\*****\AppData\Local\privazer
2014-08-07 16:30 - 2013-03-18 22:32 - 00001303 _____ () C:\Users\*****\Desktop\2013.lnk
2014-08-07 14:32 - 2014-08-07 13:45 - 00000000 ____D () C:\Users\*****\AppData\Local\CyberGhost
2014-08-07 14:29 - 2012-12-15 15:13 - 00000000 ____D () C:\Users\*****\AppData\Local\VirtualStore
2014-08-07 14:19 - 2014-08-07 14:19 - 00000919 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk
2014-08-07 14:19 - 2014-08-07 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2014-08-07 14:19 - 2014-08-07 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2014-08-07 14:19 - 2013-08-19 18:14 - 00000000 ____D () C:\Program Files\OpenVPN
2014-08-07 13:45 - 2014-08-07 13:44 - 00000000 ____D () C:\Program Files\TAP-Windows
2014-08-07 13:45 - 2014-08-07 13:44 - 00000000 ____D () C:\Program Files\CyberGhost 5
2014-08-07 13:44 - 2014-08-07 13:44 - 00001739 _____ () C:\Users\*****\Desktop\CyberGhost 5.lnk
2014-08-07 13:44 - 2014-08-07 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2014-08-06 21:28 - 2012-12-15 16:36 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-06 21:28 - 2012-12-15 16:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-06 21:05 - 2012-12-15 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron
2014-08-06 21:05 - 2012-12-15 18:04 - 00000000 ____D () C:\Program Files (x86)\SRWare Iron
2014-08-06 13:09 - 2012-12-18 22:11 - 00000000 ____D () C:\Users\*****\AppData\Roaming\XnView
2014-08-06 12:08 - 2014-08-06 12:08 - 00000000 ____D () C:\ProgramData\Samsung
2014-08-06 12:08 - 2014-08-06 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2014-08-06 12:08 - 2014-08-06 12:08 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-08-06 11:43 - 2014-07-03 21:46 - 00011094 _____ () C:\Windows\SecuniaPackage.log
2014-08-06 11:43 - 2013-08-18 21:03 - 00001005 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-31 12:28 - 2012-12-18 11:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-27 18:05 - 2014-07-27 18:05 - 00001276 _____ () C:\Users\*****\Desktop\TB_3.6.3.lnk
2014-07-27 18:02 - 2012-12-15 16:36 - 00000000 ____D () C:\Users\*****\Downloads\Software
2014-07-27 16:03 - 2012-12-18 11:18 - 00000000 ____D () C:\Users\*****\AppData\Local\Thunderbird
2014-07-27 14:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-27 13:37 - 2014-07-27 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2014-07-27 13:37 - 2013-05-07 11:54 - 00000000 ____D () C:\ProgramData\Cisco
2014-07-27 13:37 - 2013-05-07 11:54 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-07-27 13:31 - 2014-07-27 13:31 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-27 13:31 - 2014-07-27 13:31 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-27 13:31 - 2014-07-27 13:31 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-27 13:31 - 2014-07-27 13:31 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-07-27 13:31 - 2014-07-27 13:31 - 00000000 ____D () C:\Program Files\Java
2014-07-27 13:29 - 2014-07-27 13:29 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-27 13:29 - 2014-07-27 13:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-27 13:29 - 2014-07-27 13:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-27 13:29 - 2014-07-27 13:29 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-27 13:29 - 2014-07-27 13:29 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-27 13:23 - 2014-07-27 13:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-27 13:21 - 2014-07-27 13:21 - 05018624 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-27 13:20 - 2014-07-27 13:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-07-27 13:15 - 2013-08-15 00:00 - 00416704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-27 13:14 - 2011-04-12 10:28 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-27 13:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-27 13:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-27 13:12 - 2012-12-15 18:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-27 13:11 - 2013-04-18 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-27 13:10 - 2013-04-18 12:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-27 13:10 - 2013-04-18 12:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-27 13:02 - 2013-05-07 14:23 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\avgnt.exe
C:\Users\*****\AppData\Local\Temp\jre1.7.offline.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe
C:\Users\*****\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\*****\AppData\Local\Temp\vpnclient_setup.exe
C:\Users\*****\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-07 20:05

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-08-2014
Ran by ***** at 2014-08-11 16:08:43
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AbiWord 2.8.6 (HKLM-x32\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
Active@ Partition Recovery 9.0 (HKLM-x32\...\{9D7E3F86-DAA8-4894-96D6-A0AB26291A16}_is1) (Version: 9.0 - LSoft Technologies Inc)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\{3FC9A6DE-C105-4576-8F63-656FFB1BF8EB}) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2000764158.48.56.12324074 - Audible, Inc.)
AutoHotkey 1.1.12.00 (HKLM\...\AutoHotkey) (Version: 1.1.12.00 - Lexikos)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Basic PAYE Tools - Real Time Information (HKLM-x32\...\Basic PAYE Tools - Real Time Information) (Version: 13.2.13232.64 - HM Revenue & Customs)
Basic PAYE Tools 2012 (HKLM-x32\...\Basic PAYE Tools 2012) (Version: 4.2.1.20469 - HM Revenue & Customs)
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05170 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05170 - Cisco Systems, Inc.) Hidden
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
Cloudfogger (HKLM\...\{E5A0D9A8-3711-4DB2-833C-FF79EF65830D}_is1) (Version: 1.4.2041.0 - Cloudfogger GmbH)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{043645C8-48EC-458F-B9BD-9C8F15CEF6F7}) (Version:  - Microsoft)
Deutsch (Deutschland) - Denglisch (HKLM\...\{F4CE63B1-0172-4569-B364-CFDE3DBC2B5A}) (Version: 1.0.3.40 - Folke Ashberg, www.ashberg.de)
Dragon NaturallySpeaking 12 (HKLM-x32\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.50.000 - Nuance Communications Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
EaseUS Partition Recovery 5.6.1 (HKLM-x32\...\EaseUS Partition Recovery_is1) (Version:  - EaseUS)
English – Deutsche Sonderzeichen (HKLM\...\{5C4D3BD1-E741-46D1-B5BE-CF06A9F8B87A}) (Version: 1.0.3.40 - Company)
FreeFileSync 6.0 (HKLM-x32\...\FreeFileSync) (Version: 6.0 - Zenju)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.2.0.001 - HTC Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Java 7 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417065FF}) (Version: 7.0.650 - Oracle)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Jitsi (HKLM\...\{072C769F-0D49-4868-BE7F-DCE58CCBA681}) (Version: 2.2.4603.9615 - Jitsi)
KeePass Password Safe 2.23 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version:  - Dominik Reichl)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MAXQDA 10 Reader (R240113) (HKLM-x32\...\MAXQDA10Reader) (Version: (R240113) - VERBI Software.Consult.Sozialforschung GmbH)
MicroSIP (remove only) (HKLM-x32\...\MicroSIP) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Keyboard Layout Creator 1.4 (HKLM-x32\...\{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}) (Version: 1.4.6000 - Microsoft Corp.)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2010 - German/Deutsch (HKLM\...\Office14.OMUI.de-de) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office O MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 7.6.1 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
MiniTool Power Data Recovery (HKLM-x32\...\MiniTool Power Data Recovery_is1) (Version:  - MiniTool Solution Ltd.)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 31.0 (x86 en-GB)) (Version: 31.0 - Mozilla)
MP3 Skype Recorder (HKLM-x32\...\{CB606F47-7D0E-40DF-95BB-0E5413A1295F}) (Version: 3.1.3 - Alexander Nikiforov)
MPC-HC 1.7.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.1 - Notepad++ Team)
OpenVPN 2.3.4-I002  (HKLM\...\OpenVPN) (Version: 2.3.4-I002 - )
PaperCut MF Client 11.0 (HKLM-x32\...\PaperCut MF Client_is1) (Version:  - PaperCut Software International Pty Ltd)
PdaNet+ for Android 4.01 (HKLM-x32\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd)
PhraseExpress v9.1.36 (HKLM-x32\...\PhraseExpress_is1) (Version: 9.1.36 - Bartels Media GmbH)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.8 - )
PrivaZer (HKCU\...\PrivaZer) (Version: 2.0.1.0 - Goversoft LLC)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.4.0 - Samsung Electronics)
Secunia PSI (3.0.0.7011) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 64-Bit Edition (HKLM\...\{90140000-0100-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{F8F9897A-AA29-43EB-8847-94E0253CD458}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Sony Player Plug-in for Windows Media Player (HKLM-x32\...\Sony Player Plug-in for Windows Media Player) (Version:  - )
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.7255 - Analog Devices)
SRWare Iron version SRWare Iron 36.0.1950.0 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 36.0.1950.0 - SRWare)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.43 - )
TinyWall (HKLM-x32\...\{E87F67CD-B72A-4B47-A01D-28CD16AC0711}) (Version: 2.1.4.0 - Károly Pados)
Tresorit (HKLM-x32\...\{3CD44037-27F5-4A9E-93F6-B3877416AB03}) (Version: 0.5.2.81 - Tresorit)
UFR II Printer Driver Uninstaller (HKLM\...\Canon UFR II Printer Driver) (Version: 6, 0, 0, 0 - Canon Inc.)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{17815BC8-062D-49BE-B40C-B54149C85CE3}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{E636FE63-842B-4F4B-9884-DA189ACC0B91}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{E636FE63-842B-4F4B-9884-DA189ACC0B91}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E636FE63-842B-4F4B-9884-DA189ACC0B91}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0100-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{8F699D53-05FB-488E-B7D3-E4E47257BE5D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.OMUI.de-de_{324703B5-6765-489D-9B9B-B082D34F882E}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{324703B5-6765-489D-9B9B-B082D34F882E}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.OMUI.de-de_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{860EE8B1-0B9F-4A8A-91FE-649CD3C6754C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{DBAC8ED2-9287-499E-AD66-590C7413C7DE}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{FD360122-6829-4497-97C1-1BF578EF695B}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{393B360E-62F8-463D-B914-1ECDC1359A46}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.3 - VMware, Inc)
VMware Player (Version: 6.0.3 - VMware, Inc.) Hidden
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
XnView 2.13 (HKLM-x32\...\XnView_is1) (Version: 2.13 - Gougelet Pierre-e)
XP Codec Pack (HKLM-x32\...\XP Codec Pack) (Version: 2.5.3 - XP Codec Pack team)
xplorer² lite 32 bit (HKLM-x32\...\xplorer2l) (Version: 2.2.0.2 - Zabkat)
Zattoo4 4.0.5 (HKLM-x32\...\Zattoo4) (Version: 4.0.5 - Zattoo Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3226777461-1414976616-3206541535-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3226777461-1414976616-3206541535-1000_Classes\CLSID\{822E4859-CCDD-476C-ABDF-7F7A894A3CB7}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Tresorit\v0.5\TresoritExt64_1.dll ()
CustomCLSID: HKU\S-1-5-21-3226777461-1414976616-3206541535-1000_Classes\CLSID\{822E485A-CCDD-476C-ABDF-7F7A894A3CB7}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Tresorit\v0.5\TresoritExt64_1.dll ()
CustomCLSID: HKU\S-1-5-21-3226777461-1414976616-3206541535-1000_Classes\CLSID\{822E485B-CCDD-476C-ABDF-7F7A894A3CB7}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Tresorit\v0.5\TresoritExt64_1.dll ()
CustomCLSID: HKU\S-1-5-21-3226777461-1414976616-3206541535-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3226777461-1414976616-3206541535-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3226777461-1414976616-3206541535-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3226777461-1414976616-3206541535-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

==================== Restore Points  =========================

03-07-2014 19:40:49 Windows Update
03-07-2014 20:16:47 Installed Universal Adb Driver
05-07-2014 13:04:27 Installed OpenVPN Client
05-07-2014 13:11:02 Installed Cisco AnyConnect Secure Mobility Client
27-07-2014 11:08:39 Windows Update
07-08-2014 11:44:53 Device Driver Package Install: TAP-Windows Provider V9 Network adapters
07-08-2014 12:17:20 Removed OpenVPN Client
08-08-2014 20:14:57 Removed MSXML 4.0 SP2 (KB954430)
08-08-2014 20:15:16 Removed MSXML 4.0 SP2 (KB973688)
08-08-2014 20:15:32 Removed MSXML 4.0 SP3 Parser (KB2758694)
08-08-2014 20:15:45 Removed MSXML 4.0 SP3 Parser
08-08-2014 20:15:59 Removed MSXML 4.0 SP2 Parser and SDK

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {283586A3-4B36-4044-9405-F6720D949EBA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {283C3DF4-0ACB-4F22-9911-DC0CAB03F9FD} - System32\Tasks\PrivaZer_cleanup => C:\Program Files (x86)\PrivaZer\PrivaZer.exe [2013-08-14] (Goversoft LLC)
Task: {66418B0E-1AC5-4DD3-92E9-586AF04F3B42} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-05-19] (Samsung Electronics.)

==================== Loaded Modules (whitelisted) =============

2013-09-30 16:20 - 2012-12-06 13:09 - 00136704 _____ () C:\Windows\System32\zlhp1600.dll
2013-07-21 15:01 - 2012-12-07 18:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2013-08-15 00:48 - 2013-08-15 00:48 - 00084952 _____ () C:\Windows\assembly\GAC_MSIL\TinyWall.XmlSerializers\2.1.4.0__d9a8adbcd0c171b3\TinyWall.XmlSerializers.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 17:23 - 2010-10-20 17:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-06-11 05:34 - 2014-06-11 05:34 - 00063400 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2011-03-04 13:49 - 2011-03-04 13:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\WWU Client\vpnapi.dll
2014-06-12 18:22 - 2014-06-12 18:22 - 01261272 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2012-12-19 14:50 - 2013-04-22 18:25 - 00445648 _____ () C:\Program Files (x86)\PhraseExpress\pexlang.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 17:45 - 2010-10-20 17:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MicroSIP.lnk => C:\Windows\pss\MicroSIP.lnk.Startup
MSCONFIG\startupfolder: C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk => C:\Windows\pss\PdaNet Desktop.lnk.Startup
MSCONFIG\startupfolder: C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Magician.lnk => C:\Windows\pss\Samsung Magician.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: Cloudfogger => "C:\Program Files\Cloudfogger\Cloudfogger.exe" --silent
MSCONFIG\startupreg: DNS7reminder => "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
MSCONFIG\startupreg: PaperCut MF Client => "C:\Program Files (x86)\PaperCut MF Client\pc-client.exe" /silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============

Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-08-11 16:07:03.645
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\AEADIAPR.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-11 15:58:41.677
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\AEADIAPR.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-11 15:52:45.291
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\AEADIAPR.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-11 15:48:05.251
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\AEADIAPR.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-11 15:29:04.084
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\AEADIAPR.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-11 15:28:09.098
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\AEADIAPR.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-11 13:28:11.150
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\AEADIAPR.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-11 13:27:37.956
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\AEADIAPR.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-11 13:27:35.762
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\AEADIAPR.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-11 13:27:31.830
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\AEADIAPR.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 31%
Total physical RAM: 4022.3 MB
Available physical RAM: 2742.56 MB
Total Pagefile: 8042.77 MB
Available Pagefile: 6665.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Samsung 830) (Fixed) (Total:119.14 GB) (Free:16.17 GB) NTFS
Drive d: () (Fixed) (Total:25 GB) (Free:5.14 GB) NTFS
Drive e: (OfficeBackup) (Fixed) (Total:64.29 GB) (Free:2.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 93 GB) (Disk ID: 3C614189)
Partition 1: (Active) - (Size=25 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=64 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=4 GB) - (Type=02)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 9B6DE948)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Das "JRT - Junkware Removal Tool" scheint mir übereifrig zu sein.

PureText 3.0 scheint mir ein legitimes Programm zu sein. Es ist auf jeden Fall sehr praktisch, sodass ich es ungerne missen würde.
Siehe: hxxp://stevemiller.net/puretext/

Gleiches gilt für JonDoFox, wobei mir die gelöschte Extension nichts sagt.
Siehe: https://www.anonym-surfen.de/jondofox.html

Vielen Dank für die Hilfe.

cosinus 11.08.2014 18:23
Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Anmoir 12.08.2014 08:08
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 11/08/2014
Suchlauf-Zeit: 22:47:05
Logdatei: mbam2.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.11.08
Rootkit Datenbank: v2014.08.04.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: *****

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 303335
Verstrichene Zeit: 8 Min, 54 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
Code:
ESETSmartInstaller@High as downloader log:
all ok
Update failed (41217). Trying proxy 127.0.0.18887
finished. ret_update=0 e_gle=0
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=5d53d0119d17514aa29f1f59e4716153
# engine=19605
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-08-12 04:46:24
# local_time=2014-08-12 06:46:24 (+0100, W. Europe Daylight Time)
# country="United Kingdom"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 41318 61739770 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 34243660 159448634 0 0
# scanned=346571
# found=5
# cleaned=0
# scan_time=27771
sh=64131EBCE68286BAAEFAC74F12628EBFC159B7CB ft=1 fh=252d3f247af8095f vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\Downloads\PDFCreator-1_6_1_setup.exe"
sh=D0357617961BF3D526BEFAAB0048CBB983EA4DF9 ft=1 fh=c604c933e8b9509f vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\Downloads\Software\PDF Software\PDFCreator-1_7_0_setup.exe"
sh=9434866971DD357600C9F2B1E31B7893C3A070F0 ft=1 fh=4f14aeb246e47811 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\Downloads\Software\PDF Software\PDFCreator-1_7_1_setup.exe"
sh=6CF8A9F031B45F70BE3E66E7ACC7449CDA15FA34 ft=1 fh=2de4b6f517306153 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="E:\Freeware\PDFCreator\PDFCreator-1_2_3_setup.exe"
sh=ED745A9BC4E5CE605E4854E06F065FD5F08339D0 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="E:\Freeware\X9\miui_xcx9_mdiary_3.9.13_63d880a055_4.2.zip"
Zu den Funden:

PDFCreator bringt zwar nervige Software mit, aber man kann sie im Installationsprozess abwählen. Das Programm selber ist gut für das erstellen von PDF Dateien über die Druckfunktion.

Der letzte Eintrag ist, glaube ich, eine CustomROM für ein Android Handy. Ob die wirklich Schadcode enthält oder es sich hier um ein false positive handelt vermag ich nicht zu beurteilen.

cosinus 12.08.2014 08:18
ESET ist da etwas pingelig, das ist bekannt, sobald ein Setup Adware mitbringt um es dem unaufmerskamen Anwender auf den Rechner knallen, meckert es das an ;)


TFC - Temp File Cleaner

Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
  • Öffne die TFC.exe.
    Vista und Win 7 User mit Rechtsklick "als Administrator starten".
  • Schließe alle anderen Programme.
  • Drücke auf den Button Start.
  • Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.




Sieht soweit ok aus :daumenhoc

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ist aber nur optional. Um Usertracking zu verhindern kann man gut die Firefox-Erweiterung Ghostery verwenden.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:33 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27