Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows7, 64-bit - Firefox öffnet neue Tabs (Ads by Clicup) (https://www.trojaner-board.de/157569-windows7-64-bit-firefox-oeffnet-neue-tabs-ads-by-clicup.html)

TinaW5 13.08.2014 20:45
Windows7, 64-bit - Firefox öffnet neue Tabs (Ads by Clicup)
 
Hallo,
ich habe mir da irgendwas eingefangen und hoffe hier auf Hilfe.
In meinem Firefox öffnen sich dauernd neue Tabs mit Werbung und unten rechts erscheint dann die Einblendung "Ads by Clicup"

Die Checkliste habe ich abgearbeitet.

defogger_disable.txt
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:53 on 13/08/2014 (XXXXX_2)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST.txt
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2014
Ran by XXXXX_2 (administrator) on XXXXXS-ACER on 13-08-2014 21:02:52
Running from C:\Users\XXXXX_2\Desktop\Malware - Trojaner-Board
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(InterVideo Inc.) C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
() C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes Anti-Malware\mbamservice.exe
(Deutsche Telekom AG) C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
() C:\Windows\SysWOW64\PSIService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
() C:\Program Files\Securepoint SSL VPN\SPOpenVPNService.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes Anti-Malware\mbam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Corel, Inc.) C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Programme\FeedReader30\feedreader.exe
(Clichelper) C:\Users\XXXXX_2\AppData\Local\Temp\clicup\clicup.exe
(J3S GmbH) C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Google) C:\Program Files\Google Calendar Sync\GoogleCalendarSync.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dropbox, Inc.) C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\Dropbox.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Deutsche Telekom AG) C:\Users\XXXXX_2\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Siliten) C:\Program Files (x86)\SilverCrest DMTS2017 Driver\KbClient_FD2.exe
(Siliten) C:\Program Files (x86)\SilverCrest DMTS2017 Driver\MouClient_FD2.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Users\XXXXX_2\Desktop\Malware - Trojaner-Board\Defogger.exe
(Corel) C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe [483144 2007-08-17] (Corel, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-29] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM-x32\...\Run: [Launch SilverCrest DMTS2017-K] => C:\Program Files (x86)\SilverCrest DMTS2017 Driver\KbClient_FD2.exe [1218048 2010-06-28] (Siliten)
HKLM-x32\...\Run: [Launch SilverCrest DMTS2017-M] => C:\Program Files (x86)\SilverCrest DMTS2017 Driver\MouClient_FD2.exe [860672 2010-06-28] (Siliten)
HKLM-x32\...\Run: [Corel Photo Downloader] => "C:\Program Files (x86)\Corel\Corel MediaOne\Corel PhotoDownloader.exe" -startup
HKLM-x32\...\Run: [Ulead AutoDetector v2] => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [95504 2007-08-02] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Standby] => C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe [105632 2010-05-17] (Corel)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [BrowserPlugInHelper] => C:\Programme\Video Converter Ultimate\BrowserPlugInHelper.exe [1962896 2013-12-19] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [COMPUTER BILD Account-Alarm] => \COMPUTER BILD Account-Alarm /tray
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-752392268-3339214621-1681333280-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-752392268-3339214621-1681333280-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {83478cdd-bd23-11e0-8165-1c7508023576} - G:\AutoRun.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {90066f53-bc5d-11e0-9e2a-1c7508023576} - I:\AutoRun.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a733176c-bc55-11e0-ac53-1c7508023576} - G:\AutoRun.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\Run: [Google Update] => C:\Users\XXXXX_2\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-23] (Google Inc.)
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911040 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\Run: [feedreader.exe] => C:\Programme\FeedReader30\feedreader.exe [2058240 2009-03-29] ()
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\Run: [clicup-Agent] => C:\Users\XXXXX_2\AppData\Local\Temp\clicup\clicup.exe [445424 2014-07-10] (Clichelper) <===== ATTENTION
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\Run: [COMPUTER BILD Account-Alarm] => C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe [2058752 2014-08-07] (J3S GmbH)
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {49193dcf-b7da-11e1-85a0-1c7508023576} - G:\AutoRun.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {5b63bcb4-48dd-11e1-92be-1c7508023576} - G:\AutoRun.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {61431bdb-2fe2-11e2-98ec-1c7508023576} - G:\Startme.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {90066f53-bc5d-11e0-9e2a-1c7508023576} - G:\AutoRun.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {a733176c-bc55-11e0-ac53-1c7508023576} - G:\AutoRun.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {da0ccac9-ccf1-11e1-8983-1c7508023576} - G:\AutoRun.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\XXXXX_2\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-23] (Google Inc.)
HKU\S-1-5-21-752392268-3339214621-1681333280-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911040 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-752392268-3339214621-1681333280-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [feedreader.exe] => C:\Programme\FeedReader30\feedreader.exe [2058240 2009-03-29] ()
HKU\S-1-5-21-752392268-3339214621-1681333280-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [clicup-Agent] => C:\Users\XXXXX_2\AppData\Local\Temp\clicup\clicup.exe [445424 2014-07-10] (Clichelper) <===== ATTENTION
HKU\S-1-5-21-752392268-3339214621-1681333280-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [COMPUTER BILD Account-Alarm] => C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe [2058752 2014-08-07] (J3S GmbH)
HKU\S-1-5-21-752392268-3339214621-1681333280-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {49193dcf-b7da-11e1-85a0-1c7508023576} - G:\AutoRun.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5b63bcb4-48dd-11e1-92be-1c7508023576} - G:\AutoRun.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {61431bdb-2fe2-11e2-98ec-1c7508023576} - G:\Startme.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {90066f53-bc5d-11e0-9e2a-1c7508023576} - G:\AutoRun.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a733176c-bc55-11e0-ac53-1c7508023576} - G:\AutoRun.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {da0ccac9-ccf1-11e1-8983-1c7508023576} - G:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files\Google Calendar Sync\GoogleCalendarSync.exe (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter Assistent.lnk
ShortcutTarget: Mediencenter Assistent.lnk -> C:\Program Files\Telekom\Mediencenter\MediencenterSoftware.exe (Deutsche Telekom AG)
Startup: C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk
ShortcutTarget: Mediencenter.lnk -> C:\Users\XXXXX_2\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG)
Startup: C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: 01Mediencenter_InSync -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\XXXXX_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: 02Mediencenter_ToSync -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\XXXXX_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: 03Mediencenter_Failed -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\XXXXX_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.soapreichundschoen.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Wondershare AllMyTube -> {1373BA72-5012-496e-9F72-7A426DCF78BB} -> C:\Program Files\Wondershare\Free YouTube Downloader\SVRIEPlugin.dll (Wondershare Software Co., Ltd.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Wondershare Video Converter Ultimate -> {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} -> C:\Programme\Video Converter Ultimate\SVRIEPlugin.dll (Wondershare Software Co., Ltd.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{46543964-8594-454A-A17B-4AFD11D0BC90}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{ADB2C81E-6114-492D-A9CB-E245095B7D02}: [NameServer]193.189.244.225 193.189.244.206

FireFox:
========
FF ProfilePath: C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default
FF Homepage: chrome://speeddial/content/speeddial.xul
FF NetworkProxy: "backup.ftp", "76.73.26.77"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "76.73.26.77"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "76.73.26.77"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "76.73.26.77"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "76.73.26.77"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "76.73.26.77"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "76.73.26.77"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\abs@avira.com [2014-08-08]
FF Extension: YouTube Unblocker - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\youtubeunblocker@unblocker.yt [2014-06-20]
FF Extension: DownloadHelper - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-08-13]
FF Extension: DSL Soforthilfe - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{} [2014-07-23]
FF Extension: Stealthy - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\stealthyextension@gmail.com.xpi [2011-11-20]
FF Extension: Free Hide IP - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\support@free-hideip.com.xpi [2013-04-09]
FF Extension: Tab Auto Reload - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\TabAutoReload@schuzak.jp.xpi [2012-07-20]
FF Extension: Speed Dial - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2011-08-10]
FF Extension: Video HTML5 Compiler Plus - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{6adda621-1273-46a0-b4de-e77a819834e6}.xpi [2013-12-04]
FF Extension: NoScript - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-01-14]
FF Extension: Adblock Plus - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-07]
FF Extension: {de5aeb72-ad84-429a-bc36-a15da06270bc} - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{de5aeb72-ad84-429a-bc36-a15da06270bc}.xpi [2013-11-14]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-05-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2012-08-02]
FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Programme\Video Converter Ultimate\SVRFirefoxExt
FF Extension: Wondershare Video Converter Ultimate - C:\Programme\Video Converter Ultimate\SVRFirefoxExt [2014-02-07]
FF HKLM-x32\...\Firefox\Extensions: [{78ee576f-36ab-4371-a938-48cd78cd469e}] - C:\Program Files (x86)\Security Utility\securityutility.xpi
FF Extension: No Name - C:\Program Files (x86)\Security Utility\securityutility.xpi [2014-05-29]
FF HKCU\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Programme\Video Converter Ultimate\SVRFirefoxExt
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: qvo6
CHR DefaultNewTabURL:
CHR Extension: (No Name) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-21]
CHR Extension: (Wondershare Video Converter Ultimate) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\chgdeabpmphfhkoemjjglmilajldekbp [2014-02-15]
CHR Extension: (Wondershare AllMyTube) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifllmjhoijmmhobcnjdhelmboobmenij [2014-02-15]
CHR Extension: (WEB.DE MailCheck) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2013-07-11]
CHR Extension: (No Name) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2012-09-19]
CHR Extension: (Google Wallet) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR HKLM-x32\...\Chrome\Extension: [chgdeabpmphfhkoemjjglmilajldekbp] - C:\Programme\Video Converter Ultimate\SVRChromePlugin.crx [2014-02-07]
CHR HKLM-x32\...\Chrome\Extension: [ifllmjhoijmmhobcnjdhelmboobmenij] - C:\Program Files\Wondershare\Free YouTube Downloader\SVRChromePlugin.crx [2014-01-23]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG)
R2 Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.)
R2 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] () [File not signed]
R2 MBAMScheduler; C:\Programme\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Programme\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MCSWASVR; C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [12800 2011-11-23] (Deutsche Telekom AG) [File not signed]
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] () [File not signed]
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 Securepoint VPN; C:\Program Files\Securepoint SSL VPN\SPOpenVPNService.exe [198024 2012-11-01] ()
S2 SkypeUpdate; C:\Programme\skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
R2 NPF; C:\Windows\SysWOW64\drivers\npf.sys [50704 2010-03-22] (CACE Technologies, Inc.)
S1 PQNTDrv; C:\Windows\SysWow64\Drivers\PQNTDrv.sys [4228 2002-09-16] (PowerQuest Corporation) [File not signed]
S3 wmvad_simple; C:\Windows\System32\drivers\wmvad.sys [23040 2010-12-10] (WonderMedia Technologies, Inc.)
R3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-13 20:56 - 2014-08-13 21:02 - 00000000 ____D () C:\FRST
2014-08-13 20:53 - 2014-08-13 20:53 - 00000000 _____ () C:\Users\XXXXX_2\defogger_reenable
2014-08-13 20:48 - 2014-08-13 21:02 - 00000000 ____D () C:\Users\XXXXX_2\Desktop\Malware - Trojaner-Board
2014-08-13 17:12 - 2014-08-13 20:40 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-13 17:11 - 2014-08-13 17:19 - 00000843 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-13 17:11 - 2014-08-13 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-13 17:11 - 2014-08-13 17:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-13 17:11 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-13 17:11 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-13 17:11 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-13 16:12 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-13 10:17 - 2014-08-13 10:17 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Local\Adobe
2014-08-09 12:48 - 2014-08-09 12:48 - 00002617 _____ () C:\Users\Public\Desktop\COMPUTER BILD Account-Alarm.lnk
2014-08-09 12:48 - 2014-08-09 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMPUTER BILD Account-Alarm
2014-08-09 12:48 - 2014-08-09 12:48 - 00000000 ____D () C:\Program Files (x86)\COMPUTER BILD Account-Alarm
2014-08-08 14:11 - 2014-08-08 14:18 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-08 14:11 - 2014-08-08 14:18 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-06 11:35 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-06 11:35 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-06 11:35 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-06 11:35 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-06 11:34 - 2014-08-06 11:35 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-05 19:31 - 2014-08-05 19:31 - 00001164 _____ () C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-05 19:30 - 2014-08-05 19:30 - 00000000 ____D () C:\Program Files (x86)\Security Utility
2014-08-05 19:16 - 2014-08-05 19:16 - 00002011 _____ () C:\Users\XXXXX_2\Desktop\Continue Win-Install.lnk
2014-08-05 19:12 - 2014-08-13 16:13 - 00001083 _____ () C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-08-05 19:12 - 2014-08-13 16:13 - 00001053 _____ () C:\Users\XXXXX_2\Desktop\Search.lnk
2014-08-05 19:07 - 2014-08-05 19:07 - 00004032 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-08-02 10:21 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-02 10:21 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-02 10:21 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-02 10:21 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-02 10:20 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-02 10:20 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-02 10:20 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-02 10:20 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-02 10:20 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-02 10:20 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-02 10:19 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-02 10:19 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-02 10:19 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-02 10:19 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-13 21:02 - 2014-08-13 20:56 - 00000000 ____D () C:\FRST
2014-08-13 21:02 - 2014-08-13 20:48 - 00000000 ____D () C:\Users\XXXXX_2\Desktop\Malware - Trojaner-Board
2014-08-13 20:53 - 2014-08-13 20:53 - 00000000 _____ () C:\Users\XXXXX_2\defogger_reenable
2014-08-13 20:53 - 2011-08-08 17:07 - 00000000 ____D () C:\Users\XXXXX_2
2014-08-13 20:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-08-13 20:45 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-13 20:45 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-13 20:40 - 2014-08-13 17:12 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-13 20:39 - 2010-09-26 08:46 - 01684696 _____ () C:\Windows\WindowsUpdate.log
2014-08-13 20:34 - 2014-06-09 20:09 - 00000000 ___RD () C:\Users\XXXXX_2\Dropbox
2014-08-13 20:34 - 2013-07-27 10:17 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\Dropbox
2014-08-13 20:34 - 2012-09-12 13:11 - 00000000 ___RD () C:\Users\XXXXX_2\Mediencenter
2014-08-13 20:31 - 2013-01-18 12:37 - 00000394 ____H () C:\Windows\Tasks\{0D9200A2-5A91-45FF-826F-50E7AC7BE09F}.job
2014-08-13 20:31 - 2012-07-21 14:16 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-08-13 20:31 - 2012-04-23 17:10 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-13 20:30 - 2010-09-26 08:43 - 00798758 _____ () C:\Windows\PFRO.log
2014-08-13 20:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-13 20:30 - 2009-07-14 06:51 - 00178598 _____ () C:\Windows\setupact.log
2014-08-13 20:29 - 2011-08-16 18:33 - 00000000 ____D () C:\Users\XXXXX_2\Documents\Outlook-Dateien
2014-08-13 20:27 - 2012-04-15 18:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-13 20:17 - 2012-04-23 17:10 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-13 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\IME
2014-08-13 20:05 - 2012-07-14 11:01 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002UA.job
2014-08-13 20:00 - 2013-01-18 12:37 - 00000000 ____D () C:\Program Files (x86)\WxDownload
2014-08-13 20:00 - 2013-01-18 12:36 - 00000000 ____D () C:\ProgramData\InstallMate
2014-08-13 17:19 - 2014-08-13 17:11 - 00000843 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-13 17:19 - 2014-08-13 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-13 17:11 - 2014-08-13 17:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-13 17:11 - 2011-08-07 13:26 - 00000000 ____D () C:\Programme
2014-08-13 16:14 - 2013-09-11 20:12 - 00000000 ____D () C:\AdwCleaner
2014-08-13 16:13 - 2014-08-05 19:12 - 00001083 _____ () C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-08-13 16:13 - 2014-08-05 19:12 - 00001053 _____ () C:\Users\XXXXX_2\Desktop\Search.lnk
2014-08-13 11:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-13 10:17 - 2014-08-13 10:17 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Local\Adobe
2014-08-13 10:05 - 2012-07-14 11:01 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002Core.job
2014-08-13 09:46 - 2012-05-22 20:24 - 00000021 _____ () C:\Users\XXXXX_2\AppData\Local\mc.pixel.data
2014-08-13 09:41 - 2014-05-10 09:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-13 09:41 - 2013-03-15 09:05 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-13 09:41 - 2013-03-15 09:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-13 09:41 - 2012-05-10 18:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-11 10:57 - 2011-08-26 19:38 - 00000000 ____D () C:\Users\XXXXX_2\dwhelper
2014-08-11 10:00 - 2010-09-26 18:37 - 00703230 _____ () C:\Windows\system32\perfh007.dat
2014-08-11 10:00 - 2010-09-26 18:37 - 00150838 _____ () C:\Windows\system32\perfc007.dat
2014-08-11 10:00 - 2009-07-14 07:13 - 01629508 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-09 12:48 - 2014-08-09 12:48 - 00002617 _____ () C:\Users\Public\Desktop\COMPUTER BILD Account-Alarm.lnk
2014-08-09 12:48 - 2014-08-09 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMPUTER BILD Account-Alarm
2014-08-09 12:48 - 2014-08-09 12:48 - 00000000 ____D () C:\Program Files (x86)\COMPUTER BILD Account-Alarm
2014-08-08 14:18 - 2014-08-08 14:11 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-08 14:18 - 2014-08-08 14:11 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-08 14:18 - 2013-08-06 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-08 14:18 - 2013-08-06 15:33 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-08 14:11 - 2011-10-13 21:15 - 00000000 ____D () C:\ProgramData\Avira
2014-08-06 11:37 - 2014-04-19 19:30 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-06 11:35 - 2014-08-06 11:34 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-06 11:35 - 2011-08-01 14:04 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-05 19:34 - 2012-04-15 18:19 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-05 19:34 - 2012-04-15 18:19 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-05 19:34 - 2011-08-01 17:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-05 19:31 - 2014-08-05 19:31 - 00001164 _____ () C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-05 19:30 - 2014-08-05 19:30 - 00000000 ____D () C:\Program Files (x86)\Security Utility
2014-08-05 19:16 - 2014-08-05 19:16 - 00002011 _____ () C:\Users\XXXXX_2\Desktop\Continue Win-Install.lnk
2014-08-05 19:07 - 2014-08-05 19:07 - 00004032 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-07-27 10:25 - 2011-08-01 13:58 - 00002277 _____ () C:\Windows\wininit.ini
2014-07-25 14:44 - 2014-06-09 20:09 - 00001026 _____ () C:\Users\XXXXX_2\Desktop\Dropbox.lnk
2014-07-25 14:44 - 2014-06-09 20:07 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-25 14:05 - 2013-08-06 15:35 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-25 12:55 - 2014-08-06 11:35 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-25 12:49 - 2014-08-06 11:35 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-25 12:49 - 2014-08-06 11:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-25 12:49 - 2014-08-06 11:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-25 08:09 - 2013-03-15 09:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 18:11 - 2011-09-13 16:29 - 00004704 ___SH () C:\ProgramData\KGyGaAvL.sys
2014-07-19 09:41 - 2013-01-22 18:16 - 00002367 _____ () C:\Users\XXXXX_2\Desktop\Google Chrome.lnk
2014-07-16 13:03 - 2009-07-14 06:45 - 00480072 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-16 12:56 - 2009-07-14 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-16 12:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-16 12:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-16 08:36 - 2011-08-16 18:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-16 08:35 - 2013-08-17 09:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-16 08:29 - 2011-08-02 08:54 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\Users\XXXXX_2\AppData\Local\Temp\clicup\clicup.exe
C:\Windows\Tasks\{0D9200A2-5A91-45FF-826F-50E7AC7BE09F}.job


Some content of TEMP:
====================
C:\Users\XXXXX\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\XXXXX\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\XXXXX\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\XXXXX\AppData\Local\Temp\ResetDevice.exe
C:\Users\XXXXX_2\AppData\Local\Temp\ApnStub.exe
C:\Users\XXXXX_2\AppData\Local\Temp\AskSLib.dll
C:\Users\XXXXX_2\AppData\Local\Temp\avgnt.exe
C:\Users\XXXXX_2\AppData\Local\Temp\azspg20c.dll
C:\Users\XXXXX_2\AppData\Local\Temp\BackupSetup.exe
C:\Users\XXXXX_2\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\XXXXX_2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwyohri.dll
C:\Users\XXXXX_2\AppData\Local\Temp\DTAG.Mediencenter.IconOverlayHandler.dll
C:\Users\XXXXX_2\AppData\Local\Temp\FileZilla_3.5.3_win32-setup.exe
C:\Users\XXXXX_2\AppData\Local\Temp\FreemakeVideoConverter_3.0.2.15.exe
C:\Users\XXXXX_2\AppData\Local\Temp\INST01.dll
C:\Users\XXXXX_2\AppData\Local\Temp\INST011.dll
C:\Users\XXXXX_2\AppData\Local\Temp\installhelper.dll
C:\Users\XXXXX_2\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe
C:\Users\XXXXX_2\AppData\Local\Temp\instructionsBv3.exe
C:\Users\XXXXX_2\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\XXXXX_2\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\XXXXX_2\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\XXXXX_2\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\XXXXX_2\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\XXXXX_2\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\XXXXX_2\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\XXXXX_2\AppData\Local\Temp\Mediencenter_3.5.0.1212.exe
C:\Users\XXXXX_2\AppData\Local\Temp\Mediencenter_3.6.0.1202.exe
C:\Users\XXXXX_2\AppData\Local\Temp\Mediencenter_3.7.0.2204.exe
C:\Users\XXXXX_2\AppData\Local\Temp\Mediencenter_3.8.0.2907.exe
C:\Users\XXXXX_2\AppData\Local\Temp\Mediencenter_3.8.1.2208.exe
C:\Users\XXXXX_2\AppData\Local\Temp\Mediencenter_3.8.9799.6.exe
C:\Users\XXXXX_2\AppData\Local\Temp\Mediencenter_3.9.1055.64.exe
C:\Users\XXXXX_2\AppData\Local\Temp\MSETUP4.EXE
C:\Users\XXXXX_2\AppData\Local\Temp\NEW_CORRECT_incredibar_install.exe
C:\Users\XXXXX_2\AppData\Local\Temp\Quarantine.exe
C:\Users\XXXXX_2\AppData\Local\Temp\ResetDevice.exe
C:\Users\XXXXX_2\AppData\Local\Temp\SecurityUtility.exe
C:\Users\XXXXX_2\AppData\Local\Temp\SetupHelper.exe
C:\Users\XXXXX_2\AppData\Local\Temp\SkypeSetup.exe
C:\Users\XXXXX_2\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\XXXXX_2\AppData\Local\Temp\uninst.exe
C:\Users\XXXXX_2\AppData\Local\Temp\vcredist_x64.exe
C:\Users\XXXXX_2\AppData\Local\Temp\wget.exe
C:\Users\XXXXX_2\AppData\Local\Temp\winzip1664_2_wrapped.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-09 13:24

==================== End Of Log ============================
Additions.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-08-2014
Ran by XXXXX_2 at 2014-08-13 21:04:44
Running from C:\Users\XXXXX_2\Desktop\Malware - Trojaner-Board
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.3 - )
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Acer Backup Manager (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.1.68 - NewTech Infosystems)
Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.19.3 - Suyin Optronics Corp)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0826.2010 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3002 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Alien Skin Eye Candy 5 Nature (HKLM-x32\...\EyeCandy5Nature) (Version:  - )
Alien Skin Xenofex 2.0 (HKLM-x32\...\Xenofex2) (Version:  - )
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio Elements 10.0.9 (HKLM-x32\...\Ashampoo Burning Studio Elements_is1) (Version: 3.1.1 - Ashampoo GmbH & Co. KG)
Avidemux 2.5 (32-bit) (HKLM-x32\...\Avidemux 2.5) (Version: 2.5.6.7716 - )
Avira (HKLM-x32\...\{9590977b-7b6f-467e-a11a-efa1fae804da}) (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Backup Manager Advance (x32 Version: 2.0.1.68 - NewTech Infosystems) Hidden
BILDmobil (HKLM-x32\...\BILDmobil) (Version: 11.301.08.01.35 - Huawei Technologies Co.,Ltd)
Bing Bar (HKLM-x32\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
calibre (HKLM-x32\...\{1BFDD064-4C67-4156-A6C6-6E8D63563B3B}) (Version: 1.20.0 - Kovid Goyal)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon iP7200 series Benutzerregistrierung (HKLM-x32\...\Canon iP7200 series Benutzerregistrierung) (Version:  - Canon Inc.‎)
Canon iP7200 series On-screen Manual (HKLM-x32\...\Canon iP7200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version:  - Canon Inc.)
Canon Kurzwahlprogramm (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version:  - )
Canon MX350 series Benutzerregistrierung (HKLM-x32\...\Canon MX350 series Benutzerregistrierung) (Version:  - )
Canon MX350 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX350_series) (Version:  - )
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
clicup (HKCU\...\clicup) (Version: 1.0 - )
COMPUTER BILD Account-Alarm (HKLM-x32\...\{04B0A9F1-070A-4C32-A575-6D2DC8F5C52E}) (Version: 1.0.3 - J3S)
concept/design onlineTV 8 (HKLM-x32\...\{D2AC7034-15AC-4F62-85BD-1E48021E45D6}_is1) (Version: 8.2.0.1 - concept/design GmbH)
ContentHD (x32 Version: 1.00.0002 - Corel Corporation) Hidden
Contents (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
ConTEXT v0.98.6 (HKLM-x32\...\{73E0D3A0-9C30-4F59-ABBF-6233686FB396}_is1) (Version:  - ConTEXT Project Ltd)
Corel MediaOne (HKLM-x32\...\{3C569633-C8DE-46E2-BB8F-F65198681C2F}) (Version: 2.00.0000 - Corel Corporation)
Corel Paint Shop Pro Photo XI (HKLM-x32\...\{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}) (Version: 11.00.0000 - Corel Inc)
Corel Painter Essentials 3 (HKLM-x32\...\_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}) (Version:  - Corel Corporation)
Corel Painter Essentials 3 (x32 Version: 3.2 - Corel Corporation) Hidden
Corel VideoStudio Pro X3 (HKLM-x32\...\_{F072CA07-A781-45E4-9975-C033A73019CF}) (Version: 1.6.2.69 - Corel Corporation)
Coupon Companion Plugin (HKLM-x32\...\Coupon Companion Plugin) (Version: 1.26.152.152 - 215 Apps) <==== ATTENTION
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAZ Content Management Service (HKLM-x32\...\DAZ Content Management Service 4.8.1.6) (Version: 4.8.1.6 - DAZ 3D)
DAZ Studio 4 (HKLM-x32\...\DAZ Studio 4 4.0.0.335) (Version: 4.0.0.335 - DAZ 3D)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{043645C8-48EC-458F-B9BD-9C8F15CEF6F7}) (Version:  - Microsoft)
DeviceIO (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
DS4 Default Content (HKLM-x32\...\DS4 Default Content 4.0.0.8) (Version: 4.0.0.8 - DAZ 3D)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Eye Candy 4000 (HKLM-x32\...\Eye Candy 4000) (Version:  - )
FeedReader (HKLM-x32\...\FeedReader_is1) (Version:  - i-Systems Inc.)
FileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
FoxTab 3GP Converter (HKCU\...\FoxTab 3GP Converter) (Version:  - ) <==== ATTENTION
Free Screen Video Recorder version 2.5.22.508 (HKLM-x32\...\Free Screen Video Recorder_is1) (Version: 2.5.22.508 - DVDVideoSoft Ltd.)
Free Video Dub version 2.0.12.706 (HKLM-x32\...\Free Video Dub_is1) (Version: 2.0.12.706 - DVDVideoSoft Ltd.)
FrostWire 5.3.6 (HKLM-x32\...\FrostWire 5) (Version: 5.3.6.0 - FrostWire Team)
GetFLV 9.6.5.5 (HKLM-x32\...\GetFLV_is1) (Version:  - GetFLV, Inc.)
Google Calendar Sync (HKLM-x32\...\Google Calendar Sync) (Version:  - )
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
ICA (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
instplugin (HKLM-x32\...\instplugin) (Version:  - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
InterVideo DeviceService (HKLM-x32\...\{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}) (Version: 1.0.0 - InterVideo)
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}) (Version: 8.5.10.76 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.5.10.76 - InterVideo Inc.) Hidden
IPM_VS_Pro (x32 Version: 13.0 - Corel Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
Jasc Animation Shop 3 (HKLM-x32\...\{174D5678-D941-433C-BD23-58A5C7B0D36D}) (Version: 3.05.0000 - Jasc Software Inc)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mediencenter 3.9.1055.64 (HKCU\...\Mediencenter) (Version: 3.9.1055.64 - Deutsche Telekom AG)
Mediencenter Assistent (HKLM\...\Mediencenter Software) (Version: 2.7.0.1451 - Telekom)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Outlook Hotmail Connector 64-Bit (HKLM\...\{95140000-007A-0407-1000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit (HKLM\...\{95140000-007D-0409-1000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MLE (x32 Version: 1.0.0.23 - Corel Corporation) Hidden
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 16.002.03.02.511 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8928 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8928 - NTI Corporation) Hidden
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
OpenVPN 2.2.2 (HKLM-x32\...\OpenVPN) (Version: 2.2.2 - )
PartitionMagic (x32 Version: 8.00.000 - PowerQuest) Hidden
PureHD (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6151 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30121 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.43 - Piriform)
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Samsung PC Studio 3 USB Driver Installer (HKLM-x32\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
Securepoint SSL VPN (HKLM-x32\...\Securepoint SSL VPN) (Version:  - Securepoint GmbH)
Security Utility (HKLM-x32\...\Security Utility) (Version:  - )
SelectionLinks (HKLM-x32\...\sl-dlc) (Version: 1.0 - SelectionLinks) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Setup (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
Share (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
Share64 (Version: 1.6.2.36 - Corel Corporation) Hidden
SilverCrest DMTS2017 Driver (HKLM-x32\...\{1E494817-D81E-4B0E-B379-F34DF4DCDA58}) (Version: 1.0 - TARGA)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.6 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.6 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.1.2 - SmartSound Software Inc.)
SmartSound Quicktracks Plugin (x32 Version: 3.0.1.2 - SmartSound Software Inc.) Hidden
Sony PC Companion 2.10.115 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.115 - Sony)
Sqirlz Water Reflections (HKLM-x32\...\Sqirlz Water Reflections) (Version: 2.6 - xiberpix)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.02 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.06 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.04.49 - Akademische Arbeitsgemeinschaft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
TVUPlayer 2.5.3.1 (HKLM-x32\...\TVUPlayer) (Version: 2.5.3.1 - TVU networks)
Ulead GIF Animator 5 Test (HKLM-x32\...\{8AF3E926-ED59-11D4-A44B-0000E86D2305}) (Version:  - )
Ulead PhotoImpact 8 (HKLM-x32\...\{3D960387-76B3-4758-BAF7-D156B14A032F}) (Version: 8.0 - Ulead System)
Ulead PhotoImpact X3 (HKLM-x32\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 1.00.0000 - Corel)
Ulead PhotoImpact X3 (x32 Version: 1.00.0000 - Corel) Hidden
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{17815BC8-062D-49BE-B40C-B54149C85CE3}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8F699D53-05FB-488E-B7D3-E4E47257BE5D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{324703B5-6765-489D-9B9B-B082D34F882E}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{FD360122-6829-4497-97C1-1BF578EF695B}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version:  - Microsoft)
Video Download Studio 3.4.14 (HKLM-x32\...\{8A075C9A-1368-4491-855E-F3D9ABE55740}_is1) (Version:  - aHisoft)
Video Downloader version 2.0 (HKLM-x32\...\Video Downloader_is1) (Version: 2.0 - )
VIO (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
VSClassic (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
VSPro (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}) (Version: 16.0.9715 - WinZip Computing, S.L. )
Wondershare Free YouTube Downloader(Build 3.8.0.4) (HKLM-x32\...\Wondershare Free YouTube Downloader_is1) (Version: 3.8.0.4 - Wondershare Software)
Wondershare Video Converter Ultimate(Build 6.7.1.0) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 6.7.1.0 - Wondershare Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{268502F4-815D-4358-A8D6-B783FDB58EF0}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.ContextMenuHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

25-07-2014 06:05:34 Windows Update
29-07-2014 12:47:52 Windows Update
02-08-2014 08:18:18 Windows Update
05-08-2014 17:16:14 Windows Update
06-08-2014 09:33:13 Installed Java 7 Update 67
12-08-2014 07:36:59 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0F8C063A-7157-45F0-A615-E57673BD1BD8} - \HDvid Codec V1-updater No Task File <==== ATTENTION
Task: {0FFD4DF7-E79E-4CF0-AE38-56D663221D27} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {20D4EC73-F5D6-45FC-89C5-9A1CD5927750} - \HDvid Codec V1-enabler No Task File <==== ATTENTION
Task: {5CBF856C-D0CF-4FBD-9BD8-2D2AC2FD1224} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-23] (Google Inc.)
Task: {6F0BCF1C-DA02-4B83-88AF-6C6F6228E90E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002UA => C:\Users\XXXXX_2\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-23] (Google Inc.)
Task: {8C54AD7F-34A0-47AE-B099-EE52B61C2F3A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-05] (Adobe Systems Incorporated)
Task: {C712CDA3-DE89-4111-9621-0A1AD2FAFAA7} - System32\Tasks\Games\UpdateCheck_S-1-5-21-752392268-3339214621-1681333280-1000
Task: {CAE5EC1E-CE32-4081-9B47-7E36C4013B5A} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {DE2FFE30-8218-4F49-A8B1-33E1B539385F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002Core => C:\Users\XXXXX_2\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-23] (Google Inc.)
Task: {E793FBEE-030D-4A1F-83A7-2E276294E267} - System32\Tasks\{0D9200A2-5A91-45FF-826F-50E7AC7BE09F} => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe <==== ATTENTION
Task: {EE4A2A93-391A-43D8-B769-C8E0934C54CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-23] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002Core.job => C:\Users\XXXXX_2\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002UA.job => C:\Users\XXXXX_2\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\{0D9200A2-5A91-45FF-826F-50E7AC7BE09F}.job => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2008-10-24 17:35 - 2008-10-24 17:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2012-02-23 22:49 - 2011-05-05 22:36 - 00022528 _____ () C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
2012-02-23 22:49 - 2011-05-05 22:36 - 01479680 _____ () C:\Program Files\DAZ 3D\Content Management Service\ace_x64.dll
2012-02-23 22:49 - 2011-05-05 22:36 - 00977408 _____ () C:\Program Files\DAZ 3D\Content Management Service\VServer_x64.dll
2012-02-23 22:49 - 2011-05-05 22:36 - 01053696 _____ () C:\Program Files\DAZ 3D\Content Management Service\ace_ssl_x64.dll
2012-02-23 22:49 - 2011-05-05 22:36 - 00155136 _____ () C:\Program Files\DAZ 3D\Content Management Service\asnmp_x64.dll
2007-06-05 14:20 - 2007-06-05 14:20 - 00177704 _____ () C:\Windows\SysWOW64\PSIService.exe
2012-11-01 13:11 - 2012-11-01 13:11 - 00198024 _____ () C:\Program Files\Securepoint SSL VPN\SPOpenVPNService.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-08-16 16:20 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2014-02-07 10:48 - 2013-08-23 14:36 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll
2010-09-26 08:54 - 2010-06-09 18:54 - 00206208 _____ () C:\Windows\PLFSetI.exe
2014-04-20 17:28 - 2009-03-29 11:30 - 02058240 _____ () C:\Programme\FeedReader30\feedreader.exe
2014-08-13 20:52 - 2014-08-13 20:52 - 00050477 _____ () C:\Users\XXXXX_2\Desktop\Malware - Trojaner-Board\Defogger.exe
2010-06-29 00:20 - 2010-06-29 00:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-29 00:12 - 2010-06-29 00:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2011-05-20 16:14 - 2011-05-20 16:14 - 00009826 _____ () C:\Program Files\Securepoint SSL VPN\mingwm10.dll
2011-05-20 16:14 - 2011-05-20 16:14 - 00020480 _____ () C:\Program Files\Securepoint SSL VPN\libgcc_s_dw2-1.dll
2011-05-20 16:14 - 2011-05-20 16:14 - 00967168 _____ () C:\Program Files\Securepoint SSL VPN\QtCore4.dll
2011-05-20 16:14 - 2011-05-20 16:14 - 01209344 _____ () C:\Program Files\Securepoint SSL VPN\QtNetwork4.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-07-24 11:50 - 2014-07-24 11:50 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-07-24 11:49 - 2014-07-24 11:49 - 00065104 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-08-07 11:39 - 2014-08-07 11:39 - 00014336 _____ () C:\Program Files (x86)\COMPUTER BILD Account-Alarm\BCrypt.Net.dll
2014-08-13 20:34 - 2014-08-13 20:34 - 00043008 _____ () c:\users\XXXXX_2\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwyohri.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\libcef.dll
2010-09-06 14:06 - 2009-05-20 08:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2012-02-18 15:16 - 2007-08-02 22:07 - 00034064 _____ () C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
2011-01-17 16:19 - 2011-08-08 15:33 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2014-08-08 14:11 - 2014-07-24 11:50 - 00049744 _____ () C:\Users\XXXXX_2\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-05-10 09:39 - 2014-07-27 10:24 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-16 11:19 - 2014-02-16 11:19 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\29335dc88d799664dcd97362bcb687e9\IsdiInterop.ni.dll
2010-09-06 13:20 - 2010-04-13 18:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/13/2014 08:01:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x1034
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3

Error: (08/13/2014 11:47:45 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/13/2014 10:18:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Setup.exe_Microsoft Setup Bootstrapper, Version: 14.0.7011.1000, Zeitstempel: 0x5137020a
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c92c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000029fa6
ID des fehlerhaften Prozesses: 0x5c8
Startzeit der fehlerhaften Anwendung: 0xSetup.exe_Microsoft Setup Bootstrapper0
Pfad der fehlerhaften Anwendung: Setup.exe_Microsoft Setup Bootstrapper1
Pfad des fehlerhaften Moduls: Setup.exe_Microsoft Setup Bootstrapper2
Berichtskennung: Setup.exe_Microsoft Setup Bootstrapper3

Error: (08/12/2014 01:50:35 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/09/2014 05:23:12 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/09/2014 10:29:57 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={C8D13FCF-8AAC-4830-B4CC-4920F628A9F7}: Der Benutzer "XXXXXs-Acer\XXXXX_2" hat eine Verbindung mit dem Namen "VPN-Verbindung USA" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0.

Error: (08/09/2014 10:29:57 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={C8D13FCF-8AAC-4830-B4CC-4920F628A9F7}: Der Benutzer "XXXXXs-Acer\XXXXX_2" hat eine Verbindung mit dem Namen "VPN-Verbindung USA" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 868.

Error: (08/06/2014 11:14:42 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/05/2014 07:31:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x32a0
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (08/05/2014 07:29:16 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: XXXXXs-Acer)
Description: Die Anwendung oder der Dienst "linmsl" konnte nicht heruntergefahren werden.


System errors:
=============
Error: (08/13/2014 08:33:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Avira Browser-Schutz" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (08/13/2014 08:33:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Browser-Schutz erreicht.

Error: (08/13/2014 08:30:44 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\PQNTDrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (08/13/2014 08:19:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Intel(R) Rapid Storage Technology" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (08/13/2014 08:19:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) Rapid Storage Technology erreicht.

Error: (08/13/2014 08:15:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.

Error: (08/13/2014 08:14:18 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\PQNTDrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (08/13/2014 04:16:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.

Error: (08/13/2014 04:15:22 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\PQNTDrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (08/13/2014 09:40:50 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\PQNTDrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.


Microsoft Office Sessions:
=========================
Error: (08/13/2014 08:01:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd103401cfb709ecad005fC:\Programme\Malwarebytes Anti-Malware\mbam.exeC:\Programme\Malwarebytes Anti-Malware\MSVCR100.dllcf257140-2313-11e4-bf5a-1c7508023576

Error: (08/13/2014 11:47:45 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (08/13/2014 10:18:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Setup.exe_Microsoft Setup Bootstrapper14.0.7011.10005137020aole32.dll6.1.7601.175144ce7c92cc00000050000000000029fa65c801cfb6cdbb7980b1C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exeC:\Windows\system32\ole32.dll73a4619d-22c2-11e4-95ad-1c7508023576

Error: (08/12/2014 01:50:35 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (08/09/2014 05:23:12 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (08/09/2014 10:29:57 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {C8D13FCF-8AAC-4830-B4CC-4920F628A9F7}XXXXXs-Acer\XXXXX_2VPN-Verbindung USA0

Error: (08/09/2014 10:29:57 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {C8D13FCF-8AAC-4830-B4CC-4920F628A9F7}XXXXXs-Acer\XXXXX_2VPN-Verbindung USA868

Error: (08/06/2014 11:14:42 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (08/05/2014 07:31:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b32a001cfb0d31bd2c71eC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll650253ce-1cc6-11e4-aad1-1c7508023576

Error: (08/05/2014 07:29:16 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: XXXXXs-Acer)
Description: 1C:\Program Files (x86)\LPT\linmsl.exelinmsl05117163400


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 60%
Total physical RAM: 4025.97 MB
Available physical RAM: 1585.72 MB
Total Pagefile: 8050.13 MB
Available Pagefile: 4916.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:292.59 GB) (Free:211.21 GB) NTFS
Drive e: (Daten) (Fixed) (Total:97.66 GB) (Free:8.87 GB) NTFS
Drive f: (Internet) (Fixed) (Total:192.83 GB) (Free:42.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 46227C9E)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=290 GB) - (Type=OF Extended)

==================== End Of Log ============================
Gmer.txt ist leer

Weitere eigene Logfiles mit Funden habe ich nicht.

Ich würde mich freuen, wenn mir jemand Schritt für Schritt helfen könnte.
Danke im Voraus.

M-K-D-B 13.08.2014 20:46
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Danke für deine Mitarbeit!






Zitat:
Running from C:\Users\XXXXX_2\Desktop\Malware - Trojaner-Board
Leider hast du unsere Anleitung nicht richtig befolgt:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.

TinaW5 13.08.2014 21:27
Oh sorry, ich bin so ein Ordner-Typ und habe das daher sortiert.
Habe das Ganze nochmal neu ausgeführt.

Hier die Logfiles.

defogger_disable
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:10 on 13/08/2014 (XXXXX_2)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST.txt

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2014
Ran by XXXXX_2 (administrator) on XXXXXS-ACER on 13-08-2014 22:16:32
Running from C:\Users\XXXXX_2\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(InterVideo Inc.) C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
() C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes Anti-Malware\mbamservice.exe
(Deutsche Telekom AG) C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
() C:\Windows\SysWOW64\PSIService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
() C:\Program Files\Securepoint SSL VPN\SPOpenVPNService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes Anti-Malware\mbam.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Corel, Inc.) C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Programme\FeedReader30\feedreader.exe
(Clichelper) C:\Users\XXXXX_2\AppData\Local\Temp\clicup\clicup.exe
(J3S GmbH) C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Google) C:\Program Files\Google Calendar Sync\GoogleCalendarSync.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Deutsche Telekom AG) C:\Program Files\Telekom\Mediencenter\MediencenterSoftware.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Deutsche Telekom AG) C:\Users\XXXXX_2\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Siliten) C:\Program Files (x86)\SilverCrest DMTS2017 Driver\KbClient_FD2.exe
(Siliten) C:\Program Files (x86)\SilverCrest DMTS2017 Driver\MouClient_FD2.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(Corel) C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe [483144 2007-08-17] (Corel, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-29] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM-x32\...\Run: [Launch SilverCrest DMTS2017-K] => C:\Program Files (x86)\SilverCrest DMTS2017 Driver\KbClient_FD2.exe [1218048 2010-06-28] (Siliten)
HKLM-x32\...\Run: [Launch SilverCrest DMTS2017-M] => C:\Program Files (x86)\SilverCrest DMTS2017 Driver\MouClient_FD2.exe [860672 2010-06-28] (Siliten)
HKLM-x32\...\Run: [Corel Photo Downloader] => "C:\Program Files (x86)\Corel\Corel MediaOne\Corel PhotoDownloader.exe" -startup
HKLM-x32\...\Run: [Ulead AutoDetector v2] => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [95504 2007-08-02] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Standby] => C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe [105632 2010-05-17] (Corel)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [BrowserPlugInHelper] => C:\Programme\Video Converter Ultimate\BrowserPlugInHelper.exe [1962896 2013-12-19] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [COMPUTER BILD Account-Alarm] => \COMPUTER BILD Account-Alarm /tray
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\Run: [Google Update] => C:\Users\XXXXX_2\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-23] (Google Inc.)
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911040 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\Run: [feedreader.exe] => C:\Programme\FeedReader30\feedreader.exe [2058240 2009-03-29] ()
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\Run: [clicup-Agent] => C:\Users\XXXXX_2\AppData\Local\Temp\clicup\clicup.exe [445424 2014-07-10] (Clichelper) <===== ATTENTION
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\Run: [COMPUTER BILD Account-Alarm] => C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe [2058752 2014-08-07] (J3S GmbH)
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {49193dcf-b7da-11e1-85a0-1c7508023576} - G:\AutoRun.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {5b63bcb4-48dd-11e1-92be-1c7508023576} - G:\AutoRun.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {61431bdb-2fe2-11e2-98ec-1c7508023576} - G:\Startme.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {90066f53-bc5d-11e0-9e2a-1c7508023576} - G:\AutoRun.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {a733176c-bc55-11e0-ac53-1c7508023576} - G:\AutoRun.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {da0ccac9-ccf1-11e1-8983-1c7508023576} - G:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files\Google Calendar Sync\GoogleCalendarSync.exe (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter Assistent.lnk
ShortcutTarget: Mediencenter Assistent.lnk -> C:\Program Files\Telekom\Mediencenter\MediencenterSoftware.exe (Deutsche Telekom AG)
Startup: C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk
ShortcutTarget: Mediencenter.lnk -> C:\Users\XXXXX_2\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG)
Startup: C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: 01Mediencenter_InSync -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\XXXXX_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: 02Mediencenter_ToSync -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\XXXXX_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: 03Mediencenter_Failed -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\XXXXX_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.soapreichundschoen.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Wondershare AllMyTube -> {1373BA72-5012-496e-9F72-7A426DCF78BB} -> C:\Program Files\Wondershare\Free YouTube Downloader\SVRIEPlugin.dll (Wondershare Software Co., Ltd.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Wondershare Video Converter Ultimate -> {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} -> C:\Programme\Video Converter Ultimate\SVRIEPlugin.dll (Wondershare Software Co., Ltd.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{46543964-8594-454A-A17B-4AFD11D0BC90}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{ADB2C81E-6114-492D-A9CB-E245095B7D02}: [NameServer]193.189.244.225 193.189.244.206

FireFox:
========
FF ProfilePath: C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default
FF Homepage: chrome://speeddial/content/speeddial.xul
FF NetworkProxy: "backup.ftp", "76.73.26.77"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "76.73.26.77"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "76.73.26.77"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "76.73.26.77"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "76.73.26.77"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "76.73.26.77"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "76.73.26.77"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\abs@avira.com [2014-08-08]
FF Extension: YouTube Unblocker - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\youtubeunblocker@unblocker.yt [2014-06-20]
FF Extension: DownloadHelper - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-08-13]
FF Extension: DSL Soforthilfe - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{} [2014-07-23]
FF Extension: Stealthy - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\stealthyextension@gmail.com.xpi [2011-11-20]
FF Extension: Free Hide IP - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\support@free-hideip.com.xpi [2013-04-09]
FF Extension: Tab Auto Reload - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\TabAutoReload@schuzak.jp.xpi [2012-07-20]
FF Extension: Speed Dial - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2011-08-10]
FF Extension: Video HTML5 Compiler Plus - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{6adda621-1273-46a0-b4de-e77a819834e6}.xpi [2013-12-04]
FF Extension: NoScript - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-01-14]
FF Extension: Adblock Plus - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-07]
FF Extension: {de5aeb72-ad84-429a-bc36-a15da06270bc} - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{de5aeb72-ad84-429a-bc36-a15da06270bc}.xpi [2013-11-14]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-05-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2012-08-02]
FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Programme\Video Converter Ultimate\SVRFirefoxExt
FF Extension: Wondershare Video Converter Ultimate - C:\Programme\Video Converter Ultimate\SVRFirefoxExt [2014-02-07]
FF HKLM-x32\...\Firefox\Extensions: [{78ee576f-36ab-4371-a938-48cd78cd469e}] - C:\Program Files (x86)\Security Utility\securityutility.xpi
FF Extension: No Name - C:\Program Files (x86)\Security Utility\securityutility.xpi [2014-05-29]
FF HKCU\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Programme\Video Converter Ultimate\SVRFirefoxExt
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: qvo6
CHR DefaultNewTabURL:
CHR Extension: (No Name) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-21]
CHR Extension: (Wondershare Video Converter Ultimate) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\chgdeabpmphfhkoemjjglmilajldekbp [2014-02-15]
CHR Extension: (Wondershare AllMyTube) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifllmjhoijmmhobcnjdhelmboobmenij [2014-02-15]
CHR Extension: (WEB.DE MailCheck) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2013-07-11]
CHR Extension: (No Name) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2012-09-19]
CHR Extension: (Google Wallet) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR HKLM-x32\...\Chrome\Extension: [chgdeabpmphfhkoemjjglmilajldekbp] - C:\Programme\Video Converter Ultimate\SVRChromePlugin.crx [2014-02-07]
CHR HKLM-x32\...\Chrome\Extension: [ifllmjhoijmmhobcnjdhelmboobmenij] - C:\Program Files\Wondershare\Free YouTube Downloader\SVRChromePlugin.crx [2014-01-23]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG)
R2 Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.)
R2 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] () [File not signed]
R2 MBAMScheduler; C:\Programme\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Programme\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MCSWASVR; C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [12800 2011-11-23] (Deutsche Telekom AG) [File not signed]
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] () [File not signed]
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 Securepoint VPN; C:\Program Files\Securepoint SSL VPN\SPOpenVPNService.exe [198024 2012-11-01] ()
S2 SkypeUpdate; C:\Programme\skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
R2 NPF; C:\Windows\SysWOW64\drivers\npf.sys [50704 2010-03-22] (CACE Technologies, Inc.)
S1 PQNTDrv; C:\Windows\SysWow64\Drivers\PQNTDrv.sys [4228 2002-09-16] (PowerQuest Corporation) [File not signed]
S3 wmvad_simple; C:\Windows\System32\drivers\wmvad.sys [23040 2010-12-10] (WonderMedia Technologies, Inc.)
R3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-13 21:52 - 2014-08-13 22:16 - 00032589 _____ () C:\Users\XXXXX_2\Desktop\FRST.txt
2014-08-13 21:50 - 2014-08-13 22:10 - 00000474 _____ () C:\Users\XXXXX_2\Desktop\defogger_disable.log
2014-08-13 21:06 - 2014-08-13 21:06 - 00380416 _____ () C:\Users\XXXXX_2\Desktop\Gmer-19357.exe
2014-08-13 20:56 - 2014-08-13 22:16 - 00000000 ____D () C:\FRST
2014-08-13 20:55 - 2014-08-13 20:55 - 02100224 _____ (Farbar) C:\Users\XXXXX_2\Desktop\FRST64.exe
2014-08-13 20:53 - 2014-08-13 20:53 - 00000000 _____ () C:\Users\XXXXX_2\defogger_reenable
2014-08-13 20:52 - 2014-08-13 20:52 - 00050477 _____ () C:\Users\XXXXX_2\Desktop\Defogger.exe
2014-08-13 20:48 - 2014-08-13 21:48 - 00000000 ____D () C:\Users\XXXXX_2\Desktop\Malware - Trojaner-Board
2014-08-13 17:12 - 2014-08-13 22:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-13 17:11 - 2014-08-13 17:19 - 00000843 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-13 17:11 - 2014-08-13 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-13 17:11 - 2014-08-13 17:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-13 17:11 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-13 17:11 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-13 17:11 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-13 16:12 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-13 10:17 - 2014-08-13 10:17 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Local\Adobe
2014-08-09 12:48 - 2014-08-09 12:48 - 00002617 _____ () C:\Users\Public\Desktop\COMPUTER BILD Account-Alarm.lnk
2014-08-09 12:48 - 2014-08-09 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMPUTER BILD Account-Alarm
2014-08-09 12:48 - 2014-08-09 12:48 - 00000000 ____D () C:\Program Files (x86)\COMPUTER BILD Account-Alarm
2014-08-08 14:11 - 2014-08-08 14:18 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-08 14:11 - 2014-08-08 14:18 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-06 11:35 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-06 11:35 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-06 11:35 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-06 11:35 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-06 11:34 - 2014-08-06 11:35 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-05 19:31 - 2014-08-05 19:31 - 00001164 _____ () C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-05 19:30 - 2014-08-05 19:30 - 00000000 ____D () C:\Program Files (x86)\Security Utility
2014-08-05 19:16 - 2014-08-05 19:16 - 00002011 _____ () C:\Users\XXXXX_2\Desktop\Continue Win-Install.lnk
2014-08-05 19:12 - 2014-08-13 16:13 - 00001083 _____ () C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-08-05 19:12 - 2014-08-13 16:13 - 00001053 _____ () C:\Users\XXXXX_2\Desktop\Search.lnk
2014-08-05 19:07 - 2014-08-05 19:07 - 00004032 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-08-02 10:21 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-02 10:21 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-02 10:21 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-02 10:21 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-02 10:20 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-02 10:20 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-02 10:20 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-02 10:20 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-02 10:20 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-02 10:20 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-02 10:19 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-02 10:19 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-02 10:19 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-02 10:19 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-13 22:17 - 2014-08-13 21:52 - 00032589 _____ () C:\Users\XXXXX_2\Desktop\FRST.txt
2014-08-13 22:17 - 2012-04-23 17:10 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-13 22:16 - 2014-08-13 20:56 - 00000000 ____D () C:\FRST
2014-08-13 22:16 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-13 22:16 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-13 22:12 - 2010-09-26 08:46 - 01713858 _____ () C:\Windows\WindowsUpdate.log
2014-08-13 22:10 - 2014-08-13 21:50 - 00000474 _____ () C:\Users\XXXXX_2\Desktop\defogger_disable.log
2014-08-13 22:10 - 2014-08-13 17:12 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-13 22:09 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-08-13 22:08 - 2014-06-09 20:09 - 00000000 ___RD () C:\Users\XXXXX_2\Dropbox
2014-08-13 22:07 - 2013-07-27 10:17 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\Dropbox
2014-08-13 22:07 - 2012-09-12 13:11 - 00000000 ___RD () C:\Users\XXXXX_2\Mediencenter
2014-08-13 22:06 - 2012-04-23 17:10 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-13 22:05 - 2013-01-18 12:37 - 00000394 ____H () C:\Windows\Tasks\{0D9200A2-5A91-45FF-826F-50E7AC7BE09F}.job
2014-08-13 22:05 - 2012-07-21 14:16 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-08-13 22:05 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-13 22:05 - 2009-07-14 06:51 - 00178654 _____ () C:\Windows\setupact.log
2014-08-13 21:49 - 2011-08-16 18:33 - 00000000 ____D () C:\Users\XXXXX_2\Documents\Outlook-Dateien
2014-08-13 21:48 - 2014-08-13 20:48 - 00000000 ____D () C:\Users\XXXXX_2\Desktop\Malware - Trojaner-Board
2014-08-13 21:27 - 2012-04-15 18:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-13 21:06 - 2014-08-13 21:06 - 00380416 _____ () C:\Users\XXXXX_2\Desktop\Gmer-19357.exe
2014-08-13 21:05 - 2012-07-14 11:01 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002UA.job
2014-08-13 20:55 - 2014-08-13 20:55 - 02100224 _____ (Farbar) C:\Users\XXXXX_2\Desktop\FRST64.exe
2014-08-13 20:53 - 2014-08-13 20:53 - 00000000 _____ () C:\Users\XXXXX_2\defogger_reenable
2014-08-13 20:53 - 2011-08-08 17:07 - 00000000 ____D () C:\Users\XXXXX_2
2014-08-13 20:52 - 2014-08-13 20:52 - 00050477 _____ () C:\Users\XXXXX_2\Desktop\Defogger.exe
2014-08-13 20:30 - 2010-09-26 08:43 - 00798758 _____ () C:\Windows\PFRO.log
2014-08-13 20:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\IME
2014-08-13 20:00 - 2013-01-18 12:37 - 00000000 ____D () C:\Program Files (x86)\WxDownload
2014-08-13 20:00 - 2013-01-18 12:36 - 00000000 ____D () C:\ProgramData\InstallMate
2014-08-13 17:19 - 2014-08-13 17:11 - 00000843 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-13 17:19 - 2014-08-13 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-13 17:11 - 2014-08-13 17:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-13 17:11 - 2011-08-07 13:26 - 00000000 ____D () C:\Programme
2014-08-13 16:14 - 2013-09-11 20:12 - 00000000 ____D () C:\AdwCleaner
2014-08-13 16:13 - 2014-08-05 19:12 - 00001083 _____ () C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-08-13 16:13 - 2014-08-05 19:12 - 00001053 _____ () C:\Users\XXXXX_2\Desktop\Search.lnk
2014-08-13 11:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-13 10:17 - 2014-08-13 10:17 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Local\Adobe
2014-08-13 10:05 - 2012-07-14 11:01 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002Core.job
2014-08-13 09:46 - 2012-05-22 20:24 - 00000021 _____ () C:\Users\XXXXX_2\AppData\Local\mc.pixel.data
2014-08-13 09:41 - 2014-05-10 09:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-13 09:41 - 2013-03-15 09:05 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-13 09:41 - 2013-03-15 09:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-13 09:41 - 2012-05-10 18:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-11 10:57 - 2011-08-26 19:38 - 00000000 ____D () C:\Users\XXXXX_2\dwhelper
2014-08-11 10:00 - 2010-09-26 18:37 - 00703230 _____ () C:\Windows\system32\perfh007.dat
2014-08-11 10:00 - 2010-09-26 18:37 - 00150838 _____ () C:\Windows\system32\perfc007.dat
2014-08-11 10:00 - 2009-07-14 07:13 - 01629508 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-09 12:48 - 2014-08-09 12:48 - 00002617 _____ () C:\Users\Public\Desktop\COMPUTER BILD Account-Alarm.lnk
2014-08-09 12:48 - 2014-08-09 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMPUTER BILD Account-Alarm
2014-08-09 12:48 - 2014-08-09 12:48 - 00000000 ____D () C:\Program Files (x86)\COMPUTER BILD Account-Alarm
2014-08-08 14:18 - 2014-08-08 14:11 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-08 14:18 - 2014-08-08 14:11 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-08 14:18 - 2013-08-06 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-08 14:18 - 2013-08-06 15:33 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-08 14:11 - 2011-10-13 21:15 - 00000000 ____D () C:\ProgramData\Avira
2014-08-06 11:37 - 2014-04-19 19:30 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-06 11:35 - 2014-08-06 11:34 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-06 11:35 - 2011-08-01 14:04 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-05 19:34 - 2012-04-15 18:19 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-05 19:34 - 2012-04-15 18:19 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-05 19:34 - 2011-08-01 17:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-05 19:31 - 2014-08-05 19:31 - 00001164 _____ () C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-05 19:30 - 2014-08-05 19:30 - 00000000 ____D () C:\Program Files (x86)\Security Utility
2014-08-05 19:16 - 2014-08-05 19:16 - 00002011 _____ () C:\Users\XXXXX_2\Desktop\Continue Win-Install.lnk
2014-08-05 19:07 - 2014-08-05 19:07 - 00004032 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-07-27 10:25 - 2011-08-01 13:58 - 00002277 _____ () C:\Windows\wininit.ini
2014-07-25 14:44 - 2014-06-09 20:09 - 00001026 _____ () C:\Users\XXXXX_2\Desktop\Dropbox.lnk
2014-07-25 14:44 - 2014-06-09 20:07 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-25 14:05 - 2013-08-06 15:35 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-25 12:55 - 2014-08-06 11:35 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-25 12:49 - 2014-08-06 11:35 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-25 12:49 - 2014-08-06 11:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-25 12:49 - 2014-08-06 11:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-25 08:09 - 2013-03-15 09:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 18:11 - 2011-09-13 16:29 - 00004704 ___SH () C:\ProgramData\KGyGaAvL.sys
2014-07-19 09:41 - 2013-01-22 18:16 - 00002367 _____ () C:\Users\XXXXX_2\Desktop\Google Chrome.lnk
2014-07-16 13:03 - 2009-07-14 06:45 - 00480072 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-16 12:56 - 2009-07-14 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-16 12:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-16 12:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-16 08:36 - 2011-08-16 18:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-16 08:35 - 2013-08-17 09:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-16 08:29 - 2011-08-02 08:54 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\Users\XXXXX_2\AppData\Local\Temp\clicup\clicup.exe
C:\Windows\Tasks\{0D9200A2-5A91-45FF-826F-50E7AC7BE09F}.job


Some content of TEMP:
====================
C:\Users\XXXXX\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\XXXXX\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\XXXXX\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\XXXXX\AppData\Local\Temp\ResetDevice.exe
C:\Users\XXXXX_2\AppData\Local\Temp\ApnStub.exe
C:\Users\XXXXX_2\AppData\Local\Temp\AskSLib.dll
C:\Users\XXXXX_2\AppData\Local\Temp\avgnt.exe
C:\Users\XXXXX_2\AppData\Local\Temp\azspg20c.dll
C:\Users\XXXXX_2\AppData\Local\Temp\BackupSetup.exe
C:\Users\XXXXX_2\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\XXXXX_2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpetiiur.dll
C:\Users\XXXXX_2\AppData\Local\Temp\DTAG.Mediencenter.IconOverlayHandler.dll
C:\Users\XXXXX_2\AppData\Local\Temp\FileZilla_3.5.3_win32-setup.exe
C:\Users\XXXXX_2\AppData\Local\Temp\FreemakeVideoConverter_3.0.2.15.exe
C:\Users\XXXXX_2\AppData\Local\Temp\INST01.dll
C:\Users\XXXXX_2\AppData\Local\Temp\INST011.dll
C:\Users\XXXXX_2\AppData\Local\Temp\installhelper.dll
C:\Users\XXXXX_2\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe
C:\Users\XXXXX_2\AppData\Local\Temp\instructionsBv3.exe
C:\Users\XXXXX_2\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\XXXXX_2\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\XXXXX_2\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\XXXXX_2\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\XXXXX_2\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\XXXXX_2\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\XXXXX_2\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\XXXXX_2\AppData\Local\Temp\Mediencenter_3.5.0.1212.exe
C:\Users\XXXXX_2\AppData\Local\Temp\Mediencenter_3.6.0.1202.exe
C:\Users\XXXXX_2\AppData\Local\Temp\Mediencenter_3.7.0.2204.exe
C:\Users\XXXXX_2\AppData\Local\Temp\Mediencenter_3.8.0.2907.exe
C:\Users\XXXXX_2\AppData\Local\Temp\Mediencenter_3.8.1.2208.exe
C:\Users\XXXXX_2\AppData\Local\Temp\Mediencenter_3.8.9799.6.exe
C:\Users\XXXXX_2\AppData\Local\Temp\Mediencenter_3.9.1055.64.exe
C:\Users\XXXXX_2\AppData\Local\Temp\MSETUP4.EXE
C:\Users\XXXXX_2\AppData\Local\Temp\NEW_CORRECT_incredibar_install.exe
C:\Users\XXXXX_2\AppData\Local\Temp\Quarantine.exe
C:\Users\XXXXX_2\AppData\Local\Temp\ResetDevice.exe
C:\Users\XXXXX_2\AppData\Local\Temp\SecurityUtility.exe
C:\Users\XXXXX_2\AppData\Local\Temp\SetupHelper.exe
C:\Users\XXXXX_2\AppData\Local\Temp\SkypeSetup.exe
C:\Users\XXXXX_2\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\XXXXX_2\AppData\Local\Temp\uninst.exe
C:\Users\XXXXX_2\AppData\Local\Temp\vcredist_x64.exe
C:\Users\XXXXX_2\AppData\Local\Temp\wget.exe
C:\Users\XXXXX_2\AppData\Local\Temp\winzip1664_2_wrapped.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-09 13:24

==================== End Of Log ============================
--- --- ---



Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-08-2014
Ran by XXXXX_2 at 2014-08-13 21:04:44
Running from C:\Users\XXXXX_2\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.3 - )
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Acer Backup Manager (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.1.68 - NewTech Infosystems)
Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.19.3 - Suyin Optronics Corp)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0826.2010 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3002 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Alien Skin Eye Candy 5 Nature (HKLM-x32\...\EyeCandy5Nature) (Version:  - )
Alien Skin Xenofex 2.0 (HKLM-x32\...\Xenofex2) (Version:  - )
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio Elements 10.0.9 (HKLM-x32\...\Ashampoo Burning Studio Elements_is1) (Version: 3.1.1 - Ashampoo GmbH & Co. KG)
Avidemux 2.5 (32-bit) (HKLM-x32\...\Avidemux 2.5) (Version: 2.5.6.7716 - )
Avira (HKLM-x32\...\{9590977b-7b6f-467e-a11a-efa1fae804da}) (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Backup Manager Advance (x32 Version: 2.0.1.68 - NewTech Infosystems) Hidden
BILDmobil (HKLM-x32\...\BILDmobil) (Version: 11.301.08.01.35 - Huawei Technologies Co.,Ltd)
Bing Bar (HKLM-x32\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
calibre (HKLM-x32\...\{1BFDD064-4C67-4156-A6C6-6E8D63563B3B}) (Version: 1.20.0 - Kovid Goyal)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon iP7200 series Benutzerregistrierung (HKLM-x32\...\Canon iP7200 series Benutzerregistrierung) (Version:  - Canon Inc.‎)
Canon iP7200 series On-screen Manual (HKLM-x32\...\Canon iP7200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version:  - Canon Inc.)
Canon Kurzwahlprogramm (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version:  - )
Canon MX350 series Benutzerregistrierung (HKLM-x32\...\Canon MX350 series Benutzerregistrierung) (Version:  - )
Canon MX350 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX350_series) (Version:  - )
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
clicup (HKCU\...\clicup) (Version: 1.0 - )
COMPUTER BILD Account-Alarm (HKLM-x32\...\{04B0A9F1-070A-4C32-A575-6D2DC8F5C52E}) (Version: 1.0.3 - J3S)
concept/design onlineTV 8 (HKLM-x32\...\{D2AC7034-15AC-4F62-85BD-1E48021E45D6}_is1) (Version: 8.2.0.1 - concept/design GmbH)
ContentHD (x32 Version: 1.00.0002 - Corel Corporation) Hidden
Contents (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
ConTEXT v0.98.6 (HKLM-x32\...\{73E0D3A0-9C30-4F59-ABBF-6233686FB396}_is1) (Version:  - ConTEXT Project Ltd)
Corel MediaOne (HKLM-x32\...\{3C569633-C8DE-46E2-BB8F-F65198681C2F}) (Version: 2.00.0000 - Corel Corporation)
Corel Paint Shop Pro Photo XI (HKLM-x32\...\{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}) (Version: 11.00.0000 - Corel Inc)
Corel Painter Essentials 3 (HKLM-x32\...\_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}) (Version:  - Corel Corporation)
Corel Painter Essentials 3 (x32 Version: 3.2 - Corel Corporation) Hidden
Corel VideoStudio Pro X3 (HKLM-x32\...\_{F072CA07-A781-45E4-9975-C033A73019CF}) (Version: 1.6.2.69 - Corel Corporation)
Coupon Companion Plugin (HKLM-x32\...\Coupon Companion Plugin) (Version: 1.26.152.152 - 215 Apps) <==== ATTENTION
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAZ Content Management Service (HKLM-x32\...\DAZ Content Management Service 4.8.1.6) (Version: 4.8.1.6 - DAZ 3D)
DAZ Studio 4 (HKLM-x32\...\DAZ Studio 4 4.0.0.335) (Version: 4.0.0.335 - DAZ 3D)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{043645C8-48EC-458F-B9BD-9C8F15CEF6F7}) (Version:  - Microsoft)
DeviceIO (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
DS4 Default Content (HKLM-x32\...\DS4 Default Content 4.0.0.8) (Version: 4.0.0.8 - DAZ 3D)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Eye Candy 4000 (HKLM-x32\...\Eye Candy 4000) (Version:  - )
FeedReader (HKLM-x32\...\FeedReader_is1) (Version:  - i-Systems Inc.)
FileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
FoxTab 3GP Converter (HKCU\...\FoxTab 3GP Converter) (Version:  - ) <==== ATTENTION
Free Screen Video Recorder version 2.5.22.508 (HKLM-x32\...\Free Screen Video Recorder_is1) (Version: 2.5.22.508 - DVDVideoSoft Ltd.)
Free Video Dub version 2.0.12.706 (HKLM-x32\...\Free Video Dub_is1) (Version: 2.0.12.706 - DVDVideoSoft Ltd.)
FrostWire 5.3.6 (HKLM-x32\...\FrostWire 5) (Version: 5.3.6.0 - FrostWire Team)
GetFLV 9.6.5.5 (HKLM-x32\...\GetFLV_is1) (Version:  - GetFLV, Inc.)
Google Calendar Sync (HKLM-x32\...\Google Calendar Sync) (Version:  - )
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
ICA (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
instplugin (HKLM-x32\...\instplugin) (Version:  - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
InterVideo DeviceService (HKLM-x32\...\{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}) (Version: 1.0.0 - InterVideo)
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}) (Version: 8.5.10.76 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.5.10.76 - InterVideo Inc.) Hidden
IPM_VS_Pro (x32 Version: 13.0 - Corel Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
Jasc Animation Shop 3 (HKLM-x32\...\{174D5678-D941-433C-BD23-58A5C7B0D36D}) (Version: 3.05.0000 - Jasc Software Inc)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mediencenter 3.9.1055.64 (HKCU\...\Mediencenter) (Version: 3.9.1055.64 - Deutsche Telekom AG)
Mediencenter Assistent (HKLM\...\Mediencenter Software) (Version: 2.7.0.1451 - Telekom)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Outlook Hotmail Connector 64-Bit (HKLM\...\{95140000-007A-0407-1000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit (HKLM\...\{95140000-007D-0409-1000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MLE (x32 Version: 1.0.0.23 - Corel Corporation) Hidden
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 16.002.03.02.511 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8928 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8928 - NTI Corporation) Hidden
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
OpenVPN 2.2.2 (HKLM-x32\...\OpenVPN) (Version: 2.2.2 - )
PartitionMagic (x32 Version: 8.00.000 - PowerQuest) Hidden
PureHD (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6151 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30121 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.43 - Piriform)
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Samsung PC Studio 3 USB Driver Installer (HKLM-x32\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
Securepoint SSL VPN (HKLM-x32\...\Securepoint SSL VPN) (Version:  - Securepoint GmbH)
Security Utility (HKLM-x32\...\Security Utility) (Version:  - )
SelectionLinks (HKLM-x32\...\sl-dlc) (Version: 1.0 - SelectionLinks) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Setup (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
Share (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
Share64 (Version: 1.6.2.36 - Corel Corporation) Hidden
SilverCrest DMTS2017 Driver (HKLM-x32\...\{1E494817-D81E-4B0E-B379-F34DF4DCDA58}) (Version: 1.0 - TARGA)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.6 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.6 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.1.2 - SmartSound Software Inc.)
SmartSound Quicktracks Plugin (x32 Version: 3.0.1.2 - SmartSound Software Inc.) Hidden
Sony PC Companion 2.10.115 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.115 - Sony)
Sqirlz Water Reflections (HKLM-x32\...\Sqirlz Water Reflections) (Version: 2.6 - xiberpix)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.02 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.06 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.04.49 - Akademische Arbeitsgemeinschaft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
TVUPlayer 2.5.3.1 (HKLM-x32\...\TVUPlayer) (Version: 2.5.3.1 - TVU networks)
Ulead GIF Animator 5 Test (HKLM-x32\...\{8AF3E926-ED59-11D4-A44B-0000E86D2305}) (Version:  - )
Ulead PhotoImpact 8 (HKLM-x32\...\{3D960387-76B3-4758-BAF7-D156B14A032F}) (Version: 8.0 - Ulead System)
Ulead PhotoImpact X3 (HKLM-x32\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 1.00.0000 - Corel)
Ulead PhotoImpact X3 (x32 Version: 1.00.0000 - Corel) Hidden
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{17815BC8-062D-49BE-B40C-B54149C85CE3}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8F699D53-05FB-488E-B7D3-E4E47257BE5D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{324703B5-6765-489D-9B9B-B082D34F882E}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{FD360122-6829-4497-97C1-1BF578EF695B}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version:  - Microsoft)
Video Download Studio 3.4.14 (HKLM-x32\...\{8A075C9A-1368-4491-855E-F3D9ABE55740}_is1) (Version:  - aHisoft)
Video Downloader version 2.0 (HKLM-x32\...\Video Downloader_is1) (Version: 2.0 - )
VIO (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
VSClassic (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
VSPro (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}) (Version: 16.0.9715 - WinZip Computing, S.L. )
Wondershare Free YouTube Downloader(Build 3.8.0.4) (HKLM-x32\...\Wondershare Free YouTube Downloader_is1) (Version: 3.8.0.4 - Wondershare Software)
Wondershare Video Converter Ultimate(Build 6.7.1.0) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 6.7.1.0 - Wondershare Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{268502F4-815D-4358-A8D6-B783FDB58EF0}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.ContextMenuHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

25-07-2014 06:05:34 Windows Update
29-07-2014 12:47:52 Windows Update
02-08-2014 08:18:18 Windows Update
05-08-2014 17:16:14 Windows Update
06-08-2014 09:33:13 Installed Java 7 Update 67
12-08-2014 07:36:59 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0F8C063A-7157-45F0-A615-E57673BD1BD8} - \HDvid Codec V1-updater No Task File <==== ATTENTION
Task: {0FFD4DF7-E79E-4CF0-AE38-56D663221D27} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {20D4EC73-F5D6-45FC-89C5-9A1CD5927750} - \HDvid Codec V1-enabler No Task File <==== ATTENTION
Task: {5CBF856C-D0CF-4FBD-9BD8-2D2AC2FD1224} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-23] (Google Inc.)
Task: {6F0BCF1C-DA02-4B83-88AF-6C6F6228E90E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002UA => C:\Users\XXXXX_2\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-23] (Google Inc.)
Task: {8C54AD7F-34A0-47AE-B099-EE52B61C2F3A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-05] (Adobe Systems Incorporated)
Task: {C712CDA3-DE89-4111-9621-0A1AD2FAFAA7} - System32\Tasks\Games\UpdateCheck_S-1-5-21-752392268-3339214621-1681333280-1000
Task: {CAE5EC1E-CE32-4081-9B47-7E36C4013B5A} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {DE2FFE30-8218-4F49-A8B1-33E1B539385F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002Core => C:\Users\XXXXX_2\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-23] (Google Inc.)
Task: {E793FBEE-030D-4A1F-83A7-2E276294E267} - System32\Tasks\{0D9200A2-5A91-45FF-826F-50E7AC7BE09F} => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe <==== ATTENTION
Task: {EE4A2A93-391A-43D8-B769-C8E0934C54CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-23] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002Core.job => C:\Users\XXXXX_2\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002UA.job => C:\Users\XXXXX_2\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\{0D9200A2-5A91-45FF-826F-50E7AC7BE09F}.job => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2008-10-24 17:35 - 2008-10-24 17:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2012-02-23 22:49 - 2011-05-05 22:36 - 00022528 _____ () C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
2012-02-23 22:49 - 2011-05-05 22:36 - 01479680 _____ () C:\Program Files\DAZ 3D\Content Management Service\ace_x64.dll
2012-02-23 22:49 - 2011-05-05 22:36 - 00977408 _____ () C:\Program Files\DAZ 3D\Content Management Service\VServer_x64.dll
2012-02-23 22:49 - 2011-05-05 22:36 - 01053696 _____ () C:\Program Files\DAZ 3D\Content Management Service\ace_ssl_x64.dll
2012-02-23 22:49 - 2011-05-05 22:36 - 00155136 _____ () C:\Program Files\DAZ 3D\Content Management Service\asnmp_x64.dll
2007-06-05 14:20 - 2007-06-05 14:20 - 00177704 _____ () C:\Windows\SysWOW64\PSIService.exe
2012-11-01 13:11 - 2012-11-01 13:11 - 00198024 _____ () C:\Program Files\Securepoint SSL VPN\SPOpenVPNService.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-08-16 16:20 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2014-02-07 10:48 - 2013-08-23 14:36 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll
2010-09-26 08:54 - 2010-06-09 18:54 - 00206208 _____ () C:\Windows\PLFSetI.exe
2014-04-20 17:28 - 2009-03-29 11:30 - 02058240 _____ () C:\Programme\FeedReader30\feedreader.exe
2014-08-13 20:52 - 2014-08-13 20:52 - 00050477 _____ () C:\Users\XXXXX_2\Desktop\Defogger.exe
2010-06-29 00:20 - 2010-06-29 00:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-29 00:12 - 2010-06-29 00:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2011-05-20 16:14 - 2011-05-20 16:14 - 00009826 _____ () C:\Program Files\Securepoint SSL VPN\mingwm10.dll
2011-05-20 16:14 - 2011-05-20 16:14 - 00020480 _____ () C:\Program Files\Securepoint SSL VPN\libgcc_s_dw2-1.dll
2011-05-20 16:14 - 2011-05-20 16:14 - 00967168 _____ () C:\Program Files\Securepoint SSL VPN\QtCore4.dll
2011-05-20 16:14 - 2011-05-20 16:14 - 01209344 _____ () C:\Program Files\Securepoint SSL VPN\QtNetwork4.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-07-24 11:50 - 2014-07-24 11:50 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-07-24 11:49 - 2014-07-24 11:49 - 00065104 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-08-07 11:39 - 2014-08-07 11:39 - 00014336 _____ () C:\Program Files (x86)\COMPUTER BILD Account-Alarm\BCrypt.Net.dll
2014-08-13 20:34 - 2014-08-13 20:34 - 00043008 _____ () c:\users\XXXXX_2\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwyohri.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\libcef.dll
2010-09-06 14:06 - 2009-05-20 08:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2012-02-18 15:16 - 2007-08-02 22:07 - 00034064 _____ () C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
2011-01-17 16:19 - 2011-08-08 15:33 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2014-08-08 14:11 - 2014-07-24 11:50 - 00049744 _____ () C:\Users\XXXXX_2\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-05-10 09:39 - 2014-07-27 10:24 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-16 11:19 - 2014-02-16 11:19 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\29335dc88d799664dcd97362bcb687e9\IsdiInterop.ni.dll
2010-09-06 13:20 - 2010-04-13 18:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/13/2014 08:01:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x1034
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3

Error: (08/13/2014 11:47:45 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/13/2014 10:18:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Setup.exe_Microsoft Setup Bootstrapper, Version: 14.0.7011.1000, Zeitstempel: 0x5137020a
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c92c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000029fa6
ID des fehlerhaften Prozesses: 0x5c8
Startzeit der fehlerhaften Anwendung: 0xSetup.exe_Microsoft Setup Bootstrapper0
Pfad der fehlerhaften Anwendung: Setup.exe_Microsoft Setup Bootstrapper1
Pfad des fehlerhaften Moduls: Setup.exe_Microsoft Setup Bootstrapper2
Berichtskennung: Setup.exe_Microsoft Setup Bootstrapper3

Error: (08/12/2014 01:50:35 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/09/2014 05:23:12 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/09/2014 10:29:57 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={C8D13FCF-8AAC-4830-B4CC-4920F628A9F7}: Der Benutzer "XXXXXs-Acer\XXXXX_2" hat eine Verbindung mit dem Namen "VPN-Verbindung USA" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0.

Error: (08/09/2014 10:29:57 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={C8D13FCF-8AAC-4830-B4CC-4920F628A9F7}: Der Benutzer "XXXXXs-Acer\XXXXX_2" hat eine Verbindung mit dem Namen "VPN-Verbindung USA" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 868.

Error: (08/06/2014 11:14:42 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/05/2014 07:31:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x32a0
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (08/05/2014 07:29:16 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: XXXXXs-Acer)
Description: Die Anwendung oder der Dienst "linmsl" konnte nicht heruntergefahren werden.


System errors:
=============
Error: (08/13/2014 08:33:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Avira Browser-Schutz" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (08/13/2014 08:33:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Browser-Schutz erreicht.

Error: (08/13/2014 08:30:44 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\PQNTDrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (08/13/2014 08:19:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Intel(R) Rapid Storage Technology" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (08/13/2014 08:19:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) Rapid Storage Technology erreicht.

Error: (08/13/2014 08:15:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.

Error: (08/13/2014 08:14:18 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\PQNTDrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (08/13/2014 04:16:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.

Error: (08/13/2014 04:15:22 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\PQNTDrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (08/13/2014 09:40:50 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\PQNTDrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.


Microsoft Office Sessions:
=========================
Error: (08/13/2014 08:01:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd103401cfb709ecad005fC:\Programme\Malwarebytes Anti-Malware\mbam.exeC:\Programme\Malwarebytes Anti-Malware\MSVCR100.dllcf257140-2313-11e4-bf5a-1c7508023576

Error: (08/13/2014 11:47:45 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (08/13/2014 10:18:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Setup.exe_Microsoft Setup Bootstrapper14.0.7011.10005137020aole32.dll6.1.7601.175144ce7c92cc00000050000000000029fa65c801cfb6cdbb7980b1C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exeC:\Windows\system32\ole32.dll73a4619d-22c2-11e4-95ad-1c7508023576

Error: (08/12/2014 01:50:35 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (08/09/2014 05:23:12 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (08/09/2014 10:29:57 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {C8D13FCF-8AAC-4830-B4CC-4920F628A9F7}XXXXXs-Acer\XXXXX_2VPN-Verbindung USA0

Error: (08/09/2014 10:29:57 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {C8D13FCF-8AAC-4830-B4CC-4920F628A9F7}XXXXXs-Acer\XXXXX_2VPN-Verbindung USA868

Error: (08/06/2014 11:14:42 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (08/05/2014 07:31:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b32a001cfb0d31bd2c71eC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll650253ce-1cc6-11e4-aad1-1c7508023576

Error: (08/05/2014 07:29:16 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: XXXXXs-Acer)
Description: 1C:\Program Files (x86)\LPT\linmsl.exelinmsl05117163400


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 60%
Total physical RAM: 4025.97 MB
Available physical RAM: 1585.72 MB
Total Pagefile: 8050.13 MB
Available Pagefile: 4916.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:292.59 GB) (Free:211.21 GB) NTFS
Drive e: (Daten) (Fixed) (Total:97.66 GB) (Free:8.87 GB) NTFS
Drive f: (Internet) (Fixed) (Total:192.83 GB) (Free:42.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 46227C9E)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=290 GB) - (Type=OF Extended)

==================== End Of Log ============================

GMER kann ich zwar starten, aber der läuft jetzt nicht mehr durch, sondern bricht immer ab.
Vorhin war die txt-Datei aber leer.
Soll ich da jetzt noch etwas anderes außer dem abgesichterten Modus probieren?

Weitere Logfiles mit Funden habe ich nicht.

Ich hoffe, jetzt ist alles richtig.

M-K-D-B 14.08.2014 10:59
Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.






Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von MBAM,
  • die beiden neuen Logdateien von FRST.

TinaW5 14.08.2014 18:16
Ich habe die Schritte alle ausgeführt, habe aber folgendes Problem:
Wenn ich das Suchlauf-Protokoll aufrufe und wie beschrieben in die mbam.txt exportieren will, dann wird das Programm hell und der Kreis dreht sich und nichts tut sich. Das dauert jetzt schon über 30 Minuten. Ich habe es mehrmals probiert, bekomme die Datei aber nicht erstellt. Kann ich ersatzweise etwas anders machen, um die Daten zur Verfügung stellen zu können?

Hier die anderen Dateien.

AdwCleaner:
Code:
# AdwCleaner v3.305 - Bericht erstellt am 14/08/2014 um 15:26:00
# Aktualisiert 14/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : XXXXX_2 - XXXXXS-ACER
# Gestartet von : C:\Users\XXXXX_2\Desktop\adwcleaner_3.305.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\~0
Ordner Gelöscht : C:\Program Files (x86)\vGrabber-software
Ordner Gelöscht : C:\Users\XXXXX_2\AppData\Local\Temp\focusbase
Ordner Gelöscht : C:\Users\XXXXX_2\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\XXXXX_2\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\XXXXX_2\AppData\Roaming\VOPackage
Ordner Gelöscht : C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Ordner Gelöscht : C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd
Ordner Gelöscht : C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\XXXXX_2\Desktop\Configure VO Package.lnk
Datei Gelöscht : C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\user.js

***** [ Tasks ] *****

Task Gelöscht : hdvid codec v1-codedownloader
Task Gelöscht : LaunchSignup
Task Gelöscht : Scheduled Update for Ask Toolbar

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\XXXXX_2\Desktop\Search.lnk
Verknüpfung Desinfiziert : C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\kdcnnmifdmlmjffdgeieikcokcogpbej
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{300BEC06-B743-4D19-86B9-11DC711D7FFB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{300BEC06-B743-4D19-86B9-11DC711D7FFB}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{300BEC06-B743-4D19-86B9-11DC711D7FFB}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{300BEC06-B743-4D19-86B9-11DC711D7FFB}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{300BEC06-B743-4D19-86B9-11DC711D7FFB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{300BEC06-B743-4D19-86B9-11DC711D7FFB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{300BEC06-B743-4D19-86B9-11DC711D7FFB}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17207

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R7].txt - [8377 octets] - [14/08/2014 15:22:03]
AdwCleaner[S7].txt - [6246 octets] - [14/08/2014 15:26:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [6306 octets] ##########
JRT:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by XXXXX_2 on 14.08.2014 at 18:51:24,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browserpluginhelper



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02DD8284-A49F-43E5-9D84-CF19DC9AD21D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{27DE7D30-BCCD-44D1-ADCB-A74A4259EBEF}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3A0EFC4E-F167-4D0E-9C24-FC5519237993}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{65DEE40A-3E93-4CAE-9F98-B8E06DCEE2BF}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1373BA72-5012-496E-9F72-7A426DCF78BB}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65DEE40A-3E93-4CAE-9F98-B8E06DCEE2BF}



~~~ Files

Successfully deleted: [File] "C:\Windows\syswow64\wscm32.dll"
Successfully deleted: [File] "C:\Windows\syswow64\wscm64.dll"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\justbrowse"
Successfully deleted: [Folder] "C:\Program Files (x86)\wxdownload"
Successfully deleted: [Empty Folder] C:\Users\XXXXX_2\appdata\local\{06E460BB-6011-4E1C-A572-118E08112221}
Successfully deleted: [Empty Folder] C:\Users\XXXXX_2\appdata\local\{13EF5F23-614F-4D4F-9180-B3F895EC2542}
Successfully deleted: [Empty Folder] C:\Users\XXXXX_2\appdata\local\{56A2FAF1-C01C-4ED5-9D82-CFFCE590BE2E}
Successfully deleted: [Empty Folder] C:\Users\XXXXX_2\appdata\local\{626DF862-1387-4DB7-A5A6-974DCD79242C}
Successfully deleted: [Empty Folder] C:\Users\XXXXX_2\appdata\local\{7EFA9953-B4E7-4524-B050-96F543792383}
Successfully deleted: [Empty Folder] C:\Users\XXXXX_2\appdata\local\{9998D158-5586-42DB-8FE3-6D8BD7CB648E}
Successfully deleted: [Empty Folder] C:\Users\XXXXX_2\appdata\local\{A25B682F-747E-4123-8D9F-613ECFF51214}
Successfully deleted: [Empty Folder] C:\Users\XXXXX_2\appdata\local\{B3640B4A-7382-490F-B210-5283A71EF26B}
Successfully deleted: [Empty Folder] C:\Users\XXXXX_2\appdata\local\{D9B65379-6663-42DA-B054-924DB65C96F7}
Successfully deleted: [Empty Folder] C:\Users\XXXXX_2\appdata\local\{E55782AC-F92C-4E7B-A976-B9E5AD4498B6}
Successfully deleted: [Empty Folder] C:\Users\XXXXX_2\appdata\local\{F15B996E-C080-4635-BE91-DB8B0C7B329D}



~~~ FireFox

Successfully deleted the following from C:\Users\XXXXX_2\AppData\Roaming\mozilla\firefox\profiles\jozp0725.default\prefs.js

user_pref("extensions.speeddial.thumbnail-45-label", "VIDEOS - Search Results For 'B&B' - UploadVideos.Tv");
user_pref("extensions.speeddial.thumbnail-45-url", "hxxp://www.uploadvideos.tv/search?search_query=B%26B&search_type=videos");
user_pref("extensions.speeddial.thumbnail-53-url", "hxxp://www.vertor.com/index.php?mod=search&search=&cid=0&words=the+bold+and+the+beautiful");
Emptied folder: C:\Users\XXXXX_2\AppData\Roaming\mozilla\firefox\profiles\jozp0725.default\minidumps [81 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\XXXXX_2\appdata\local\Google\Chrome\User Data\Default\Extensions\chgdeabpmphfhkoemjjglmilajldekbp
Successfully deleted: [Folder] C:\Users\XXXXX_2\appdata\local\Google\Chrome\User Data\Default\Extensions\ifllmjhoijmmhobcnjdhelmboobmenij
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\chgdeabpmphfhkoemjjglmilajldekbp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ifllmjhoijmmhobcnjdhelmboobmenij



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.08.2014 at 19:02:53,32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-08-2014 01
Ran by XXXXX_2 (administrator) on XXXXXS-ACER on 14-08-2014 19:08:10
Running from C:\Users\XXXXX_2\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(InterVideo Inc.) C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
() C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Deutsche Telekom AG) C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
() C:\Windows\SysWOW64\PSIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
() C:\Program Files\Securepoint SSL VPN\SPOpenVPNService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Corel, Inc.) C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Clichelper) C:\Users\XXXXX_2\AppData\Local\Temp\clicup\clicup.exe
(J3S GmbH) C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Google) C:\Program Files\Google Calendar Sync\GoogleCalendarSync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Deutsche Telekom AG) C:\Program Files\Telekom\Mediencenter\MediencenterSoftware.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Deutsche Telekom AG) C:\Users\XXXXX_2\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Siliten) C:\Program Files (x86)\SilverCrest DMTS2017 Driver\KbClient_FD2.exe
(Siliten) C:\Program Files (x86)\SilverCrest DMTS2017 Driver\MouClient_FD2.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Corel) C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe [483144 2007-08-17] (Corel, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-29] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM-x32\...\Run: [Launch SilverCrest DMTS2017-K] => C:\Program Files (x86)\SilverCrest DMTS2017 Driver\KbClient_FD2.exe [1218048 2010-06-28] (Siliten)
HKLM-x32\...\Run: [Launch SilverCrest DMTS2017-M] => C:\Program Files (x86)\SilverCrest DMTS2017 Driver\MouClient_FD2.exe [860672 2010-06-28] (Siliten)
HKLM-x32\...\Run: [Corel Photo Downloader] => "C:\Program Files (x86)\Corel\Corel MediaOne\Corel PhotoDownloader.exe" -startup
HKLM-x32\...\Run: [Ulead AutoDetector v2] => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [95504 2007-08-02] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Standby] => C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe [105632 2010-05-17] (Corel)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [COMPUTER BILD Account-Alarm] => \COMPUTER BILD Account-Alarm /tray
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\Run: [Google Update] => C:\Users\XXXXX_2\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-23] (Google Inc.)
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911040 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\Run: [feedreader.exe] => C:\Programme\FeedReader30\feedreader.exe [2058240 2009-03-29] ()
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\Run: [clicup-Agent] => C:\Users\XXXXX_2\AppData\Local\Temp\clicup\clicup.exe [445424 2014-07-10] (Clichelper) <===== ATTENTION
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\Run: [COMPUTER BILD Account-Alarm] => C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe [2058752 2014-08-07] (J3S GmbH)
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {49193dcf-b7da-11e1-85a0-1c7508023576} - G:\AutoRun.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {5b63bcb4-48dd-11e1-92be-1c7508023576} - G:\AutoRun.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {61431bdb-2fe2-11e2-98ec-1c7508023576} - G:\Startme.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {90066f53-bc5d-11e0-9e2a-1c7508023576} - G:\AutoRun.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {a733176c-bc55-11e0-ac53-1c7508023576} - G:\AutoRun.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {da0ccac9-ccf1-11e1-8983-1c7508023576} - G:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files\Google Calendar Sync\GoogleCalendarSync.exe (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter Assistent.lnk
ShortcutTarget: Mediencenter Assistent.lnk -> C:\Program Files\Telekom\Mediencenter\MediencenterSoftware.exe (Deutsche Telekom AG)
Startup: C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk
ShortcutTarget: Mediencenter.lnk -> C:\Users\XXXXX_2\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG)
Startup: C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: 01Mediencenter_InSync -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\XXXXX_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: 02Mediencenter_ToSync -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\XXXXX_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: 03Mediencenter_Failed -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\XXXXX_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.soapreichundschoen.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{46543964-8594-454A-A17B-4AFD11D0BC90}: [NameServer]193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{A865CBC0-DC32-400F-BDC1-0406FF8EAF1D}: [NameServer]208.67.222.222 208.67.220.220
Tcpip\..\Interfaces\{ADB2C81E-6114-492D-A9CB-E245095B7D02}: [NameServer]193.189.244.225 193.189.244.206

FireFox:
========
FF ProfilePath: C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default
FF Homepage: chrome://speeddial/content/speeddial.xul
FF NetworkProxy: "backup.ftp", "76.73.26.77"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "76.73.26.77"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "76.73.26.77"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "76.73.26.77"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "76.73.26.77"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "76.73.26.77"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "76.73.26.77"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\abs@avira.com [2014-08-08]
FF Extension: YouTube Unblocker - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\youtubeunblocker@unblocker.yt [2014-06-20]
FF Extension: DSL Soforthilfe - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{} [2014-07-23]
FF Extension: Stealthy - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\stealthyextension@gmail.com.xpi [2011-11-20]
FF Extension: Free Hide IP - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\support@free-hideip.com.xpi [2013-04-09]
FF Extension: Tab Auto Reload - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\TabAutoReload@schuzak.jp.xpi [2012-07-20]
FF Extension: Speed Dial - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2011-08-10]
FF Extension: Video HTML5 Compiler Plus - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{6adda621-1273-46a0-b4de-e77a819834e6}.xpi [2013-12-04]
FF Extension: NoScript - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-01-14]
FF Extension: Adblock Plus - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-07]
FF Extension: {de5aeb72-ad84-429a-bc36-a15da06270bc} - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{de5aeb72-ad84-429a-bc36-a15da06270bc}.xpi [2013-11-14]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-05-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2012-08-02]
FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Programme\Video Converter Ultimate\SVRFirefoxExt
FF Extension: Wondershare Video Converter Ultimate - C:\Programme\Video Converter Ultimate\SVRFirefoxExt [2014-02-07]
FF HKLM-x32\...\Firefox\Extensions: [{78ee576f-36ab-4371-a938-48cd78cd469e}] - C:\Program Files (x86)\Security Utility\securityutility.xpi
FF Extension: No Name - C:\Program Files (x86)\Security Utility\securityutility.xpi [2014-05-29]
FF HKCU\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Programme\Video Converter Ultimate\SVRFirefoxExt
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: qvo6
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Freemake np-plugin for google chrome) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U35) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (TVU Web Player for FireFox) - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (No Name) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-21]
CHR Extension: (WEB.DE MailCheck) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2013-07-11]
CHR Extension: (No Name) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2012-09-19]
CHR Extension: (Google Wallet) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG)
R2 Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.)
R2 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MCSWASVR; C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [12800 2011-11-23] (Deutsche Telekom AG) [File not signed]
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] () [File not signed]
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 Securepoint VPN; C:\Program Files\Securepoint SSL VPN\SPOpenVPNService.exe [198024 2012-11-01] ()
S2 SkypeUpdate; C:\Programme\skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
R2 NPF; C:\Windows\SysWOW64\drivers\npf.sys [50704 2010-03-22] (CACE Technologies, Inc.)
S1 PQNTDrv; C:\Windows\SysWow64\Drivers\PQNTDrv.sys [4228 2002-09-16] (PowerQuest Corporation) [File not signed]
S3 wmvad_simple; C:\Windows\System32\drivers\wmvad.sys [23040 2010-12-10] (WonderMedia Technologies, Inc.)
R3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-14 19:05 - 2014-08-14 19:08 - 00033948 _____ () C:\Users\XXXXX_2\Desktop\FRST.txt
2014-08-14 19:05 - 2014-08-14 19:05 - 02100224 _____ (Farbar) C:\Users\XXXXX_2\Desktop\FRST64.exe
2014-08-14 19:02 - 2014-08-14 19:02 - 00004260 _____ () C:\Users\XXXXX_2\Desktop\JRT.txt
2014-08-14 18:51 - 2014-08-14 18:51 - 00000000 ____D () C:\Windows\ERUNT
2014-08-14 18:50 - 2014-08-14 18:50 - 01016261 _____ (Thisisu) C:\Users\XXXXX_2\Desktop\JRT.exe
2014-08-14 16:13 - 2014-08-14 16:13 - 00001106 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-14 16:13 - 2014-08-14 16:13 - 00001094 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-08-14 15:58 - 2014-08-14 18:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-14 15:58 - 2014-08-14 15:58 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-14 15:58 - 2014-08-14 15:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-14 15:58 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-14 15:58 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-14 15:58 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-14 15:55 - 2014-08-14 15:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\XXXXX_2\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-14 15:53 - 2014-08-14 15:53 - 00006359 _____ () C:\Users\XXXXX_2\Desktop\AdwCleaner[S7].txt
2014-08-14 15:25 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 15:25 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 15:25 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 15:25 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 15:25 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 15:25 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 15:24 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 15:24 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 15:21 - 2014-08-14 15:21 - 01356107 _____ () C:\Users\XXXXX_2\Desktop\adwcleaner_3.305.exe
2014-08-14 14:36 - 2014-08-14 14:36 - 00001165 _____ () C:\Users\XXXXX_2\Desktop\mbam2.txt
2014-08-13 20:56 - 2014-08-14 19:08 - 00000000 ____D () C:\FRST
2014-08-13 20:53 - 2014-08-13 20:53 - 00000000 _____ () C:\Users\XXXXX_2\defogger_reenable
2014-08-13 20:48 - 2014-08-14 18:47 - 00000000 ____D () C:\Users\XXXXX_2\Desktop\Malware - Trojaner-Board
2014-08-13 17:11 - 2014-08-14 15:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-13 17:11 - 2014-08-13 17:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-13 16:12 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-13 10:17 - 2014-08-13 10:17 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Local\Adobe
2014-08-09 12:48 - 2014-08-09 12:48 - 00002617 _____ () C:\Users\Public\Desktop\COMPUTER BILD Account-Alarm.lnk
2014-08-09 12:48 - 2014-08-09 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMPUTER BILD Account-Alarm
2014-08-09 12:48 - 2014-08-09 12:48 - 00000000 ____D () C:\Program Files (x86)\COMPUTER BILD Account-Alarm
2014-08-08 14:11 - 2014-08-08 14:18 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-08 14:11 - 2014-08-08 14:18 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-06 11:35 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-06 11:35 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-06 11:35 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-06 11:35 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-06 11:34 - 2014-08-06 11:35 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-05 19:31 - 2014-08-05 19:31 - 00001164 _____ () C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-05 19:30 - 2014-08-05 19:30 - 00000000 ____D () C:\Program Files (x86)\Security Utility
2014-08-05 19:16 - 2014-08-05 19:16 - 00002011 _____ () C:\Users\XXXXX_2\Desktop\Continue Win-Install.lnk
2014-08-05 19:12 - 2014-08-14 15:26 - 00001083 _____ () C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-08-05 19:12 - 2014-08-14 15:26 - 00001053 _____ () C:\Users\XXXXX_2\Desktop\Search.lnk
2014-08-02 10:21 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-02 10:21 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-02 10:21 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-02 10:21 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-02 10:20 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-02 10:20 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-02 10:20 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-02 10:20 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-02 10:20 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-02 10:20 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-02 10:19 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-02 10:19 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-02 10:19 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-02 10:19 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-14 19:08 - 2014-08-14 19:05 - 00033948 _____ () C:\Users\XXXXX_2\Desktop\FRST.txt
2014-08-14 19:08 - 2014-08-13 20:56 - 00000000 ____D () C:\FRST
2014-08-14 19:05 - 2014-08-14 19:05 - 02100224 _____ (Farbar) C:\Users\XXXXX_2\Desktop\FRST64.exe
2014-08-14 19:05 - 2012-07-14 11:01 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002UA.job
2014-08-14 19:02 - 2014-08-14 19:02 - 00004260 _____ () C:\Users\XXXXX_2\Desktop\JRT.txt
2014-08-14 18:51 - 2014-08-14 18:51 - 00000000 ____D () C:\Windows\ERUNT
2014-08-14 18:50 - 2014-08-14 18:50 - 01016261 _____ (Thisisu) C:\Users\XXXXX_2\Desktop\JRT.exe
2014-08-14 18:47 - 2014-08-13 20:48 - 00000000 ____D () C:\Users\XXXXX_2\Desktop\Malware - Trojaner-Board
2014-08-14 18:46 - 2014-08-14 15:58 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-14 18:38 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-14 18:38 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-14 18:35 - 2014-06-09 20:09 - 00000000 ___RD () C:\Users\XXXXX_2\Dropbox
2014-08-14 18:35 - 2010-09-26 08:46 - 01737752 _____ () C:\Windows\WindowsUpdate.log
2014-08-14 18:32 - 2013-07-27 10:17 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\Dropbox
2014-08-14 18:32 - 2012-09-12 13:11 - 00000000 ___RD () C:\Users\XXXXX_2\Mediencenter
2014-08-14 18:28 - 2013-01-18 12:37 - 00000394 ____H () C:\Windows\Tasks\{0D9200A2-5A91-45FF-826F-50E7AC7BE09F}.job
2014-08-14 18:28 - 2012-04-23 17:10 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-14 18:27 - 2012-07-21 14:16 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-08-14 18:27 - 2010-09-26 08:43 - 00768216 _____ () C:\Windows\PFRO.log
2014-08-14 18:27 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-14 18:27 - 2009-07-14 06:51 - 00178542 _____ () C:\Windows\setupact.log
2014-08-14 18:26 - 2011-08-16 18:33 - 00000000 ____D () C:\Users\XXXXX_2\Documents\Outlook-Dateien
2014-08-14 18:25 - 2013-01-18 12:36 - 00000000 ____D () C:\ProgramData\InstallMate
2014-08-14 18:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-08-14 18:17 - 2012-04-23 17:10 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-14 17:27 - 2012-04-15 18:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-14 16:13 - 2014-08-14 16:13 - 00001106 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-14 16:13 - 2014-08-14 16:13 - 00001094 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-08-14 16:13 - 2014-01-28 18:56 - 00001315 _____ () C:\Windows\system32\TeamViewer9_Hooks.log
2014-08-14 15:58 - 2014-08-14 15:58 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-14 15:58 - 2014-08-14 15:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-14 15:58 - 2014-08-13 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-14 15:55 - 2014-08-14 15:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\XXXXX_2\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-14 15:54 - 2014-06-09 20:09 - 00001026 _____ () C:\Users\XXXXX_2\Desktop\Dropbox.lnk
2014-08-14 15:54 - 2014-06-09 20:07 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-14 15:54 - 2011-08-01 13:58 - 00002455 _____ () C:\Windows\wininit.ini
2014-08-14 15:53 - 2014-08-14 15:53 - 00006359 _____ () C:\Users\XXXXX_2\Desktop\AdwCleaner[S7].txt
2014-08-14 15:39 - 2013-08-17 09:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 15:31 - 2011-08-02 08:54 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 15:30 - 2011-08-16 18:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-14 15:27 - 2013-09-11 20:12 - 00000000 ____D () C:\AdwCleaner
2014-08-14 15:26 - 2014-08-05 19:12 - 00001083 _____ () C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-08-14 15:26 - 2014-08-05 19:12 - 00001053 _____ () C:\Users\XXXXX_2\Desktop\Search.lnk
2014-08-14 15:21 - 2014-08-14 15:21 - 01356107 _____ () C:\Users\XXXXX_2\Desktop\adwcleaner_3.305.exe
2014-08-14 15:16 - 2012-05-22 20:24 - 00000021 _____ () C:\Users\XXXXX_2\AppData\Local\mc.pixel.data
2014-08-14 15:12 - 2011-08-08 17:07 - 00000000 ____D () C:\Users\XXXXX_2
2014-08-14 15:09 - 2014-04-20 17:28 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\Feedreader
2014-08-14 15:09 - 2011-08-12 18:01 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\IrfanView
2014-08-14 15:09 - 2011-08-01 11:55 - 00000000 ___HD () C:\Users\XXXXX
2014-08-14 15:09 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-14 15:09 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-08-14 15:08 - 2013-11-26 22:08 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-08-14 15:08 - 2013-03-15 09:05 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-14 15:08 - 2013-03-15 09:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-14 15:08 - 2012-05-10 18:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-14 15:08 - 2010-09-06 13:28 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-14 15:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-08-14 15:07 - 2011-08-01 13:58 - 00000000 ___HD () C:\Users\XXXXX\AppData\Roaming\Mozilla
2014-08-14 15:06 - 2011-08-07 13:26 - 00000000 ____D () C:\Programme
2014-08-14 14:36 - 2014-08-14 14:36 - 00001165 _____ () C:\Users\XXXXX_2\Desktop\mbam2.txt
2014-08-13 20:53 - 2014-08-13 20:53 - 00000000 _____ () C:\Users\XXXXX_2\defogger_reenable
2014-08-13 17:11 - 2014-08-13 17:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-13 10:17 - 2014-08-13 10:17 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Local\Adobe
2014-08-11 10:57 - 2011-08-26 19:38 - 00000000 ____D () C:\Users\XXXXX_2\dwhelper
2014-08-11 10:05 - 2012-07-14 11:01 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002Core.job
2014-08-11 10:00 - 2010-09-26 18:37 - 00703230 _____ () C:\Windows\system32\perfh007.dat
2014-08-11 10:00 - 2010-09-26 18:37 - 00150838 _____ () C:\Windows\system32\perfc007.dat
2014-08-11 10:00 - 2009-07-14 07:13 - 01629508 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-09 12:48 - 2014-08-09 12:48 - 00002617 _____ () C:\Users\Public\Desktop\COMPUTER BILD Account-Alarm.lnk
2014-08-09 12:48 - 2014-08-09 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMPUTER BILD Account-Alarm
2014-08-09 12:48 - 2014-08-09 12:48 - 00000000 ____D () C:\Program Files (x86)\COMPUTER BILD Account-Alarm
2014-08-08 14:18 - 2014-08-08 14:11 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-08 14:18 - 2014-08-08 14:11 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-08 14:18 - 2013-08-06 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-08 14:18 - 2013-08-06 15:33 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-08 14:11 - 2011-10-13 21:15 - 00000000 ____D () C:\ProgramData\Avira
2014-08-06 11:37 - 2014-04-19 19:30 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-06 11:35 - 2014-08-06 11:34 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-06 11:35 - 2011-08-01 14:04 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-05 19:34 - 2012-04-15 18:19 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-05 19:34 - 2012-04-15 18:19 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-05 19:34 - 2011-08-01 17:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-05 19:31 - 2014-08-05 19:31 - 00001164 _____ () C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-05 19:30 - 2014-08-05 19:30 - 00000000 ____D () C:\Program Files (x86)\Security Utility
2014-08-05 19:16 - 2014-08-05 19:16 - 00002011 _____ () C:\Users\XXXXX_2\Desktop\Continue Win-Install.lnk
2014-07-27 10:25 - 2014-05-10 09:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-25 14:05 - 2013-08-06 15:35 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-25 12:55 - 2014-08-06 11:35 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-25 12:49 - 2014-08-06 11:35 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-25 12:49 - 2014-08-06 11:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-25 12:49 - 2014-08-06 11:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-25 08:09 - 2013-03-15 09:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 18:11 - 2011-09-13 16:29 - 00004704 ___SH () C:\ProgramData\KGyGaAvL.sys
2014-07-19 09:41 - 2013-01-22 18:16 - 00002367 _____ () C:\Users\XXXXX_2\Desktop\Google Chrome.lnk
2014-07-16 13:03 - 2009-07-14 06:45 - 00480072 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-16 12:56 - 2009-07-14 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-16 12:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-16 12:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism

Files to move or delete:
====================
C:\Users\XXXXX_2\AppData\Local\Temp\clicup\clicup.exe
C:\Windows\Tasks\{0D9200A2-5A91-45FF-826F-50E7AC7BE09F}.job


Some content of TEMP:
====================
C:\Users\XXXXX\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\XXXXX\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\XXXXX\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\XXXXX\AppData\Local\Temp\ResetDevice.exe
C:\Users\XXXXX_2\AppData\Local\Temp\ApnStub.exe
C:\Users\XXXXX_2\AppData\Local\Temp\AskSLib.dll
C:\Users\XXXXX_2\AppData\Local\Temp\avgnt.exe
C:\Users\XXXXX_2\AppData\Local\Temp\azspg20c.dll
C:\Users\XXXXX_2\AppData\Local\Temp\BackupSetup.exe
C:\Users\XXXXX_2\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\XXXXX_2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpj5kjok.dll
C:\Users\XXXXX_2\AppData\Local\Temp\DTAG.Mediencenter.IconOverlayHandler.dll
C:\Users\XXXXX_2\AppData\Local\Temp\FileZilla_3.5.3_win32-setup.exe
C:\Users\XXXXX_2\AppData\Local\Temp\FreemakeVideoConverter_3.0.2.15.exe
C:\Users\XXXXX_2\AppData\Local\Temp\INST01.dll
C:\Users\XXXXX_2\AppData\Local\Temp\INST011.dll
C:\Users\XXXXX_2\AppData\Local\Temp\installhelper.dll
C:\Users\XXXXX_2\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe
C:\Users\XXXXX_2\AppData\Local\Temp\instructionsBv3.exe
C:\Users\XXXXX_2\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\XXXXX_2\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\XXXXX_2\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\XXXXX_2\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\XXXXX_2\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\XXXXX_2\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\XXXXX_2\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\XXXXX_2\AppData\Local\Temp\Mediencenter_3.5.0.1212.exe
C:\Users\XXXXX_2\AppData\Local\Temp\Mediencenter_3.6.0.1202.exe
C:\Users\XXXXX_2\AppData\Local\Temp\Mediencenter_3.7.0.2204.exe
C:\Users\XXXXX_2\AppData\Local\Temp\Mediencenter_3.8.0.2907.exe
C:\Users\XXXXX_2\AppData\Local\Temp\Mediencenter_3.8.1.2208.exe
C:\Users\XXXXX_2\AppData\Local\Temp\Mediencenter_3.8.9799.6.exe
C:\Users\XXXXX_2\AppData\Local\Temp\Mediencenter_3.9.1055.64.exe
C:\Users\XXXXX_2\AppData\Local\Temp\MSETUP4.EXE
C:\Users\XXXXX_2\AppData\Local\Temp\NEW_CORRECT_incredibar_install.exe
C:\Users\XXXXX_2\AppData\Local\Temp\nsb78E1.exe
C:\Users\XXXXX_2\AppData\Local\Temp\nsc6DA6.exe
C:\Users\XXXXX_2\AppData\Local\Temp\nsg2840.exe
C:\Users\XXXXX_2\AppData\Local\Temp\nsg75A5.exe
C:\Users\XXXXX_2\AppData\Local\Temp\nsg7C5B.exe
C:\Users\XXXXX_2\AppData\Local\Temp\nsl2468.exe
C:\Users\XXXXX_2\AppData\Local\Temp\nsq212C.exe
C:\Users\XXXXX_2\AppData\Local\Temp\Quarantine.exe
C:\Users\XXXXX_2\AppData\Local\Temp\ResetDevice.exe
C:\Users\XXXXX_2\AppData\Local\Temp\SecurityUtility.exe
C:\Users\XXXXX_2\AppData\Local\Temp\SetupHelper.exe
C:\Users\XXXXX_2\AppData\Local\Temp\setup__270.exe
C:\Users\XXXXX_2\AppData\Local\Temp\SkypeSetup.exe
C:\Users\XXXXX_2\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\XXXXX_2\AppData\Local\Temp\uninst.exe
C:\Users\XXXXX_2\AppData\Local\Temp\vcredist_x64.exe
C:\Users\XXXXX_2\AppData\Local\Temp\wget.exe
C:\Users\XXXXX_2\AppData\Local\Temp\winzip1664_2_wrapped.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-09 13:24

==================== End Of Log ============================
--- --- ---


Addition:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-08-2014 01
Ran by XXXXX_2 at 2014-08-14 19:09:11
Running from C:\Users\XXXXX_2\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.3 - )
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Acer Backup Manager (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.1.68 - NewTech Infosystems)
Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.19.3 - Suyin Optronics Corp)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0826.2010 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3002 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Alien Skin Eye Candy 5 Nature (HKLM-x32\...\EyeCandy5Nature) (Version:  - )
Alien Skin Xenofex 2.0 (HKLM-x32\...\Xenofex2) (Version:  - )
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio Elements 10.0.9 (HKLM-x32\...\Ashampoo Burning Studio Elements_is1) (Version: 3.1.1 - Ashampoo GmbH & Co. KG)
Avidemux 2.5 (32-bit) (HKLM-x32\...\Avidemux 2.5) (Version: 2.5.6.7716 - )
Avira (HKLM-x32\...\{9590977b-7b6f-467e-a11a-efa1fae804da}) (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Backup Manager Advance (x32 Version: 2.0.1.68 - NewTech Infosystems) Hidden
BILDmobil (HKLM-x32\...\BILDmobil) (Version: 11.301.08.01.35 - Huawei Technologies Co.,Ltd)
Bing Bar (HKLM-x32\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
calibre (HKLM-x32\...\{1BFDD064-4C67-4156-A6C6-6E8D63563B3B}) (Version: 1.20.0 - Kovid Goyal)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon iP7200 series Benutzerregistrierung (HKLM-x32\...\Canon iP7200 series Benutzerregistrierung) (Version:  - Canon Inc.‎)
Canon iP7200 series On-screen Manual (HKLM-x32\...\Canon iP7200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version:  - Canon Inc.)
Canon Kurzwahlprogramm (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version:  - )
Canon MX350 series Benutzerregistrierung (HKLM-x32\...\Canon MX350 series Benutzerregistrierung) (Version:  - )
Canon MX350 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX350_series) (Version:  - )
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
clicup (HKCU\...\clicup) (Version: 1.0 - )
COMPUTER BILD Account-Alarm (HKLM-x32\...\{04B0A9F1-070A-4C32-A575-6D2DC8F5C52E}) (Version: 1.0.3 - J3S)
concept/design onlineTV 8 (HKLM-x32\...\{D2AC7034-15AC-4F62-85BD-1E48021E45D6}_is1) (Version: 8.2.0.1 - concept/design GmbH)
ContentHD (x32 Version: 1.00.0002 - Corel Corporation) Hidden
Contents (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
ConTEXT v0.98.6 (HKLM-x32\...\{73E0D3A0-9C30-4F59-ABBF-6233686FB396}_is1) (Version:  - ConTEXT Project Ltd)
Corel MediaOne (HKLM-x32\...\{3C569633-C8DE-46E2-BB8F-F65198681C2F}) (Version: 2.00.0000 - Corel Corporation)
Corel Paint Shop Pro Photo XI (HKLM-x32\...\{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}) (Version: 11.00.0000 - Corel Inc)
Corel Painter Essentials 3 (HKLM-x32\...\_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}) (Version:  - Corel Corporation)
Corel Painter Essentials 3 (x32 Version: 3.2 - Corel Corporation) Hidden
Corel VideoStudio Pro X3 (HKLM-x32\...\_{F072CA07-A781-45E4-9975-C033A73019CF}) (Version: 1.6.2.69 - Corel Corporation)
Coupon Companion Plugin (HKLM-x32\...\Coupon Companion Plugin) (Version: 1.26.152.152 - 215 Apps) <==== ATTENTION
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAZ Content Management Service (HKLM-x32\...\DAZ Content Management Service 4.8.1.6) (Version: 4.8.1.6 - DAZ 3D)
DAZ Studio 4 (HKLM-x32\...\DAZ Studio 4 4.0.0.335) (Version: 4.0.0.335 - DAZ 3D)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{2A07A3D4-F6CA-4EEB-9576-3A6AC8A736CE}) (Version:  - Microsoft)
DeviceIO (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
DS4 Default Content (HKLM-x32\...\DS4 Default Content 4.0.0.8) (Version: 4.0.0.8 - DAZ 3D)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Eye Candy 4000 (HKLM-x32\...\Eye Candy 4000) (Version:  - )
FeedReader (HKLM-x32\...\FeedReader_is1) (Version:  - i-Systems Inc.)
FileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
FoxTab 3GP Converter (HKCU\...\FoxTab 3GP Converter) (Version:  - ) <==== ATTENTION
Free Screen Video Recorder version 2.5.22.508 (HKLM-x32\...\Free Screen Video Recorder_is1) (Version: 2.5.22.508 - DVDVideoSoft Ltd.)
Free Video Dub version 2.0.12.706 (HKLM-x32\...\Free Video Dub_is1) (Version: 2.0.12.706 - DVDVideoSoft Ltd.)
FrostWire 5.3.6 (HKLM-x32\...\FrostWire 5) (Version: 5.3.6.0 - FrostWire Team)
GetFLV 9.6.5.5 (HKLM-x32\...\GetFLV_is1) (Version:  - GetFLV, Inc.)
Google Calendar Sync (HKLM-x32\...\Google Calendar Sync) (Version:  - )
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
ICA (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
instplugin (HKLM-x32\...\instplugin) (Version:  - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
InterVideo DeviceService (HKLM-x32\...\{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}) (Version: 1.0.0 - InterVideo)
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}) (Version: 8.5.10.76 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.5.10.76 - InterVideo Inc.) Hidden
IPM_VS_Pro (x32 Version: 13.0 - Corel Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
Jasc Animation Shop 3 (HKLM-x32\...\{174D5678-D941-433C-BD23-58A5C7B0D36D}) (Version: 3.05.0000 - Jasc Software Inc)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mediencenter 3.9.1055.64 (HKCU\...\Mediencenter) (Version: 3.9.1055.64 - Deutsche Telekom AG)
Mediencenter Assistent (HKLM\...\Mediencenter Software) (Version: 2.7.0.1451 - Telekom)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Outlook Hotmail Connector 64-Bit (HKLM\...\{95140000-007A-0407-1000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit (HKLM\...\{95140000-007D-0409-1000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MLE (x32 Version: 1.0.0.23 - Corel Corporation) Hidden
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 16.002.03.02.511 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8928 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8928 - NTI Corporation) Hidden
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
OpenVPN 2.2.2 (HKLM-x32\...\OpenVPN) (Version: 2.2.2 - )
PartitionMagic (x32 Version: 8.00.000 - PowerQuest) Hidden
PureHD (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6151 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30121 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.43 - Piriform)
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Samsung PC Studio 3 USB Driver Installer (HKLM-x32\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
Securepoint SSL VPN (HKLM-x32\...\Securepoint SSL VPN) (Version:  - Securepoint GmbH)
Security Utility (HKLM-x32\...\Security Utility) (Version:  - )
SelectionLinks (HKLM-x32\...\sl-dlc) (Version: 1.0 - SelectionLinks) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Setup (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
Share (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
Share64 (Version: 1.6.2.36 - Corel Corporation) Hidden
SilverCrest DMTS2017 Driver (HKLM-x32\...\{1E494817-D81E-4B0E-B379-F34DF4DCDA58}) (Version: 1.0 - TARGA)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.6 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.6 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.1.2 - SmartSound Software Inc.)
SmartSound Quicktracks Plugin (x32 Version: 3.0.1.2 - SmartSound Software Inc.) Hidden
Sony PC Companion 2.10.115 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.115 - Sony)
Sqirlz Water Reflections (HKLM-x32\...\Sqirlz Water Reflections) (Version: 2.6 - xiberpix)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.02 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.06 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.04.49 - Akademische Arbeitsgemeinschaft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
TVUPlayer 2.5.3.1 (HKLM-x32\...\TVUPlayer) (Version: 2.5.3.1 - TVU networks)
Ulead GIF Animator 5 Test (HKLM-x32\...\{8AF3E926-ED59-11D4-A44B-0000E86D2305}) (Version:  - )
Ulead PhotoImpact 8 (HKLM-x32\...\{3D960387-76B3-4758-BAF7-D156B14A032F}) (Version: 8.0 - Ulead System)
Ulead PhotoImpact X3 (HKLM-x32\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 1.00.0000 - Corel)
Ulead PhotoImpact X3 (x32 Version: 1.00.0000 - Corel) Hidden
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{17815BC8-062D-49BE-B40C-B54149C85CE3}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B114A387-8A14-4C43-AE51-82F17EB81D49}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8F699D53-05FB-488E-B7D3-E4E47257BE5D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{FD360122-6829-4497-97C1-1BF578EF695B}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version:  - Microsoft)
Video Download Studio 3.4.14 (HKLM-x32\...\{8A075C9A-1368-4491-855E-F3D9ABE55740}_is1) (Version:  - aHisoft)
Video Downloader version 2.0 (HKLM-x32\...\Video Downloader_is1) (Version: 2.0 - )
VIO (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
VSClassic (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
VSPro (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}) (Version: 16.0.9715 - WinZip Computing, S.L. )
Wondershare Free YouTube Downloader(Build 3.8.0.4) (HKLM-x32\...\Wondershare Free YouTube Downloader_is1) (Version: 3.8.0.4 - Wondershare Software)
Wondershare Video Converter Ultimate(Build 6.7.1.0) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 6.7.1.0 - Wondershare Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{268502F4-815D-4358-A8D6-B783FDB58EF0}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.ContextMenuHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

02-08-2014 08:18:18 Windows Update
05-08-2014 17:16:14 Windows Update
06-08-2014 09:33:13 Installed Java 7 Update 67
12-08-2014 07:36:59 Windows Update
14-08-2014 13:00:12 Wiederherstellungsvorgang
14-08-2014 13:20:58 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0F8C063A-7157-45F0-A615-E57673BD1BD8} - \HDvid Codec V1-updater No Task File <==== ATTENTION
Task: {0FFD4DF7-E79E-4CF0-AE38-56D663221D27} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {20D4EC73-F5D6-45FC-89C5-9A1CD5927750} - \HDvid Codec V1-enabler No Task File <==== ATTENTION
Task: {5CBF856C-D0CF-4FBD-9BD8-2D2AC2FD1224} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-23] (Google Inc.)
Task: {6F0BCF1C-DA02-4B83-88AF-6C6F6228E90E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002UA => C:\Users\XXXXX_2\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-23] (Google Inc.)
Task: {8C54AD7F-34A0-47AE-B099-EE52B61C2F3A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-05] (Adobe Systems Incorporated)
Task: {C712CDA3-DE89-4111-9621-0A1AD2FAFAA7} - System32\Tasks\Games\UpdateCheck_S-1-5-21-752392268-3339214621-1681333280-1000
Task: {DE2FFE30-8218-4F49-A8B1-33E1B539385F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002Core => C:\Users\XXXXX_2\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-23] (Google Inc.)
Task: {E793FBEE-030D-4A1F-83A7-2E276294E267} - System32\Tasks\{0D9200A2-5A91-45FF-826F-50E7AC7BE09F} => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe <==== ATTENTION
Task: {EE4A2A93-391A-43D8-B769-C8E0934C54CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-23] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002Core.job => C:\Users\XXXXX_2\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002UA.job => C:\Users\XXXXX_2\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\{0D9200A2-5A91-45FF-826F-50E7AC7BE09F}.job => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2008-10-24 17:35 - 2008-10-24 17:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2012-02-23 22:49 - 2011-05-05 22:36 - 00022528 _____ () C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
2012-02-23 22:49 - 2011-05-05 22:36 - 01479680 _____ () C:\Program Files\DAZ 3D\Content Management Service\ace_x64.dll
2012-02-23 22:49 - 2011-05-05 22:36 - 00977408 _____ () C:\Program Files\DAZ 3D\Content Management Service\VServer_x64.dll
2012-02-23 22:49 - 2011-05-05 22:36 - 01053696 _____ () C:\Program Files\DAZ 3D\Content Management Service\ace_ssl_x64.dll
2012-02-23 22:49 - 2011-05-05 22:36 - 00155136 _____ () C:\Program Files\DAZ 3D\Content Management Service\asnmp_x64.dll
2007-06-05 14:20 - 2007-06-05 14:20 - 00177704 _____ () C:\Windows\SysWOW64\PSIService.exe
2012-11-01 13:11 - 2012-11-01 13:11 - 00198024 _____ () C:\Program Files\Securepoint SSL VPN\SPOpenVPNService.exe
2010-09-26 08:54 - 2010-06-09 18:54 - 00206208 _____ () C:\Windows\PLFSetI.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-06-29 00:20 - 2010-06-29 00:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-29 00:12 - 2010-06-29 00:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2011-05-20 16:14 - 2011-05-20 16:14 - 00009826 _____ () C:\Program Files\Securepoint SSL VPN\mingwm10.dll
2011-05-20 16:14 - 2011-05-20 16:14 - 00020480 _____ () C:\Program Files\Securepoint SSL VPN\libgcc_s_dw2-1.dll
2011-05-20 16:14 - 2011-05-20 16:14 - 00967168 _____ () C:\Program Files\Securepoint SSL VPN\QtCore4.dll
2011-05-20 16:14 - 2011-05-20 16:14 - 01209344 _____ () C:\Program Files\Securepoint SSL VPN\QtNetwork4.dll
2014-07-24 11:50 - 2014-07-24 11:50 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-07-24 11:49 - 2014-07-24 11:49 - 00065104 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-08-14 16:13 - 2014-08-14 16:13 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\e28fdf645d0ce4b58b0ee3352e1de34c\IsdiInterop.ni.dll
2010-09-06 13:20 - 2010-04-13 18:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-08-07 11:39 - 2014-08-07 11:39 - 00014336 _____ () C:\Program Files (x86)\COMPUTER BILD Account-Alarm\BCrypt.Net.dll
2010-09-06 14:06 - 2009-05-20 08:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2012-02-18 15:16 - 2007-08-02 22:07 - 00034064 _____ () C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
2014-08-08 14:11 - 2014-07-24 11:50 - 00049744 _____ () C:\Users\XXXXX_2\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2011-01-17 16:19 - 2011-08-08 15:33 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2014-05-10 09:39 - 2014-07-27 10:24 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 52%
Total physical RAM: 4025.97 MB
Available physical RAM: 1929.07 MB
Total Pagefile: 8050.13 MB
Available Pagefile: 5345.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:292.59 GB) (Free:210.21 GB) NTFS
Drive e: (Daten) (Fixed) (Total:97.66 GB) (Free:8.92 GB) NTFS
Drive f: (Internet) (Fixed) (Total:192.83 GB) (Free:41.72 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 46227C9E)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=290 GB) - (Type=OF Extended)

==================== End Of Log ============================

M-K-D-B 15.08.2014 12:19
Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\Run: [clicup-Agent] => C:\Users\XXXXX_2\AppData\Local\Temp\clicup\clicup.exe [445424 2014-07-10] (Clichelper) <===== ATTENTION
C:\Users\XXXXX_2\AppData\Local\Temp\clicup
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {0F8C063A-7157-45F0-A615-E57673BD1BD8} - \HDvid Codec V1-updater No Task File <==== ATTENTION
Task: {20D4EC73-F5D6-45FC-89C5-9A1CD5927750} - \HDvid Codec V1-enabler No Task File <==== ATTENTION
Task: {CAE5EC1E-CE32-4081-9B47-7E36C4013B5A} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {E793FBEE-030D-4A1F-83A7-2E276294E267} - System32\Tasks\{0D9200A2-5A91-45FF-826F-50E7AC7BE09F} => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\{0D9200A2-5A91-45FF-826F-50E7AC7BE09F}.job => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe <==== ATTENTION
C:\ProgramData\BetterSoft
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 3
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.





Schritt 4
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    :filefind
    *Coupon Companion Plugin*
    *FoxTab 3GP Converter*
    *SelectionLinks*
    *BetterSoft*
    *OptimizerPro*
    *MyPC Backup*
    *clicup*

    :folderfind
    *Coupon Companion Plugin*
    *FoxTab 3GP Converter*
    *SelectionLinks*
    *BetterSoft*
    *OptimizerPro*
    *MyPC Backup*
    *clicup*

    :regfind
    Coupon Companion Plugin
    FoxTab 3GP Converter
    SelectionLinks
    BetterSoft
    OptimizerPro
    MyPC Backup
    clicup
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck,
  • die Logdatei von SystemLook.

TinaW5 15.08.2014 21:11
Hallo,
diesmal ist alles durchgelaufen.
Es gehen inzwischen auch keine Tabs mehr auf.

FRST-Fix:
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-08-2014 01
Ran by XXXXX_2 at 2014-08-15 14:08:03 Run:1
Running from C:\Users\XXXXX_2\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\Run: [clicup-Agent] => C:\Users\XXXXX_2\AppData\Local\Temp\clicup\clicup.exe [445424 2014-07-10] (Clichelper) <===== ATTENTION
C:\Users\XXXXX_2\AppData\Local\Temp\clicup
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {0F8C063A-7157-45F0-A615-E57673BD1BD8} - \HDvid Codec V1-updater No Task File <==== ATTENTION
Task: {20D4EC73-F5D6-45FC-89C5-9A1CD5927750} - \HDvid Codec V1-enabler No Task File <==== ATTENTION
Task: {CAE5EC1E-CE32-4081-9B47-7E36C4013B5A} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {E793FBEE-030D-4A1F-83A7-2E276294E267} - System32\Tasks\{0D9200A2-5A91-45FF-826F-50E7AC7BE09F} => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\{0D9200A2-5A91-45FF-826F-50E7AC7BE09F}.job => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe <==== ATTENTION
C:\ProgramData\BetterSoft
EmptyTemp:
end
       
*****************

HKU\S-1-5-21-752392268-3339214621-1681333280-1002\Software\Microsoft\Windows\CurrentVersion\Run\\clicup-Agent => Value not found.
"C:\Users\XXXXX_2\AppData\Local\Temp\clicup" => File/Directory not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => value deleted successfully.
"HKCR\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}" => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0F8C063A-7157-45F0-A615-E57673BD1BD8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F8C063A-7157-45F0-A615-E57673BD1BD8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HDvid Codec V1-updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{20D4EC73-F5D6-45FC-89C5-9A1CD5927750}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20D4EC73-F5D6-45FC-89C5-9A1CD5927750}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HDvid Codec V1-enabler" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CAE5EC1E-CE32-4081-9B47-7E36C4013B5A}" => Key not found.
C:\Windows\System32\Tasks\LaunchSignup not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E793FBEE-030D-4A1F-83A7-2E276294E267}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E793FBEE-030D-4A1F-83A7-2E276294E267}" => Key deleted successfully.
C:\Windows\System32\Tasks\{0D9200A2-5A91-45FF-826F-50E7AC7BE09F} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0D9200A2-5A91-45FF-826F-50E7AC7BE09F}" => Key deleted successfully.
C:\Windows\Tasks\{0D9200A2-5A91-45FF-826F-50E7AC7BE09F}.job => Moved successfully.
"C:\ProgramData\BetterSoft" => File/Directory not found.
EmptyTemp: => Removed 3 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====
ESET:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=eb97444b9376274e9154990fa56057fb
# engine=19673
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-08-15 07:39:27
# local_time=2014-08-15 09:39:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 27592 152680145 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 33787 159761417 0 0
# scanned=397364
# found=134
# cleaned=0
# scan_time=25574
sh=9B62FB6B35E95AF7CBA9E6D862C2981ACC53F95E ft=1 fh=3a4703d3e461e003 vn="Variante von Win32/Toolbar.CrossRider.V evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HDvid Codec V1\HDvid Codec V1-bg.exe.vir"
sh=E83DC2B1D5E2A0944205C835A83CCA419568FED0 ft=1 fh=c71c00118a779c44 vn="Variante von Win32/Toolbar.CrossRider.V evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HDvid Codec V1\HDvid Codec V1-bho.dll.vir"
sh=024EFC6650D86DBBF0E2253F885E814AD0D4AA55 ft=1 fh=4b650565e700c147 vn="Variante von Win64/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HDvid Codec V1\HDvid Codec V1-bho64.dll.vir"
sh=F7EAF3844A2FA167F1B3D5514B5E95B7FE2EB584 ft=1 fh=3d74ec294a8747eb vn="Variante von Win32/Toolbar.CrossRider.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HDvid Codec V1\HDvid Codec V1-buttonutil.exe.vir"
sh=2B4570CBF54B53B94F8A6FDCA4B668CFCC228892 ft=1 fh=c71c0011db67283c vn="möglicherweise Variante von Win64/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HDvid Codec V1\HDvid Codec V1-buttonutil64.dll.vir"
sh=4867658EBE979AFDB081378ECEE7EAFA521EEE90 ft=1 fh=3d74ec29dcde0a77 vn="Variante von Win64/Toolbar.Crossrider.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HDvid Codec V1\HDvid Codec V1-buttonutil64.exe.vir"
sh=9081272059283C29EA6399FEDA5C8F2259D1D27D ft=1 fh=b4e3473111de4047 vn="Variante von Win32/Toolbar.CrossRider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HDvid Codec V1\HDvid Codec V1-codedownloader.exe.vir"
sh=646462BADEC3189BAF4BD7BF72DA38FE4E4DDDB3 ft=1 fh=75c4d8404236fdba vn="Variante von Win32/Toolbar.CrossRider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HDvid Codec V1\HDvid Codec V1-enabler.exe.vir"
sh=E0D174DD3160397559899BF96E08C71159B13D53 ft=1 fh=9c36fb84f91539bc vn="Variante von Win32/Toolbar.CrossRider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HDvid Codec V1\HDvid Codec V1-updater.exe.vir"
sh=24165C1DD00ACE869F1BD75885E6C8CAAE374809 ft=1 fh=1ce77273f922b6a7 vn="Win32/Packed.VMDetector.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HDvid Codec V1\utils.exe.vir"
sh=78B657E2CFB4833BB489C9CD4C75F2221886EBFE ft=1 fh=627bc7b48335d3b2 vn="Win32/Packed.ScrambleWrapper.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HDvidCodec.com\HDvidCodecIE.exe.vir"
sh=DFE43AD6B4B6E815442723162D307C4D15D6E83E ft=1 fh=dbdf43c41bcd540b vn="Win32/Packed.ScrambleWrapper.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HDvidCodec.com\hdvidextsetup.exe.vir"
sh=774414FC40715DBF3D47BC23ACA9EC20944AC713 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.5\33438.crx.vir"
sh=14C8298C669C96FDFA93FC4E81D152654491E9FA ft=1 fh=0693516208dbad1a vn="Variante von Win32/ELEX.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\eSafe\eGdpSvc.exe.vir"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.25.65_0\extensionData\plugins\101_cortica_m.js.vir"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.25.65_0\extensionData\plugins\102_dealply_m.js.vir"
sh=17F6E2411B6C3A285257D050832B0890BBEC046F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.25.65_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.25.65_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.25.65_0\extensionData\plugins\105_corticas_m.js.vir"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.25.65_0\extensionData\plugins\107_coupish_m.js.vir"
sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.25.65_0\extensionData\plugins\108_icm_m.js.vir"
sh=F0D9BB17EC343592F74C53A4E3E5E460B90DD3E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.25.65_0\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=DFB11E05B62F57EDA18112BC002C17EAFD79BEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.25.65_0\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.25.65_0\extensionData\plugins\119_similar_web_m.js.vir"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.25.65_0\extensionData\plugins\120_luck_m.js.vir"
sh=B985E49C6E0E423954A36327BE2EA87F0F287145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.25.65_0\extensionData\plugins\123_intext_adv_m.js.vir"
sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.25.65_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.25.65_0\extensionData\plugins\125_arcadi2_m.js.vir"
sh=74355138F1CC2F634308F1A790D5AD1D7C401E23 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.25.65_0\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=CF3F763C2D37847B8BA8D2FE67BFDCB903725348 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.25.65_0\extensionData\plugins\127_revizer_p_m.js.vir"
sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.25.65_0\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.25.65_0\extensionData\plugins\129_widdit_m.js.vir"
sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.25.65_0\extensionData\plugins\135_arcadi3_m.js.vir"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.25.65_0\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.25.65_0\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.25.65_0\extensionData\plugins\142_intext_fa_m.js.vir"
sh=786B0C8D3A9F6EFBCDB103B0FA7F9460D38C5D7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.25.65_0\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=A28CB6571CE8071F7AC0A6BA249259A684E96292 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.25.65_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=18C46AE5CB67274764D17F8A40975EEB5C67F795 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.25.65_0\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=CD6C49370804B033E758D7EC277EA0D08B95B890 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.25.65_0\extensionData\plugins\170_icm1_5_m.js.vir"
sh=81C3B657563171D65FE42C52872ECF8EB7924C86 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.25.65_0\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=92DD07C2421C2C5A4996E399DB6707B4707488F7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.25.65_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.25.65_0\extensionData\plugins\92_superfish_m.js.vir"
sh=AFD9829F5C599DA11A6F662604DFB5A53FA88B08 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.25.65_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=9EFDE89A61BAAA7D5D5D4B08214BE3D2EE505248 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.26.136_0\extensionData\plugins\102_dealply_m.js.vir"
sh=57F445259F179510FE1EACAAD27A82E87305756C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.26.136_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=30630D311A124BA372D209C02247D8A4238E3610 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.26.136_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=04253E738106628805978963C1648F429CD2A08E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.26.136_0\extensionData\plugins\105_corticas_m.js.vir"
sh=D7B46B5A4169AC7B179A70D92A6139EA9C4EAE6F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.26.136_0\extensionData\plugins\108_icm_m.js.vir"
sh=DA209282A25696B4D678B78442C261C5D81DC81B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.26.136_0\extensionData\plugins\119_similar_web_m.js.vir"
sh=E5DA6BC389AFE8C4BE0D4BDF007094964623BEE4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.26.136_0\extensionData\plugins\123_intext_adv_m.js.vir"
sh=408125466C1087F1B28C7C43745E9E1F3480201C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.26.136_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=00211CE73FB698A04BEF6622CB5B086D520B896D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.26.136_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=DB730C30AB384D45E22D00304F1103E934CB33B9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.26.136_0\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir"
sh=94D9025E35A51C71746811F94F4AA5EFC9133252 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.26.136_0\extensionData\plugins\179_revizer_p_dynamic_m.js.vir"
sh=E87ABD87A6168E160F36A5CE9E444C1719F203DC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.26.136_0\extensionData\plugins\180_bpo_serp_m.js.vir"
sh=5DDA8EE6DC4476C71431F32A0F30C6FD7CAA52E0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.26.136_0\extensionData\plugins\184_noproblemppc_m.js.vir"
sh=9D9234F1D8FDD30567D6065910A6CDE37B4E44A3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.26.136_0\extensionData\plugins\194_retargeting_bi_m.js.js.vir"
sh=821D36C18C8B253E6C0134438A703940AC129AAE ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.26.136_0\extensionData\plugins\195_icm_convertmedia_m.js.vir"
sh=08ACCD6C44B91616346A5959C8DDBDE7918DA5DF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.26.136_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.26.136_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Temp\OCS\ocs_v71a.exe.vir"
sh=0223794A629639EF23AB935B36B57E0619AEB55E ft=1 fh=9487f22284ba0e67 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=58C3F42D04D646EB15C73F8558B7A6FC8CE26A8C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\101_cortica_m.js.vir"
sh=B5ED1E639B7D9AD3C0F3C81E5AA2E9F88DDFEB65 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\102_dealply_m.js.vir"
sh=FC28D62EDB6C0C353E97185BB4B6DC87F5EDED14 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\103_intext_5_m.js.vir"
sh=894D0F3EAAC59911117C997B029F44332D42491B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\104_jollywallet_m.js.vir"
sh=0B21E41A47E579081215969619861996F43524B1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\105_corticas_m.js.vir"
sh=30AFCC1D03C04E68202593C239C4964A29BA2E15 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\108_icm_m.js.vir"
sh=6EF5B1448DE7B0A1263E32EBA7DC2AFE502C8FB4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=7F7359D9F0900191297BFDF5B85D5CDF588CD9EA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=FE3704EEF2BFB9DCA552518E7AEC9D6AFC1ED15C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\119_similar_web_m.js.vir"
sh=1A9BCED07CCAC5AABE7F80BB199360D125E6F268 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\120_luck_m.js.vir"
sh=F5C88EA43CAB5305B3DD429370A60597BBF3BBEE ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\123_intext_adv_m.js.vir"
sh=B0DF9F21E3E69C188775A6F9C466B19932C9238A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=D295E3F253D0942BD3114F61DEF5D78DD0FC5BFB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\125_arcadi2_m.js.vir"
sh=3CFE90E3825BB08EB9B4222552FAC05360188207 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=031F6CD140ED363E0F137E627AE1FE4DED5714E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\127_revizer_p_m.js.vir"
sh=28ECD06AF56EB424F74BB63563BC79E57C15C2D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=05480BD17A63333789D1E425879FBF083C177A99 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\129_widdit_m.js.vir"
sh=BB2946641B9FEB2F76D281220A52220336E454E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\135_arcadi3_m.js.vir"
sh=8BD506BDCB470B73FE581B4DA1769AD9FBCAF0D8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\142_intext_fa_m.js.vir"
sh=943F60E8E3F306CF4EE6E844D06FAC7552EE1856 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=0CEB1A073B87956FD1F21F8425B8F76015B1BCD8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=441E98540BDEC21B7E534C2B317AE91925F6CEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=C8B01A1511A63AEC3D40B1D045034D76B1E85EFD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=078C314715CCC0DE7547172AD4B810FD754115C6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir"
sh=F6FA9D82AEFE95E8544F0B7EE8D1784E6A3D02A9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\175_coolmirage_m.js.vir"
sh=CFFCA6A4EE3A0DF2319440491BB297ADEC6EEF37 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir"
sh=ADB54DE323736C99B4191A45B478B70DF1B7B945 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\179_revizer_p_dynamic_m.js.vir"
sh=075CCE375A95F47C55CE0FF0FFACA5A5156008FF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\180_bpo_serp_m.js.vir"
sh=6BAE4634957305EA02B0FED1E9CDDBE6A14914E0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\184_noproblemppc_m.js.vir"
sh=0729BA2080FB482AD0CCFFA9EB2B1BFEBB7DE4F8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\189_active_sanity.js.vir"
sh=981BAB53F6F158BB5F89B0A202EC0FB975258A4F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\190_pops_5_m.js.vir"
sh=EBC6B605C382391DB57EAF46206ADD0D7CEBF803 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\191_ciuvo_m.js.vir"
sh=BAD6F905DCD72B7D2A93D06582B026F3CCF3616E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js.vir"
sh=5B3338E8C3C20A95C180626940F7C6BC46D49F5D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js.vir"
sh=E7B15553E491E516840F6BFF4C58AA6AB96DB046 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\194_retargeting_bi_m.js.js.vir"
sh=8904E5EB2B62F4990C389BF96A83156BC8EF8B78 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\195_icm_convertmedia_m.js.vir"
sh=675F44991136237FD89C48DFCB5C60FDED223BD8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\197_kreapixel_pops_m.js.vir"
sh=1EA04BCB00EDDDF6AB0F0CCB4C7A4E71AF052B14 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\92_superfish_m.js.vir"
sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=9E77E1D2FD7B77B0FD8A71A70C35DD5A16836CF3 ft=1 fh=b241df9fafd25e77 vn="Win32/Systweak.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir"
sh=B8E6BA69D75149795E4283A8A484B694CC50C001 ft=1 fh=7690bee84a2cb28f vn="Win32/VOPackage.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\VOPackage\Uninstall.exe.vir"
sh=44ED55CB1079D34027CB77CD62248064FF5A0A09 ft=1 fh=3916453e74289c7d vn="Win32/VOPackage.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tina_2\AppData\Roaming\VOPackage\VOPackage.exe.vir"
sh=6A585559FE97F272577599966AFE10F09FF3A49F ft=1 fh=00670d18cef061d2 vn="Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tina_2\Downloads\setup.exe"
sh=D0222688BB442B1FBFC79E755A4D4E2A6D1C961F ft=1 fh=67359e13992c4fb6 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tina_2\Dropbox\Feedreader - CHIP-Downloader.exe"
sh=4C53205031E07E6CB28A6AC5316093D5984C5CB2 ft=1 fh=705f06b5c52d4adc vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tina_2\Dropbox\Word Viewer - CHIP-Downloader.exe"
sh=4C53205031E07E6CB28A6AC5316093D5984C5CB2 ft=1 fh=705f06b5c52d4adc vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tina_2\Dropbox\Fanfiction\Getrennte Wege (Kapitel)\Word Viewer - CHIP-Downloader.exe"
sh=52057EA7610E8956E6CF8F8EA7046F7C0ABED9E7 ft=1 fh=cbc3e45406e996d6 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\4shared_desktop_3.3.5.exe"
sh=0C14761B4E1FABE8A89FCAF6DC7E93F9D50766E4 ft=1 fh=68be27c9a6f2b7ca vn="Win32/OutBrowse.AD evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\adobe-flash-player.exe"
sh=AAD6F1CAA5C35AEEFCFBE646FB5093D2FB559AEC ft=1 fh=2ca4112e4b89bd5a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\ashampoo_burning_studio_elements_10.0.9_8678(2).exe"
sh=981DD6FB832A26ED9A9F9583BA6F2A78F2148B62 ft=1 fh=3e676125774b21b3 vn="Win32/DownloadAdmin.G evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\cbsidlm-tr1_10a-GetFLV-BP-10618974.exe"
sh=B15FF356B671534564B4D4E171A2E8DAD434A77B ft=1 fh=8c53512473b38db1 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\CCleaner - CHIP-Downloader.exe"
sh=D0222688BB442B1FBFC79E755A4D4E2A6D1C961F ft=1 fh=67359e13992c4fb6 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\Feedreader - CHIP-Downloader.exe"
sh=65F38A889E32A78CBCCFD1C880DB6ADE5D106225 ft=1 fh=ef1634db7f3aa0cd vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\FreemakeVideoConverterSetup.exe"
sh=41D30B977DE5DC0EB792C98D5B97CFCF4338A593 ft=1 fh=a1232e96b9cc1b15 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\FreeScreenVideoRecorder.exe"
sh=85F7DC44FABCF0FCE9072719485BE97F4365272F ft=1 fh=4759c6d9de7a2349 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\FreeVideoDub2012.exe"
sh=5CD72A7CBA03C30472AE7F7E8C04E8B3C39D524C ft=1 fh=77b6701407383e8e vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\MuRas Filter Meister Installer.exe"
sh=0DFC110AF839766D338DA5701318149A99DBCD48 ft=1 fh=4421110342fc9a7c vn="Variante von Win32/OpenInstall evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\oi_SqirlzReflectzip.exe"
sh=BF2984E7F0FDAF055F4280851F930166BE069DEA ft=1 fh=e63e331e704945b6 vn="Win32/SoftonicDownloader.D evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\SoftonicDownloader_fuer_orbit-downloader.exe"
sh=51B27D6F1D76522B995059AEFF691BF7B0809962 ft=1 fh=107055982acd3348 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\SoftonicDownloader_fuer_ulead-videostudio.exe"
sh=2A232C7BACDE60DDB2CED577A253131DAB0E6C07 ft=1 fh=63e4919b8bacaa47 vn="Variante von Win32/SweetIM.C evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\SweetImSetup.exe"
sh=DBCCE49CC35F61843434AB788A5F10064AB15C15 ft=1 fh=ced83d92be3f0949 vn="Win32/Toolbar.Inbox.F evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\TVSetup.exe"
sh=3B232FFEE48A9235B2ABDB7F780898B99C881B9A ft=1 fh=a69526e0f5d72c42 vn="Variante von Win32/Adware.ToolPlugin.A Anwendung" ac=I fn="E:\Downloads\vlc-1.1.7-win32.exe"
sh=4C53205031E07E6CB28A6AC5316093D5984C5CB2 ft=1 fh=705f06b5c52d4adc vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\Word Viewer - CHIP-Downloader.exe"
sh=4C53205031E07E6CB28A6AC5316093D5984C5CB2 ft=1 fh=705f06b5c52d4adc vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="E:\Fanfiction\Getrennte Wege (Kapitel)\Word Viewer - CHIP-Downloader.exe"
sh=123D430E4996B96A7E23306E747665249C344F06 ft=0 fh=0000000000000000 vn="möglicherweise Variante von Android/Domob.G evtl. unerwünschte Anwendung" ac=I fn="E:\Handy\Samsung Galaxy S4 mini\Apps\Talking Tom 2_4.5.2.apk"
sh=15ED269CD19B325478136334D031005D454D8B22 ft=0 fh=0000000000000000 vn="Win32/DealPly.J evtl. unerwünschte Anwendung" ac=I fn="E:\Tinas-Acer\Backup Set 2011-09-01 190001\Backup Files 2011-09-01 190001\Backup files 1.zip"
sh=DAC798FA2E33D13390405DC41C2C1935A48FEC68 ft=0 fh=0000000000000000 vn="Win32/DealPly.J evtl. unerwünschte Anwendung" ac=I fn="E:\Tinas-Acer\Backup Set 2011-12-01 190001\Backup Files 2011-12-01 190001\Backup files 1.zip"
sh=4C53205031E07E6CB28A6AC5316093D5984C5CB2 ft=1 fh=705f06b5c52d4adc vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="H:\Fanfiction\Getrennte Wege (Kapitel)\Word Viewer - CHIP-Downloader.exe"
SecurityCheck:
Code:
Results of screen317's Security Check version 0.99.87 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Java(TM) 6 Update 22 
 Java 7 Update 67 
 Adobe Flash Player 14.0.0.145 
 Adobe Reader 10.1.3 Adobe Reader out of Date! 
 Mozilla Firefox (31.0)
 Google Chrome 36.0.1985.125 
 Google Chrome 36.0.1985.143 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Malwarebytes Anti-Malware mbamscheduler.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
SystemLook:
Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 21:51 on 15/08/2014 by XXXXX_2
Administrator - Elevation successful

========== filefind ==========

Searching for "*Coupon Companion Plugin*"
No files found.

Searching for "*FoxTab 3GP Converter*"
C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FoxTab 3GP Converter\FoxTab 3GP Converter.lnk        --a---- 743 bytes        [06:42 25/08/2011]        [06:42 25/08/2011] CD9B17CBD742BE7EC851B949D8661589
C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FoxTab 3GP Converter\Uninstall FoxTab 3GP Converter.lnk        --a---- 866 bytes        [06:42 25/08/2011]        [06:42 25/08/2011] 75F94526BB5C84450195F039CFF22F4C

Searching for "*SelectionLinks*"
No files found.

Searching for "*BetterSoft*"
No files found.

Searching for "*OptimizerPro*"
No files found.

Searching for "*MyPC Backup*"
No files found.

Searching for "*clicup*"
C:\Windows\Prefetch\CLICUP.EXE-BD013FCB.pf        --a---- 22712 bytes        [18:18 13/08/2014]        [13:49 14/08/2014] B145379654831CA87DBEE494363BC435

========== folderfind ==========

Searching for "*Coupon Companion Plugin*"
No folders found.

Searching for "*FoxTab 3GP Converter*"
C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FoxTab 3GP Converter        d------        [06:42 25/08/2011]

Searching for "*SelectionLinks*"
No folders found.

Searching for "*BetterSoft*"
C:\AdwCleaner\Quarantine\C\ProgramData\BetterSoft        d------        [18:17 11/09/2013]

Searching for "*OptimizerPro*"
C:\AdwCleaner\Quarantine\C\ProgramData\BetterSoft\OptimizerPro        d------        [18:17 11/09/2013]

Searching for "*MyPC Backup*"
No folders found.

Searching for "*clicup*"
No folders found.

========== regfind ==========

Searching for "Coupon Companion Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Coupon Companion Plugin-InternalInstaller_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Coupon Companion Plugin-InternalInstaller_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Coupon Companion Plugin_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Coupon Companion Plugin_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Companion Plugin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Companion Plugin]
"DisplayName"="Coupon Companion Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Companion Plugin]
"DisplayIcon"="C:\Program Files (x86)\Coupon Companion Plugin\Uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Companion Plugin]
"UninstallString"="C:\Program Files (x86)\Coupon Companion Plugin\Uninstall.exe"

Searching for "FoxTab 3GP Converter"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\FoxTab 3GP Converter]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\FoxTab 3GP Converter]
"DisplayName"="FoxTab 3GP Converter"
[HKEY_USERS\S-1-5-21-752392268-3339214621-1681333280-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\FoxTab 3GP Converter]
[HKEY_USERS\S-1-5-21-752392268-3339214621-1681333280-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\FoxTab 3GP Converter]
"DisplayName"="FoxTab 3GP Converter"

Searching for "SelectionLinks"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\SelectionLinks.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SelectionLinks.SelectionLinksBHO]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SelectionLinks.SelectionLinksBHO]
@="SelectionLinksBHO Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SelectionLinks.SelectionLinksBHO\CurVer]
@="SelectionLinks.SelectionLinksBHO.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SelectionLinks.SelectionLinksBHO.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SelectionLinks.SelectionLinksBHO.1]
@="SelectionLinksBHO Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\SelectionLinks.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\sl-dlc]
"DisplayName"="SelectionLinks"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\sl-dlc]
"Publisher"="SelectionLinks"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Object\SelectionLinks]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\SelectionLinks.DLL]

Searching for "BetterSoft"
No data found.

Searching for "OptimizerPro"
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exe"="RUNASADMIN ELEVATECREATEPROCESS"
[HKEY_USERS\S-1-5-21-752392268-3339214621-1681333280-1002\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exe"="RUNASADMIN ELEVATECREATEPROCESS"

Searching for "MyPC Backup"
No data found.

Searching for "clicup"
[HKEY_CURRENT_USER\Software\clicup]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\clicup]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\clicup]
"DisplayName"="clicup"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\clicup]
"DisplayIcon"="C:\Users\XXXXX_2\AppData\Local\Temp\clicup\Ico.ico"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\clicup]
"UninstallString"="C:\Users\XXXXX_2\AppData\Local\Temp\clicup\Uninstaller.exe"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\XXXXX_2\AppData\Local\Temp\clicup\toast.exe"="pruebaTrans"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27DC7E94-C7C1-4686-A18D-3BDAAB1F3D1A}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\XXXXX_2\AppData\Local\Temp\clicup\clicup.exe|Name=clicup|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{431F85E6-0824-4AA1-B3C0-8ADF50B13DF2}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\XXXXX_2\AppData\Local\Temp\clicup\clicup.exe|Name=clicup|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{46482DD6-CB75-47B1-8E17-8FDBA9158AEA}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|App=C:\Users\XXXXX_2\AppData\Local\Temp\clicup\clicup.exe|Name=clicup|Desc=Allows outgoing requests.|EmbedCtxt=@firewallapi.dll,-23255|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{78EF46A4-8EDC-45F0-99FE-816F48C21474}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\XXXXX_2\AppData\Local\Temp\clicup\toast.exe|Name=toast|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A76FAEDB-C513-40E7-8843-69733BA3AFC2}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\XXXXX_2\AppData\Local\Temp\clicup\toast.exe|Name=toast|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6CE7A877-A580-4E71-B032-2CC30725C528}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|App=C:\Users\XXXXX_2\AppData\Local\Temp\clicup\toast.exe|Name=toast|Desc=Allows outgoing requests.|EmbedCtxt=@firewallapi.dll,-23255|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27DC7E94-C7C1-4686-A18D-3BDAAB1F3D1A}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\XXXXX_2\AppData\Local\Temp\clicup\clicup.exe|Name=clicup|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{431F85E6-0824-4AA1-B3C0-8ADF50B13DF2}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\XXXXX_2\AppData\Local\Temp\clicup\clicup.exe|Name=clicup|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{46482DD6-CB75-47B1-8E17-8FDBA9158AEA}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|App=C:\Users\XXXXX_2\AppData\Local\Temp\clicup\clicup.exe|Name=clicup|Desc=Allows outgoing requests.|EmbedCtxt=@firewallapi.dll,-23255|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{78EF46A4-8EDC-45F0-99FE-816F48C21474}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\XXXXX_2\AppData\Local\Temp\clicup\toast.exe|Name=toast|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A76FAEDB-C513-40E7-8843-69733BA3AFC2}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\XXXXX_2\AppData\Local\Temp\clicup\toast.exe|Name=toast|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6CE7A877-A580-4E71-B032-2CC30725C528}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|App=C:\Users\XXXXX_2\AppData\Local\Temp\clicup\toast.exe|Name=toast|Desc=Allows outgoing requests.|EmbedCtxt=@firewallapi.dll,-23255|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27DC7E94-C7C1-4686-A18D-3BDAAB1F3D1A}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\XXXXX_2\AppData\Local\Temp\clicup\clicup.exe|Name=clicup|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{431F85E6-0824-4AA1-B3C0-8ADF50B13DF2}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\XXXXX_2\AppData\Local\Temp\clicup\clicup.exe|Name=clicup|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{46482DD6-CB75-47B1-8E17-8FDBA9158AEA}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|App=C:\Users\XXXXX_2\AppData\Local\Temp\clicup\clicup.exe|Name=clicup|Desc=Allows outgoing requests.|EmbedCtxt=@firewallapi.dll,-23255|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{78EF46A4-8EDC-45F0-99FE-816F48C21474}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\XXXXX_2\AppData\Local\Temp\clicup\toast.exe|Name=toast|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A76FAEDB-C513-40E7-8843-69733BA3AFC2}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\XXXXX_2\AppData\Local\Temp\clicup\toast.exe|Name=toast|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6CE7A877-A580-4E71-B032-2CC30725C528}"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|App=C:\Users\XXXXX_2\AppData\Local\Temp\clicup\toast.exe|Name=toast|Desc=Allows outgoing requests.|EmbedCtxt=@firewallapi.dll,-23255|"
[HKEY_USERS\S-1-5-21-752392268-3339214621-1681333280-1002\Software\clicup]
[HKEY_USERS\S-1-5-21-752392268-3339214621-1681333280-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\clicup]
[HKEY_USERS\S-1-5-21-752392268-3339214621-1681333280-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\clicup]
"DisplayName"="clicup"
[HKEY_USERS\S-1-5-21-752392268-3339214621-1681333280-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\clicup]
"DisplayIcon"="C:\Users\XXXXX_2\AppData\Local\Temp\clicup\Ico.ico"
[HKEY_USERS\S-1-5-21-752392268-3339214621-1681333280-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\clicup]
"UninstallString"="C:\Users\XXXXX_2\AppData\Local\Temp\clicup\Uninstaller.exe"
[HKEY_USERS\S-1-5-21-752392268-3339214621-1681333280-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\XXXXX_2\AppData\Local\Temp\clicup\toast.exe"="pruebaTrans"
[HKEY_USERS\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\XXXXX_2\AppData\Local\Temp\clicup\toast.exe"="pruebaTrans"

-= EOF =-

M-K-D-B 16.08.2014 09:52
Diese Dateien bitte selbst per Hand suchen und löschen:
Zitat:
sh=52057EA7610E8956E6CF8F8EA7046F7C0ABED9E7 ft=1 fh=cbc3e45406e996d6 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\4shared_desktop_3.3.5.exe"
sh=0C14761B4E1FABE8A89FCAF6DC7E93F9D50766E4 ft=1 fh=68be27c9a6f2b7ca vn="Win32/OutBrowse.AD evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\adobe-flash-player.exe"
sh=AAD6F1CAA5C35AEEFCFBE646FB5093D2FB559AEC ft=1 fh=2ca4112e4b89bd5a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\ashampoo_burning_studio_elements_10.0.9_8678(2).exe"
sh=981DD6FB832A26ED9A9F9583BA6F2A78F2148B62 ft=1 fh=3e676125774b21b3 vn="Win32/DownloadAdmin.G evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\cbsidlm-tr1_10a-GetFLV-BP-10618974.exe"
sh=B15FF356B671534564B4D4E171A2E8DAD434A77B ft=1 fh=8c53512473b38db1 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\CCleaner - CHIP-Downloader.exe"
sh=D0222688BB442B1FBFC79E755A4D4E2A6D1C961F ft=1 fh=67359e13992c4fb6 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\Feedreader - CHIP-Downloader.exe"
sh=65F38A889E32A78CBCCFD1C880DB6ADE5D106225 ft=1 fh=ef1634db7f3aa0cd vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\FreemakeVideoConverterSetup.exe"
sh=41D30B977DE5DC0EB792C98D5B97CFCF4338A593 ft=1 fh=a1232e96b9cc1b15 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\FreeScreenVideoRecorder.exe"
sh=85F7DC44FABCF0FCE9072719485BE97F4365272F ft=1 fh=4759c6d9de7a2349 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\FreeVideoDub2012.exe"
sh=5CD72A7CBA03C30472AE7F7E8C04E8B3C39D524C ft=1 fh=77b6701407383e8e vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\MuRas Filter Meister Installer.exe"
sh=0DFC110AF839766D338DA5701318149A99DBCD48 ft=1 fh=4421110342fc9a7c vn="Variante von Win32/OpenInstall evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\oi_SqirlzReflectzip.exe"
sh=BF2984E7F0FDAF055F4280851F930166BE069DEA ft=1 fh=e63e331e704945b6 vn="Win32/SoftonicDownloader.D evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\SoftonicDownloader_fuer_orbit-downloader.exe"
sh=51B27D6F1D76522B995059AEFF691BF7B0809962 ft=1 fh=107055982acd3348 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\SoftonicDownloader_fuer_ulead-videostudio.exe"
sh=2A232C7BACDE60DDB2CED577A253131DAB0E6C07 ft=1 fh=63e4919b8bacaa47 vn="Variante von Win32/SweetIM.C evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\SweetImSetup.exe"
sh=DBCCE49CC35F61843434AB788A5F10064AB15C15 ft=1 fh=ced83d92be3f0949 vn="Win32/Toolbar.Inbox.F evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\TVSetup.exe"
sh=3B232FFEE48A9235B2ABDB7F780898B99C881B9A ft=1 fh=a69526e0f5d72c42 vn="Variante von Win32/Adware.ToolPlugin.A Anwendung" ac=I fn="E:\Downloads\vlc-1.1.7-win32.exe"
sh=4C53205031E07E6CB28A6AC5316093D5984C5CB2 ft=1 fh=705f06b5c52d4adc vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\Word Viewer - CHIP-Downloader.exe"
sh=4C53205031E07E6CB28A6AC5316093D5984C5CB2 ft=1 fh=705f06b5c52d4adc vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="E:\Fanfiction\Getrennte Wege (Kapitel)\Word Viewer - CHIP-Downloader.exe"
sh=123D430E4996B96A7E23306E747665249C344F06 ft=0 fh=0000000000000000 vn="möglicherweise Variante von Android/Domob.G evtl. unerwünschte Anwendung" ac=I fn="E:\Handy\Samsung Galaxy S4 mini\Apps\Talking Tom 2_4.5.2.apk"
sh=15ED269CD19B325478136334D031005D454D8B22 ft=0 fh=0000000000000000 vn="Win32/DealPly.J evtl. unerwünschte Anwendung" ac=I fn="E:\Tinas-Acer\Backup Set 2011-09-01 190001\Backup Files 2011-09-01 190001\Backup files 1.zip"
sh=DAC798FA2E33D13390405DC41C2C1935A48FEC68 ft=0 fh=0000000000000000 vn="Win32/DealPly.J evtl. unerwünschte Anwendung" ac=I fn="E:\Tinas-Acer\Backup Set 2011-12-01 190001\Backup Files 2011-12-01 190001\Backup files 1.zip"
sh=4C53205031E07E6CB28A6AC5316093D5984C5CB2 ft=1 fh=705f06b5c52d4adc vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="H:\Fanfiction\Getrennte Wege (Kapitel)\Word Viewer - CHIP-Downloader.exe"





Ersetze die "XXXXX_2" durch deinen richtigen Benutzernamen, sonst wird der Fix mit FRST nicht funktionieren!





Reste entfernen
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
C:\Users\Tina_2\Downloads\setup.exe
C:\Users\Tina_2\Dropbox\*CHIP-Downloader.exe
C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FoxTab 3GP Converter
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Coupon Companion Plugin-InternalInstaller_RASAPI32
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Coupon Companion Plugin-InternalInstaller_RASMANCS
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Coupon Companion Plugin_RASAPI32
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Coupon Companion Plugin_RASMANCS
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Companion Plugin
DeleteKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\FoxTab 3GP Converter
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\SelectionLinks.DLL
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SelectionLinks.SelectionLinksBHO
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SelectionLinks.SelectionLinksBHO.1
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\SelectionLinks.DLL
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\sl-dlc
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Object\SelectionLinks
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\SelectionLinks.DLL
DeleteKey: HKEY_CURRENT_USER\Software\clicup
DeleteKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\clicup
Reboot:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.













Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.




Schritt 1
Du verwendest veraltete Software auf deinem Rechner, was ein Sicherheitsrisiko darstellt. Daher solltest du veraltete Software deinstallieren und anschließend die aktuellste Version installieren.
Folge dem Pfad Start > Systemsteuerung > Sofware / Programme deinstallieren.
Deinstalliere die folgenden Programme von deinem Rechner:
  • Java(TM) 6 Update 22
  • Adobe Reader 10
Starte deinen Rechner nach der Deinstallation neu auf.
Downloade und installiere dir bitte nun:
  • Adobe Reader (Entferne vor dem Download den Haken bei McAfee Security Scan)
Starte deinen Rechner nach der Installation neu auf.





Schritt 2
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.







Schritt 3
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.


Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti-Viren-Programm und zusätzlicher Schutz
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist! Ein kostenloses Anti-Viren Programm, das wir empfehlen, wäre z. B. Avast! Free Antivirus oder Microsoft Security Essentials.
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt. Du kannst es zusätzlich zu deinem Anti-Viren Programm verwenden.
    Update das Tool und lasse es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • AdwCleaner
    Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwünschten Programmen (PUPs).
    Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt von der Herstellerseite auf den Desktop herunterladen. Auch dieses Programm kann parallel zu deinem Anti-Viren Programm verwendet werden.
  • SpywareBlaster
    Eine kurze Einführung findest du Hier


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzuzufügen reicht und dieser wird nicht mehr geladen.
    Es spart außerdem Downloadkapazität.


Performance
  • Halte dich fern von Registry Cleanern.
    Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
    Miekemoes Blogspot ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..).
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
  • Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!



Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

TinaW5 16.08.2014 12:49
Hallo,

die Dateien sind gelöscht.

Hier meine letzte Fixlog.txt:
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-08-2014 02
Ran by XXXXX_2 at 2014-08-16 11:15:47 Run:3
Running from C:\Users\XXXXX_2\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\Users\XXXXX_2\Downloads\setup.exe
C:\Users\XXXXX_2\Dropbox\*CHIP-Downloader.exe
C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FoxTab 3GP Converter
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Coupon Companion Plugin-InternalInstaller_RASAPI32
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Coupon Companion Plugin-InternalInstaller_RASMANCS
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Coupon Companion Plugin_RASAPI32
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Coupon Companion Plugin_RASMANCS
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Companion Plugin
DeleteKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\FoxTab 3GP Converter
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\SelectionLinks.DLL
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SelectionLinks.SelectionLinksBHO
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SelectionLinks.SelectionLinksBHO.1
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\SelectionLinks.DLL
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\sl-dlc
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Object\SelectionLinks
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\SelectionLinks.DLL
DeleteKey: HKEY_CURRENT_USER\Software\clicup
DeleteKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\clicup
Reboot:
end
       
*****************

C:\Users\XXXXX_2\Downloads\setup.exe => Moved successfully.
C:\Users\XXXXX_2\Dropbox\*CHIP-Downloader.exe => Moved successfully.
C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FoxTab 3GP Converter => Moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Coupon Companion Plugin-InternalInstaller_RASAPI32 => Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Coupon Companion Plugin-InternalInstaller_RASMANCS => Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Coupon Companion Plugin_RASAPI32 => Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Coupon Companion Plugin_RASMANCS => Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Companion Plugin => Key deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\FoxTab 3GP Converter => Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\SelectionLinks.DLL => Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SelectionLinks.SelectionLinksBHO => Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SelectionLinks.SelectionLinksBHO.1 => Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\SelectionLinks.DLL => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\sl-dlc => Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Object\SelectionLinks => Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\SelectionLinks.DLL => Key not found.
HKEY_CURRENT_USER\Software\clicup => Key deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\clicup => Key deleted successfully.


The system needed a reboot.

==== End of Fixlog ====
Die restlichen Schritte habe ich ausgeführt, hat alles geklappt bzw. war teilweise schon so eingestellt.

Die empfohlene Software habe ich installiert und werde sie von nun an auch auf dem Laufenden halten.

Ich danke für die sehr gute, kompetente und vor allem lehrreiche Hilfe. Bin vollenst zufrieden.
Spende folgt.

Viele Grüße
Tina

M-K-D-B 16.08.2014 15:42
Ich bin froh, dass wir helfen konnten :abklatsch:

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! :)

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:47 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131