Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Habe Mist gebaut... (https://www.trojaner-board.de/163399-habe-mist-gebaut.html)

magigstar 31.01.2015 09:01
Habe Mist gebaut...
 
Hallo Leute,

ich glaube, ich habe Mist gebaut...

Sagt euch "omiga-plus" was?

Firefox startet nun mit omiga-plus, auch im Suchfeld.
Soweit habe ich sie nun deinstallieren können.

Aber ich glaube, jetzt ist es Trovi, die omiga-plus ersetzt hat, irgendwie...
Also echt komisch...

Bootsektor 31.01.2015 09:45
:hallo:

Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem
  • Führe bitte nur Scans durch zu denen Du von mir aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
  • Poste die Logfiles direkt in deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Posten in Code Tags
Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke.
Dazu:
  • Klicke über dem Antwortfenster auf die Raute #, dann steht dort in eckigen Klammern [] CODE /CODE.
  • Zwischen den beiden code-Bausteinen fügst Du dann deine Logfiles ein. Also CODE Logfile /CODE
  • Wenn die Logs zu lang sein sollten, dann teile sie bitte auf und poste sie dann hier in Deinem Thread, notfalls in mehreren Antworten.

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


magigstar 31.01.2015 10:23

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by XXXXX XXXXX (administrator) on ARBEITSCOMPUTER on 31-01-2015 10:14:47
Running from C:\Users\XXXXX XXXXX\Desktop
Loaded Profiles: XXXXX XXXXX (Available profiles: XXXXX XXXXX & XXXXX & Versuch)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Common Files\AAV\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Search Module Plus Ltd.) C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smu.exe
(ShopperPro) C:\Program Files\Common Files\ShopperPro\spbiu.exe
(Weather Protector LLC) C:\Program Files (x86)\StormWatch\SWUpdaterSvc.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
() C:\Windows\snuvcdsm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\PLFSetI.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
() C:\Users\XXXXX XXXXX\AppData\Local\winengine\rkr1.exe
(RescueTime, Inc.) C:\Program Files (x86)\RescueTime\RescueTime.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Mirko Böer) C:\Program Files (x86)\SSS\SimpleScreenshot.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Common Files\Goobzo\GBUpdatePlus\SCHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SNUVCDSM] => C:\Windows\snuvcdsm.exe [30080 2011-01-13] ()
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-29] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetL] => C:\Windows\PLFSetL.exe [99712 2011-01-13] (Sonix Technology Co., Ltd.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2011-11-13] ()
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-11] (Egis Technology Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-07-22] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SimpleScreenshot] => C:\Program Files (x86)\SSS\SIMPLESCREENSHOT.EXE [2255360 2008-02-09] (Mirko Böer)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-02] (Dritek System Inc.)
HKLM-x32\...\Run: [YTDownloader] => /boot
HKLM-x32\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1361.0.0.0\jsdrv.exe
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-23] (BillP Studios)
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1361.0.0.0\jsdrv.exe
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [winengine] => C:\Users\XXXXX XXXXX\AppData\Local\winengine\rkr0.exe [511416 2014-12-12] ()
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [winengine2] => C:\Users\XXXXX XXXXX\AppData\Local\winengine\rkr1.exe [511416 2014-12-12] ()
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [253200 2015-01-20] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [219408 2015-01-20] (Client Connect LTD)
Startup: C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk
ShortcutTarget: RescueTime.lnk -> C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.thesearchpage.info/?pid=3458&r=2015/01/31&hid=4296634904664230215&lg=EN&cc=DE&unqvl=74
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.thesearchpage.info/?pid=3458&r=2015/01/31&hid=4296634904664230215&lg=EN&cc=DE&unqvl=74
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=3458&r=2015/01/31&hid=4296634904664230215&lg=EN&cc=DE&unqvl=74
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=3458&r=2015/01/31&hid=4296634904664230215&lg=EN&cc=DE&unqvl=74
SearchScopes: HKU\S-1-5-21-1242904208-471078349-2963378918-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7F3C43B3-690F-4276-959F-1C74A797CA2A&SearchSource=58&CUI=&UM=8&UP=SP9050A32E-D786-4A42-9E49-5663C4588ECE&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1242904208-471078349-2963378918-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7F3C43B3-690F-4276-959F-1C74A797CA2A&SearchSource=58&CUI=&UM=8&UP=SP9050A32E-D786-4A42-9E49-5663C4588ECE&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1242904208-471078349-2963378918-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1242904208-471078349-2963378918-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1242904208-471078349-2963378918-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=3458&r=2015/01/31&hid=4296634904664230215&lg=EN&cc=DE&unqvl=74
BHO: Boost -> {2299856A-6506-42E3-A34F-CD35A47C1B19} -> C:\Program Files (x86)\Boost\64Boost.dll (Boost)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: youtubeadblocker -> {66a77d73-e5fa-4815-bba6-e6e6210fb9a0} -> C:\Program Files (x86)\youtubeadblocker\2vSp3hYxFkuiwN.x64.dll ()
BHO: unissales -> {7e0aaab3-ba7d-4a2d-b1e6-4289ce4d1b1e} -> C:\Program Files (x86)\unissales\9vFbOLvEX4RE1d.x64.dll ()
BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} ->  No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Booster-Web helper -> {B5147546-9359-4D9B-8B36-F54C54555799} -> C:\Program Files (x86)\Booster-Web\Booster-Web.dll (App LLC)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Boost -> {2299856A-6506-42E3-A34F-CD35A47C1B19} -> C:\Program Files (x86)\Boost\Boost.dll (Boost)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Booster-Web helper -> {B5147546-9359-4D9B-8B36-F54C54555799} -> C:\Program Files (x86)\Booster-Web\Booster-Web.dll (App LLC)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\abengine.dll [323720] (Abengine)
Winsock: Catalog9 02 C:\Windows\SysWOW64\abengine.dll [323720] (Abengine)
Winsock: Catalog9 03 C:\Windows\SysWOW64\abengine.dll [323720] (Abengine)
Winsock: Catalog9 04 C:\Windows\SysWOW64\abengine.dll [323720] (Abengine)
Winsock: Catalog9 15 C:\Windows\SysWOW64\abengine.dll [323720] (Abengine)
Winsock: Catalog9-x64 01 C:\Windows\system32\abengine64.dll [380112] (Abengine)
Winsock: Catalog9-x64 02 C:\Windows\system32\abengine64.dll [380112] (Abengine)
Winsock: Catalog9-x64 03 C:\Windows\system32\abengine64.dll [380112] (Abengine)
Winsock: Catalog9-x64 04 C:\Windows\system32\abengine64.dll [380112] (Abengine)
Winsock: Catalog9-x64 05 C:\Windows\system32\ColorMedia64.dll [378640] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 06 C:\Windows\system32\ColorMedia64.dll [378640] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 07 C:\Windows\system32\ColorMedia64.dll [378640] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 08 C:\Windows\system32\ColorMedia64.dll [378640] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 19 C:\Windows\system32\ColorMedia64.dll [378640] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 20 C:\Windows\system32\abengine64.dll [380112] (Abengine)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB

FireFox:
========
FF ProfilePath: C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7F3C43B3-690F-4276-959F-1C74A797CA2A&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SP9050A32E-D786-4A42-9E49-5663C4588ECE
FF DefaultSearchEngine: omiga-plus
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.thesearchpage.info/?pid=3458&r=2015/01/31&hid=4296634904664230215&lg=EN&cc=DE&unqvl=74&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine:
FF SelectedSearchEngine,S: WebSearch
FF Homepage: hxxp://websearch.thesearchpage.info/?pid=3458&r=2015/01/31&hid=4296634904664230215&lg=EN&cc=DE&unqvl=74
FF Keyword.URL: hxxp://www-searching.com/search.aspx?s=F1Vzamodk07628,8fde143b-bce1-4d1d-b797-3fbbcd45903f,&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\searchplugins\omiga-plus.xml
FF SearchPlugin: C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\searchplugins\trovi.xml
FF SearchPlugin: C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\searchplugins\WebSearch.xml
FF Extension: iWebar - C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com [2015-01-31]
FF Extension: CinemaP-1.4cV31.01 - C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\23fb8bb3-ac21-4230-bbfa-49b94968bc63@gmail.com [2015-01-31]
FF Extension: Object Browser - C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com [2015-01-31]
FF Extension: FF Toolbar - C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\fftoolbar2014@etech.com [2015-01-31]
FF Extension: Booster Web - C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\jid1-U7omKQ6kQfxMaQ@jetpack [2015-01-31]
FF Extension: youtubeadblocker - C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\wq@P.net [2015-01-31]
FF Extension: uenisaalEs - C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\Za7@Ky.edu [2015-01-31]
FF Extension: Zoom It - C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{680219c9-7bbf-5dfc-84d8-33b88668b4ab} [2015-01-31]
FF Extension: Shopper-Pro - C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [2015-01-31]
FF Extension: Boost - C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\boost@boost.net.xpi [2014-12-04]
FF Extension: LeechBlock - C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2014-12-07]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\fftoolbar2014@etech.com
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://isearch.omiga-plus.com/?type=sc&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7F3C43B3-690F-4276-959F-1C74A797CA2A&SearchSource=55&CUI=&UM=8&UP=SP9050A32E-D786-4A42-9E49-5663C4588ECE&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7F3C43B3-690F-4276-959F-1C74A797CA2A&SearchSource=55&CUI=&UM=8&UP=SP9050A32E-D786-4A42-9E49-5663C4588ECE&SSPV="
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (Google Docs) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-25]
CHR Extension: (Google Drive) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-26]
CHR Extension: (YouTube) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-25]
CHR Extension: (Google Search) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-25]
CHR Extension: (Avira Browser Safety) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-26]
CHR Extension: (Google Wallet) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-26]
CHR Extension: (Hearthstone Stream Browser) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\obdejhodejngcbmkiddfjkieejekbfil [2015-01-31]
CHR Extension: (Gmail) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-25]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://isearch.omiga-plus.com/?type=sc&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Common Files\AAV\aavus.exe [122880 2007-10-04] () [File not signed]
S4 abengine; C:\Program Files (x86)\TabNav\abengine.exe [1332576 2015-01-28] (Abengine) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
S4 BotkindSyncService; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [182784 2013-10-10] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3503376 2015-01-20] (Client Connect LTD)
S4 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241704 2014-03-25] (Foxit Corporation)
R2 HPSLPSVC; C:\Users\XXXXX XXXXX\AppData\Local\Temp\7zS1D89\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
S2 InjectorService; C:\Program Files (x86)\TabNav\jis.exe [84480 2014-11-29] () [File not signed]
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-11] (Egis Technology Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 NoIPDUCService4; C:\Program Files (x86)\No-IP\ducservice.exe [11264 2013-01-24] () [File not signed]
S4 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3051848 2011-01-25] (O&O Software GmbH)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] () [File not signed]
S4 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S4 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) [File not signed]
S4 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe [72344 2008-05-19] (SiSoftware) [File not signed]
R2 SMUpdPlus; C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smu.exe [2719592 2015-01-31] (Search Module Plus Ltd.)
R2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [2346880 2015-01-07] (ShopperPro)
R2 SWUpdater; C:\Program Files (x86)\StormWatch\SWUpdaterSvc.exe [17584 2014-11-22] (Weather Protector LLC)
S4 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [247152 2010-04-27] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]
S2 YTDUpdt; C:\PROGRA~2\YTDOWN~1\YTDUPD~1.EXE [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 EkaProt6; C:\Windows\System32\DRIVERS\ekaprot6.sys [27288 2012-03-23] (Ekahau Inc.)
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [109144 2014-01-30] (Softwareentwicklung Remus - ArchiCrypt - )
R3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smw.sys [42856 2015-01-31] ()
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806592 2011-01-13] ()
R3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41856 2015-01-07] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 SPDRIVER_1361.0.0.0; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1361.0.0.0\jsdrv.sys [X]
R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 10:14 - 2015-01-31 10:16 - 00033171 _____ () C:\Users\XXXXX XXXXX\Desktop\FRST.txt
2015-01-31 10:12 - 2015-01-31 10:12 - 02130432 _____ (Farbar) C:\Users\XXXXX XXXXX\Desktop\FRST64.exe
2015-01-31 10:10 - 2015-01-31 10:10 - 00001101 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-31 09:43 - 2015-01-31 09:46 - 00000000 ____D () C:\Users\XXXXX XXXXX\Desktop\Ordnung
2015-01-31 09:35 - 2015-01-31 09:35 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Booster-Web
2015-01-31 09:34 - 2015-01-31 10:08 - 00000000 ____D () C:\Program Files (x86)\TabNav
2015-01-31 09:34 - 2015-01-31 10:01 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\Booster-Web
2015-01-31 09:34 - 2015-01-31 09:35 - 00000000 ____D () C:\Program Files (x86)\Booster-Web
2015-01-31 09:34 - 2015-01-31 09:34 - 00004696 _____ () C:\Windows\SysWOW64\abengine.ini
2015-01-31 09:34 - 2015-01-31 09:34 - 00003408 _____ () C:\Windows\System32\Tasks\sondhschedule
2015-01-31 09:34 - 2015-01-31 09:34 - 00003108 _____ () C:\Windows\System32\Tasks\zupa3002
2015-01-31 09:34 - 2015-01-31 09:34 - 00002600 _____ () C:\Windows\SysWOW64\abengineOff.ini
2015-01-31 09:34 - 2015-01-31 09:34 - 00002600 _____ () C:\Windows\system32\abengineOff.ini
2015-01-31 09:34 - 2015-01-31 09:34 - 00000002 _____ () C:\END
2015-01-31 09:34 - 2015-01-31 09:34 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\winengine
2015-01-31 09:34 - 2015-01-31 09:34 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\mbot_de_481
2015-01-31 09:34 - 2015-01-31 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY
2015-01-31 09:34 - 2015-01-31 09:34 - 00000000 ____D () C:\Program Files (x86)\mbot_de_481
2015-01-31 09:34 - 2015-01-31 09:34 - 00000000 ____D () C:\Program Files (x86)\mbot_de_465
2015-01-31 09:34 - 2015-01-28 22:40 - 00380112 _____ (Abengine) C:\Windows\system32\abengine64.dll
2015-01-31 09:34 - 2015-01-28 22:40 - 00323720 _____ (Abengine) C:\Windows\SysWOW64\abengine.dll
2015-01-31 09:33 - 2015-01-31 10:09 - 00000000 ____D () C:\Program Files (x86)\CinemaP-1.4cV31.01
2015-01-31 09:33 - 2015-01-31 10:08 - 00005878 _____ () C:\Windows\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-6.job
2015-01-31 09:33 - 2015-01-31 10:08 - 00005534 _____ () C:\Windows\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-7.job
2015-01-31 09:33 - 2015-01-31 10:08 - 00004510 _____ () C:\Windows\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-4.job
2015-01-31 09:33 - 2015-01-31 10:08 - 00003490 _____ () C:\Windows\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-1-7.job
2015-01-31 09:33 - 2015-01-31 10:08 - 00003154 _____ () C:\Windows\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-1-6.job
2015-01-31 09:33 - 2015-01-31 10:08 - 00002462 _____ () C:\Windows\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-5_user.job
2015-01-31 09:33 - 2015-01-31 10:08 - 00002462 _____ () C:\Windows\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-5.job
2015-01-31 09:33 - 2015-01-31 10:08 - 00001380 _____ () C:\Windows\Tasks\NWAUR.job
2015-01-31 09:33 - 2015-01-31 10:08 - 00001378 _____ () C:\Windows\Tasks\FMLW.job
2015-01-31 09:33 - 2015-01-31 09:33 - 00008906 _____ () C:\Windows\System32\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-6
2015-01-31 09:33 - 2015-01-31 09:33 - 00008564 _____ () C:\Windows\System32\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-7
2015-01-31 09:33 - 2015-01-31 09:33 - 00007540 _____ () C:\Windows\System32\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-4
2015-01-31 09:33 - 2015-01-31 09:33 - 00006520 _____ () C:\Windows\System32\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-1-7
2015-01-31 09:33 - 2015-01-31 09:33 - 00006182 _____ () C:\Windows\System32\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-1-6
2015-01-31 09:33 - 2015-01-31 09:33 - 00005492 _____ () C:\Windows\System32\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-5
2015-01-31 09:33 - 2015-01-31 09:33 - 00004442 _____ () C:\Windows\System32\Tasks\NWAUR
2015-01-31 09:33 - 2015-01-31 09:33 - 00004440 _____ () C:\Windows\System32\Tasks\FMLW
2015-01-31 09:33 - 2015-01-31 09:33 - 00000000 ____D () C:\Program Files (x86)\878e2246-8f7a-48fe-89f9-845dc6abbab7
2015-01-31 09:32 - 2015-01-31 09:32 - 00001117 _____ () C:\Users\XXXXX XXXXX\Desktop\Continue installation .lnk
2015-01-31 09:31 - 2015-01-31 10:08 - 00002454 _____ () C:\Windows\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-5_user.job
2015-01-31 09:31 - 2015-01-31 10:08 - 00002454 _____ () C:\Windows\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-5.job
2015-01-31 09:31 - 2015-01-31 09:31 - 00005484 _____ () C:\Windows\System32\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-5
2015-01-31 09:31 - 2015-01-31 09:31 - 00004314 _____ () C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333035393833303830392d5a556c6c4a5a575750414134
2015-01-31 09:31 - 2015-01-31 09:31 - 00004130 _____ () C:\Windows\System32\Tasks\amiupdaterExi
2015-01-31 09:31 - 2015-01-31 09:31 - 00003886 _____ () C:\Windows\System32\Tasks\Smp
2015-01-31 09:31 - 2015-01-31 09:31 - 00003804 _____ () C:\Windows\System32\Tasks\amiupdaterExd
2015-01-31 09:31 - 2015-01-31 09:31 - 00003636 _____ () C:\Windows\System32\Tasks\SMWPUpd
2015-01-31 09:31 - 2015-01-31 09:31 - 00000000 ____D () C:\ProgramData\SearchModulePlus
2015-01-31 09:31 - 2015-01-31 09:31 - 00000000 ____D () C:\Program Files\Common Files\Goobzo
2015-01-31 09:30 - 2015-01-31 10:08 - 00005854 _____ () C:\Windows\Tasks\04c81119-30a3-4168-b759-0865e99d237c-7.job
2015-01-31 09:30 - 2015-01-31 10:08 - 00005854 _____ () C:\Windows\Tasks\04c81119-30a3-4168-b759-0865e99d237c-6.job
2015-01-31 09:30 - 2015-01-31 10:08 - 00005526 _____ () C:\Windows\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-7.job
2015-01-31 09:30 - 2015-01-31 10:08 - 00005526 _____ () C:\Windows\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-6.job
2015-01-31 09:30 - 2015-01-31 10:08 - 00004830 _____ () C:\Windows\Tasks\04c81119-30a3-4168-b759-0865e99d237c-4.job
2015-01-31 09:30 - 2015-01-31 10:08 - 00004502 _____ () C:\Windows\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-4.job
2015-01-31 09:30 - 2015-01-31 10:08 - 00003810 _____ () C:\Windows\Tasks\04c81119-30a3-4168-b759-0865e99d237c-1-7.job
2015-01-31 09:30 - 2015-01-31 10:08 - 00003482 _____ () C:\Windows\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-1-7.job
2015-01-31 09:30 - 2015-01-31 10:08 - 00003466 _____ () C:\Windows\Tasks\04c81119-30a3-4168-b759-0865e99d237c-1-6.job
2015-01-31 09:30 - 2015-01-31 10:08 - 00003146 _____ () C:\Windows\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-1-6.job
2015-01-31 09:30 - 2015-01-31 10:08 - 00003126 _____ () C:\Windows\Tasks\04c81119-30a3-4168-b759-0865e99d237c-5_user.job
2015-01-31 09:30 - 2015-01-31 10:08 - 00002782 _____ () C:\Windows\Tasks\04c81119-30a3-4168-b759-0865e99d237c-5.job
2015-01-31 09:30 - 2015-01-31 10:08 - 00001382 _____ () C:\Windows\Tasks\UHTQPK.job
2015-01-31 09:30 - 2015-01-31 10:08 - 00001378 _____ () C:\Windows\Tasks\MLSC.job
2015-01-31 09:30 - 2015-01-31 09:40 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
2015-01-31 09:30 - 2015-01-31 09:32 - 00003758 _____ () C:\Windows\System32\Tasks\SMupdate1
2015-01-31 09:30 - 2015-01-31 09:32 - 00003618 _____ () C:\Windows\System32\Tasks\YTDownloader
2015-01-31 09:30 - 2015-01-31 09:32 - 00003608 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2015-01-31 09:30 - 2015-01-31 09:30 - 00008884 _____ () C:\Windows\System32\Tasks\04c81119-30a3-4168-b759-0865e99d237c-7
2015-01-31 09:30 - 2015-01-31 09:30 - 00008882 _____ () C:\Windows\System32\Tasks\04c81119-30a3-4168-b759-0865e99d237c-6
2015-01-31 09:30 - 2015-01-31 09:30 - 00008556 _____ () C:\Windows\System32\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-7
2015-01-31 09:30 - 2015-01-31 09:30 - 00008554 _____ () C:\Windows\System32\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-6
2015-01-31 09:30 - 2015-01-31 09:30 - 00007860 _____ () C:\Windows\System32\Tasks\04c81119-30a3-4168-b759-0865e99d237c-4
2015-01-31 09:30 - 2015-01-31 09:30 - 00007532 _____ () C:\Windows\System32\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-4
2015-01-31 09:30 - 2015-01-31 09:30 - 00006840 _____ () C:\Windows\System32\Tasks\04c81119-30a3-4168-b759-0865e99d237c-1-7
2015-01-31 09:30 - 2015-01-31 09:30 - 00006512 _____ () C:\Windows\System32\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-1-7
2015-01-31 09:30 - 2015-01-31 09:30 - 00006494 _____ () C:\Windows\System32\Tasks\04c81119-30a3-4168-b759-0865e99d237c-1-6
2015-01-31 09:30 - 2015-01-31 09:30 - 00006174 _____ () C:\Windows\System32\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-1-6
2015-01-31 09:30 - 2015-01-31 09:30 - 00005812 _____ () C:\Windows\System32\Tasks\04c81119-30a3-4168-b759-0865e99d237c-5
2015-01-31 09:30 - 2015-01-31 09:30 - 00004546 _____ () C:\Windows\System32\Tasks\ShopperPro
2015-01-31 09:30 - 2015-01-31 09:30 - 00004444 _____ () C:\Windows\System32\Tasks\UHTQPK
2015-01-31 09:30 - 2015-01-31 09:30 - 00004440 _____ () C:\Windows\System32\Tasks\MLSC
2015-01-31 09:30 - 2015-01-31 09:30 - 00004292 _____ () C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333035393833303830392d5a556c6c4a5a575750414134
2015-01-31 09:30 - 2015-01-31 09:30 - 00003528 _____ () C:\Windows\System32\Tasks\SPDriver
2015-01-31 09:30 - 2015-01-31 09:30 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\globalUpdate
2015-01-31 09:30 - 2015-01-31 09:30 - 00000000 ____D () C:\Program Files\Common Files\ShopperPro
2015-01-31 09:30 - 2015-01-31 09:30 - 00000000 ____D () C:\Program Files (x86)\ed55547d-8d98-4039-96d9-00407eb30671
2015-01-31 09:30 - 2015-01-31 09:30 - 00000000 ____D () C:\Program Files (x86)\38307773-d954-48f2-8127-93df0ea63e4a
2015-01-31 09:29 - 2015-01-31 09:29 - 00003604 _____ () C:\Windows\System32\Tasks\ShopperProJSUpd
2015-01-31 09:29 - 2015-01-31 09:29 - 00003446 _____ () C:\Windows\System32\Tasks\Inst_Rep
2015-01-31 09:29 - 2015-01-31 09:29 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\moters
2015-01-31 09:29 - 2015-01-31 09:29 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\CrashRpt
2015-01-31 09:28 - 2015-01-31 09:45 - 00000000 ____D () C:\Program Files (x86)\StormWatch
2015-01-31 09:28 - 2015-01-31 09:28 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch
2015-01-31 09:28 - 2015-01-31 09:28 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\Weather_Protector_LLC
2015-01-31 09:28 - 2015-01-31 09:28 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\StormWatch
2015-01-31 09:07 - 2015-01-31 09:07 - 00004050 _____ () C:\Windows\System32\Tasks\LaunchSignup
2015-01-31 09:06 - 2015-01-31 09:45 - 00000000 ____D () C:\Program Files (x86)\TampaGeneration
2015-01-31 09:06 - 2015-01-31 09:06 - 00001913 _____ () C:\Users\Public\Desktop\EZDownloader.lnk
2015-01-31 09:06 - 2015-01-31 09:06 - 00000000 ____D () C:\Windows\SysWOW64\X86
2015-01-31 09:06 - 2015-01-31 09:06 - 00000000 ____D () C:\Windows\SysWOW64\AMD64
2015-01-31 09:06 - 2015-01-31 09:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
2015-01-31 09:06 - 2015-01-31 09:06 - 00000000 ____D () C:\Program Files (x86)\youtubeadblocker
2015-01-31 09:06 - 2015-01-31 09:06 - 00000000 ____D () C:\Program Files (x86)\Hearthstone Stream Browser
2015-01-31 09:06 - 2015-01-31 09:06 - 00000000 ____D () C:\Program Files (x86)\EZDownloader
2015-01-31 09:05 - 2015-01-31 09:43 - 00000000 ____D () C:\Program Files (x86)\unissales
2015-01-31 09:05 - 2015-01-31 09:05 - 00000000 ____D () C:\ProgramData\13418973723728696083
2015-01-31 09:05 - 2015-01-31 09:05 - 00000000 ____D () C:\Program Files (x86)\uenisaalEs
2015-01-31 09:04 - 2015-01-31 09:04 - 00002508 _____ () C:\Users\XXXXX XXXXX\Desktop\kmspicofinal Download Manager.lnk
2015-01-31 09:04 - 2015-01-31 09:04 - 00000000 ____D () C:\ProgramData\hakphkngdipbpbhaokjpjfdbiipknffb
2015-01-31 09:03 - 2015-01-31 09:03 - 00000000 ____D () C:\ProgramData\{06467b43-d78a-a739-0646-67b43d78ed0f}
2015-01-31 08:59 - 2015-01-31 08:59 - 00003556 _____ () C:\Windows\System32\Tasks\avaxvyvax
2015-01-31 08:59 - 2015-01-31 08:59 - 00003206 _____ () C:\Windows\System32\Tasks\{186E3D0B-D440-49E7-8F64-7917C92B0863}
2015-01-31 08:59 - 2015-01-31 08:59 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\avaxvyvax
2015-01-31 08:58 - 2015-01-31 08:59 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\SearchProtect
2015-01-31 08:58 - 2015-01-31 08:59 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2015-01-31 08:57 - 2015-01-31 08:57 - 01191200 _____ () C:\Users\XXXXX XXXXX\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2015-01-31 08:54 - 2015-01-31 09:09 - 00000000 ____D () C:\ProgramData\MailUpdate
2015-01-31 08:54 - 2015-01-31 08:57 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\omiga-plus
2015-01-31 08:54 - 2015-01-31 08:54 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\MailUpdate
2015-01-31 08:53 - 2015-01-31 08:53 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\VOPackage
2015-01-31 08:53 - 2015-01-31 08:53 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2015-01-31 08:52 - 2015-01-31 08:52 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\Boost
2015-01-31 08:52 - 2015-01-31 08:52 - 00000000 ____D () C:\Program Files (x86)\Boost
2015-01-31 08:52 - 2014-12-14 10:53 - 00378640 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll
2015-01-31 08:52 - 2014-12-14 10:53 - 00332568 _____ (CartCrunch Israel Ltd.) C:\Windows\SysWOW64\ColorMedia.dll
2015-01-30 20:51 - 2015-01-30 20:51 - 00000600 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\winscp.rnd
2015-01-30 20:08 - 2015-01-30 20:08 - 00000000 ____D () C:\Users\Versuch\AppData\Roaming\PDF Architect
2015-01-30 20:08 - 2015-01-30 20:08 - 00000000 ____D () C:\Users\Versuch\AppData\Local\IsolatedStorage
2015-01-30 19:16 - 2015-01-30 19:17 - 00000000 ____D () C:\Users\Versuch\AppData\OICE_15_974FA576_32C1D314_2072
2015-01-27 21:08 - 2015-01-31 07:46 - 00005190 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Arbeitscomputer-XXXXX XXXXX Arbeitscomputer
2015-01-25 17:12 - 2015-01-25 17:12 - 00002086 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\UHTQPK
2015-01-25 17:12 - 2015-01-25 17:12 - 00002086 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\NWAUR
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\MLSC
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\FMLW
2015-01-20 06:34 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-20 06:34 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-20 06:34 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-20 06:34 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-20 06:34 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-20 06:34 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-20 06:34 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 08:06 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:06 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:06 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 08:06 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:06 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 08:06 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 05:55 - 2015-01-13 05:55 - 00009429 _____ () C:\Users\XXXXX XXXXX\AppData\Local\recently-used.xbel

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 10:15 - 2014-08-21 20:10 - 00000000 ____D () C:\FRST
2015-01-31 10:14 - 2011-11-13 21:43 - 01282583 _____ () C:\Windows\WindowsUpdate.log
2015-01-31 10:12 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-31 10:12 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-31 10:10 - 2014-08-06 10:55 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-31 10:10 - 2013-02-24 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-31 10:09 - 2013-02-24 19:39 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-31 10:08 - 2012-09-20 04:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-31 10:06 - 2014-11-16 12:18 - 00001295 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-31 10:06 - 2014-11-16 12:18 - 00001283 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-31 10:05 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-31 10:04 - 2014-06-20 13:07 - 00054766 _____ () C:\Windows\PFRO.log
2015-01-31 10:04 - 2014-06-18 08:20 - 00027517 _____ () C:\Windows\setupact.log
2015-01-31 09:44 - 2014-08-07 20:56 - 02931200 ___SH () C:\Users\XXXXX XXXXX\Desktop\Thumbs.db
2015-01-31 09:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-31 09:31 - 2011-11-20 15:41 - 00001609 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-31 09:30 - 2009-11-05 01:49 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-01-31 09:05 - 2012-08-14 18:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-31 07:56 - 2014-08-15 15:44 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\Adobe
2015-01-31 07:56 - 2012-04-02 19:28 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-31 07:56 - 2012-04-02 19:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-31 07:56 - 2011-11-15 21:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-30 19:03 - 2014-09-10 06:10 - 00000000 ____D () C:\Users\Versuch\AppData\Roaming\SimpleScreenshot
2015-01-27 20:12 - 2014-11-10 20:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 06:18 - 2014-11-16 12:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 07:21 - 2012-06-10 14:07 - 00000000 ____D () C:\Users\XXXXX XXXXX\Documents\Bewerbungen
2015-01-25 17:19 - 2011-11-14 06:34 - 00702664 _____ () C:\Windows\system32\perfh007.dat
2015-01-25 17:19 - 2011-11-14 06:34 - 00151424 _____ () C:\Windows\system32\perfc007.dat
2015-01-25 17:19 - 2009-07-14 06:13 - 01629998 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-23 21:11 - 2013-11-02 09:43 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\Skype
2015-01-20 14:50 - 2014-09-10 06:09 - 00000000 ____D () C:\Users\Versuch
2015-01-20 14:50 - 2013-05-22 21:33 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\RescueTime.com
2015-01-20 14:50 - 2012-03-30 17:57 - 00000000 ____D () C:\Users\XXXXX
2015-01-20 14:50 - 2011-12-01 21:23 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-01-20 14:50 - 2011-11-20 16:01 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\SimpleScreenshot
2015-01-20 14:50 - 2009-11-05 01:26 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-20 14:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-20 06:21 - 2011-11-13 22:46 - 00000000 ____D () C:\Users\XXXXX XXXXX
2015-01-18 20:07 - 2012-04-07 11:49 - 00000000 ____D () C:\Users\XXXXX XXXXX\Documents\Finanzen
2015-01-15 18:59 - 2013-07-13 08:36 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 18:46 - 2011-11-18 19:58 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 05:55 - 2014-06-15 19:34 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\gtk-2.0
2015-01-13 05:55 - 2012-08-29 10:11 - 00000000 ____D () C:\Users\XXXXX XXXXX\.gimp-2.8
2015-01-08 09:55 - 2011-11-15 21:40 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 18:47 - 2012-03-23 13:19 - 00000000 ____D () C:\Users\XXXXX XXXXX\Documents\Cellula
2015-01-03 15:28 - 2012-03-11 19:16 - 00000000 ____D () C:\Users\XXXXX XXXXX\Documents\ERGO
2015-01-03 10:51 - 2012-03-11 19:16 - 00000000 ____D () C:\Users\XXXXX XXXXX\Documents\SP
2015-01-03 08:31 - 2012-03-25 11:40 - 00000000 ____D () C:\Users\XXXXX XXXXX\Documents\Steuerfälle

==================== Files in the root of some directories =======

2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\FMLW
2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\MLSC
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\NWAUR
2014-06-28 07:10 - 2014-07-23 21:30 - 14159872 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\Sandra.mdb
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\UHTQPK
2015-01-30 20:51 - 2015-01-30 20:51 - 0000600 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\winscp.rnd
2012-04-20 18:28 - 2014-07-07 01:20 - 0006656 _____ () C:\Users\XXXXX XXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-22 21:07 - 2014-09-22 21:07 - 0001482 _____ () C:\Users\XXXXX XXXXX\AppData\Local\RecConfig.xml
2015-01-13 05:55 - 2015-01-13 05:55 - 0009429 _____ () C:\Users\XXXXX XXXXX\AppData\Local\recently-used.xbel
2013-08-12 21:15 - 2013-08-12 21:15 - 0007603 _____ () C:\Users\XXXXX XXXXX\AppData\Local\Resmon.ResmonCfg
2012-03-31 10:26 - 2012-03-31 10:26 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-11-13 22:53 - 2011-11-13 22:57 - 0008282 _____ () C:\ProgramData\ArcadeDeluxe3.log
2014-09-22 19:19 - 2014-10-06 19:45 - 0008737 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\XXXXX XXXXX\AppData\Local\Temp\a15d7.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\avgnt.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\bdbcabfccbhi.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\Booster-Web-Installer.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\KMSPico 9.2.4__7628_il125.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\OnlineBackup.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\Quarantine.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\SearchProtectINT.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\sfamcc00001.dll
C:\Users\XXXXX XXXXX\AppData\Local\Temp\SkypeSetup.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\SpOrder.dll
C:\Users\XXXXX XXXXX\AppData\Local\Temp\sqlite3.dll
C:\Users\XXXXX XXXXX\AppData\Local\Temp\vsdel.exe
C:\Users\Versuch\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-16 21:06

==================== End Of Log ============================
--- --- ---

magigstar 31.01.2015 10:24
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2015
Ran by XXXXX XXXXX at 2015-01-31 10:17:30
Running from C:\Users\XXXXX XXXXX\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.7112 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.0.7112 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.29 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.124.1120 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.124.1120 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3004 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.2009.1217 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3000 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.103 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}) (Version: 1.4.17.35005 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.4.17.35005 - Alcor Micro Corp.) Hidden
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
Alle meine Passworte 4.13 (HKLM\...\AllemeinePassworte) (Version:  - Mirko Böer)
Allway Sync version 12.16.9 (HKLM-x32\...\Allway Sync_is1) (Version:  - Botkind Inc)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1105 - Alps Electric)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{11F38253-8940-FFDA-D131-B14120C357E4}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avi2Dvd 0.6.4 (HKLM-x32\...\Avi2Dvd) (Version: 0.6.4 - TrustFm)
Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Backup Manager Basic (x32 Version: 2.0.0.29 - NewTech Infosystems) Hidden
BatteryCare 0.9.10.0 (HKLM-x32\...\{C6A6036D-FBD0-4324-BEAA-C0845257160C}_is1) (Version: 0.9.10.0 - Filipe Lourenço)
BitTorrent (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\BitTorrent) (Version: 7.9.2.31638 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Boost (HKLM-x32\...\Boost) (Version: 3.0.0.27 - Boost Shopping)
Booster-Web (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Booster-Web) (Version: 4 - ${CompanyName})
Broadcom Gigabit NetLink Controller (HKLM\...\{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}) (Version: 12.33.03 - Broadcom Corporation)
Canon MP160 Benutzerregistrierung (HKLM-x32\...\Canon MP160 Benutzerregistrierung) (Version:  - )
ccc-core-static (x32 Version: 2009.1209.2335.42329 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP)
Chandler 1.0.3 (HKLM-x32\...\Chandler) (Version: 1.0.3 - Open Source Applications Foundation)
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)
CinemaP-1.4cV31.01 (HKLM-x32\...\CinemaP-1.4cV31.01) (Version: 1.36.01.22 - Cinema PlusV31.01) <==== ATTENTION
ContentAdder (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{d65a1a66}) (Version:  - ContentAdder) <==== ATTENTION
CoreAAC Audio Decoder (remove only) (HKLM-x32\...\CoreAAC Audio Decoder) (Version:  - )
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
EinsteinBrainTrainer (remove only) (HKLM-x32\...\EinsteinBrainTrainer) (Version:  - )
Ekahau HeatMapper (HKLM\...\Heatmapper-1.1.4.39795) (Version: 1.1.4.39795 - Ekahau Inc.)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
EZDownloader (HKLM-x32\...\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1) (Version: 1.0 - EZDownloader) <==== ATTENTION
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
ffdshow [rev 3299] [2010-03-03] (HKLM-x32\...\ffdshow_is1) (Version: 1.0.0.3299 - )
Fiat eco:Drive (HKLM-x32\...\com.fiat.convergence.385E4263E7379A5D22A7076E99B02868EFF10711.1) (Version: 2.0.2 - Fiat Group Automobiles)
Fiat eco:Drive (x32 Version: 2.0.2 - Fiat Group Automobiles) Hidden
First Class Flurry (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}) (Version:  - Oberon Media)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.105.325 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.3.321 - Foxit Corporation)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free DVD Video Burner version 3.0.4.426 (HKLM-x32\...\Free DVD Video Burner_is1) (Version:  - DVDVideoSoft Limited.)
Free System Utilities (HKLM-x32\...\{ad2818b3-1616-4ec8-855d-be6936103e5a}) (Version: 1.1.0.70 - Covus Freemium GmbH)
Free SystemUtilities (x32 Version: 1.1.0.70 - Covus Freemium GmbH) Hidden
Free YouTube Download version 3.1.37.918 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.37.918 - DVDVideoSoft Ltd.)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0_RC_10 - )
FRITZ!Box-Fernzugang einrichten (HKLM-x32\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
FrostWire 5.3.5 (HKLM-x32\...\FrostWire 5) (Version: 5.3.5.0 - FrostWire Team)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Hearthstone Stream Browser (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version:  - ) <==== ATTENTION
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photosmart 5520 series - Grundlegende Software für das Gerät (HKLM\...\{4F396B08-301D-4E53-A372-95A7E93ABD04}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.007 - HTC Corporation)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
iWebar (HKLM-x32\...\iWebar) (Version: 1.36.01.22 - Webby) <==== ATTENTION
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Join Air (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - ZTE Corporation)
Kassenbuch (HKLM-x32\...\{29531C6B-7B64-4C53-B54A-6C8AB5DE2159}) (Version: 1.0.0 - Office Consult GmbH)
K-Lite Codec Pack 9.2.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.2.0 - )
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.05 - Acer Inc.)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MediaHuman YouTube to MP3 Converter Version 3.3 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.3 - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 (KB971118) (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971118)) (Version:  - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 Language Pack - DEU (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 Language Pack - DEU) (Version:  - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
moters (HKLM-x32\...\{c8730ca5-3f82-41cc-65e2-01b87600cd89}) (Version: 1.0.0 - ningsup) <==== ATTENTION!
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MPC-HC 1.7.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyBestOffersToday 014.481 (HKLM-x32\...\mbot_de_481_is1) (Version:  - MYBESTOFFERSTODAY) <==== ATTENTION
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.0.1 - Vitalwerks Internet Solutions LLC)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6623 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6623 - NewTech Infosystems) Hidden
O&O Defrag Free Edition (HKLM\...\{C10CAF82-9D36-4D9A-9DC0-C4549F06B519}) (Version: 14.1.431 - O&O Software GmbH)
Object Browser (HKLM-x32\...\Object Browser) (Version: 1.36.01.22 - ObjectB)
omiga-plus uninstall (HKLM-x32\...\omiga-plus uninstall) (Version:  - omiga-plus) <==== ATTENTION
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF24 Creator 6.8.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
pomodairo (HKLM-x32\...\{EEBEA077-AB92-5083-ECB1-C15BD842D00B}) (Version: 1.9 - UNKNOWN)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Random Dresser (HKLM-x32\...\RandomDresser) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
RescueTime 2.2.1 (HKLM-x32\...\{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1) (Version:  - RescueTime.com)
Restorer2000 3.3 (HKLM-x32\...\Restorer2000_is1) (Version: 3.3 - Bitmart Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Search Module Plus (HKLM-x32\...\Search Module Plus) (Version:  - Goobzo)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.20.1.20 - Client Connect LTD) <==== ATTENTION
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shopper-Pro (HKLM-x32\...\ShopperPro) (Version:  - ) <==== ATTENTION
Shutdown Manager (HKLM-x32\...\{C457BA5F-35F9-480C-90F8-5C91DB443A15}_is1) (Version: 2.0.7 - Daniel Höllig)
SimpleScreenshot 1.40 (HKLM-x32\...\SimpleScreenshot) (Version:  - )
SiSoftware Sandra Lite 2014.SP2a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 20.35.2014.6 - SiSoftware)
SIW version 2011.10.29 (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.10.29 - Topala Software Solutions)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Steganos Safe 14 (HKLM-x32\...\{13B7FBFB-622E-4002-8570-594798E6167D}) (Version: 14.2.2 - Steganos Software GmbH)
Steuer-Spar-Erklärung 2008 (HKLM-x32\...\{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}) (Version: 13.02.0000 - Akademische Arbeitsgemeinschaft)
Steuer-Spar-Erklärung 2009 (HKLM-x32\...\{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}) (Version: 14.01.0000 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2010 (HKLM-x32\...\{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}) (Version: 15.15 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2011 (HKLM-x32\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.18 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.14 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.12.92 - Akademische Arbeitsgemeinschaft)
StormWatch (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\StormWatch) (Version: 1.0.1.41 - StormWatch) <==== ATTENTION!
Streamripper (Remove only) (HKLM-x32\...\Streamripper) (Version:  - )
Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten (HKLM\...\{CAD7B6DD-9C82-4D17-BAE8-3E9AE4971B90}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
TabNav (HKLM-x32\...\TabNav) (Version: 3.0.0.2 - TabNav) <==== ATTENTION!
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
Time Stamp (HKLM-x32\...\Time Stamp_is1) (Version:  - 3.23.2010-0313)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.0.0 - TP-LINK)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
Tunatic (HKLM-x32\...\Tunatic) (Version:  - )
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
unissales (HKLM-x32\...\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}) (Version:  - ) <==== ATTENTION
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
winengine (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\winengine) (Version: 20.020 - Ad business Crown Solutions)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinPatrol (HKLM\...\{6E575124-6D34-4E65-9375-7D69468A6089}) (Version: 30.9 - BillP Studios)
WinRAR 5.10 Beta 4 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )
youtubeadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version:  - ) <==== ATTENTION
YTDownloader (HKLM-x32\...\YTDownloader) (Version:  - YTDownloader) <==== ATTENTION!
Zuzahlungsrechner (HKLM-x32\...\{B2C69E77-F209-4B63-8676-4F32B27E162B}) (Version: 3.6.0 - sfr-software-fuers-heim)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1242904208-471078349-2963378918-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\XXXXX XXXXX\AppData\Roaming\moters\supna.dll () <==== ATTENTION

==================== Restore Points  =========================

06-01-2015 11:10:26 Windows Update
10-01-2015 10:19:09 Windows Update
14-01-2015 08:05:58 Windows Update
15-01-2015 18:45:05 Windows Update
16-01-2015 05:01:13 Windows Modules Installer
20-01-2015 06:35:31 Windows Update
21-01-2015 00:02:16 Windows Update
27-01-2015 20:19:44 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-08-24 12:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0CAEEB6B-A216-4E04-9EA6-AC310639FD8D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {0E16AE93-AC32-4015-9120-BB0947F3E1AF} - System32\Tasks\MLSC => C:\Users\XXXXX XXXXX\AppData\Roaming\MLSC.exe <==== ATTENTION
Task: {13DABB31-ABBE-4704-8EDF-E28147F8962C} - System32\Tasks\SMWPUpd => C:\Program Files\Common Files\Goobzo\GBUpdatePlus\updater.exe [2015-01-31] () <==== ATTENTION
Task: {144A03FD-FC9F-49A8-A7E3-BB07F9380723} - System32\Tasks\04c81119-30a3-4168-b759-0865e99d237c-5_user => C:\Program Files (x86)\iWebar\04c81119-30a3-4168-b759-0865e99d237c-5.exe <==== ATTENTION
Task: {17F1A5E3-5D16-4A3A-8BF7-0800CEE2274E} - System32\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-7 => C:\Program Files (x86)\CinemaP-1.4cV31.01\beddc3a5-14c1-4be6-a132-5174f13a7c15-7.exe <==== ATTENTION
Task: {2168CB8A-75B9-4655-9C7A-313DA3E38456} - System32\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-1-6 => C:\Program Files (x86)\Object Browser\b64080d3-a27b-4f56-bf65-9831b019eee8-1-6.exe <==== ATTENTION
Task: {23CEA58C-8E99-49B6-96E0-E0033F148659} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {26DA7882-781D-4FC9-B1A5-5F5B1F7227FE} - System32\Tasks\{6A246FB0-E753-4188-9543-22389AB30F4E} => pcalua.exe -a "C:\Users\XXXXX XXXXX\Downloads\Chandler_win_1.0.3.exe" -d "C:\Users\XXXXX XXXXX\Downloads"
Task: {2E7ABA78-BCEF-4BB2-B110-E0409758EA99} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe <==== ATTENTION
Task: {2F491965-426D-4740-BA34-9AC1AFB8DDE2} - System32\Tasks\UHTQPK => C:\Users\XXXXX XXXXX\AppData\Roaming\UHTQPK.exe <==== ATTENTION
Task: {331D0C36-5AAC-434D-A64B-8F53AF5F083F} - System32\Tasks\zupa3002 => C:\Program Files (x86)\TabNav\zupa3002.exe [2015-01-30] ()
Task: {38C51694-B081-4739-8E17-069D4A49D4D4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {39797397-C71C-40BC-9DE2-FD0F77C1DA64} - System32\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-5_user => C:\Program Files (x86)\CinemaP-1.4cV31.01\beddc3a5-14c1-4be6-a132-5174f13a7c15-5.exe <==== ATTENTION
Task: {47C46238-A6C4-4C4B-BE85-E6E1425608CB} - System32\Tasks\{144D2C4F-2583-452B-AC74-C64839CF03CC} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller" -c -hunter
Task: {4A6023EB-BA8A-4CF4-9D12-B0425099B62E} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
Task: {4B929ACB-8D6F-4880-8272-67EB7654CC75} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smp.exe [2014-07-09] () <==== ATTENTION
Task: {54FC1534-AF21-4D6E-A4A2-5CE86F693F77} - System32\Tasks\04c81119-30a3-4168-b759-0865e99d237c-6 => C:\Program Files (x86)\iWebar\04c81119-30a3-4168-b759-0865e99d237c-6.exe <==== ATTENTION
Task: {58D2E398-84ED-427D-BCE0-FD6C8CE73719} - System32\Tasks\04c81119-30a3-4168-b759-0865e99d237c-4 => C:\Program Files (x86)\iWebar\04c81119-30a3-4168-b759-0865e99d237c-4.exe <==== ATTENTION
Task: {5A42985A-DC32-4FE1-8210-CA09F67316FC} - System32\Tasks\HPCustPartic.exe_{96420065-3C4E-4B3E-96DB-DB0760F51DDD} => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {5B5D6CC7-9FA7-4441-9A09-8A3C4EA669FD} - System32\Tasks\{9B880EC1-DC3B-45D7-A7BB-4E131A7A884F} => pcalua.exe -a "C:\Users\XXXXX XXXXX\Downloads\esetsmartinstaller_enu.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {5B6FF105-34F9-4615-8B13-1F2568F3156B} - System32\Tasks\ShopperProJSUpd => C:\Program Files (x86)\ShopperPro\updater.exe <==== ATTENTION
Task: {5E1E681C-C0F1-4E87-8C95-38A011634E9C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5EDF2573-D82F-4F74-B6D1-AE4A427F0D95} - System32\Tasks\SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1361.0.0.0\jsdrv.exe <==== ATTENTION
Task: {610F7813-47C6-4CA8-8076-CA995D4E32DC} - System32\Tasks\amiupdaterExi => C:\Users\DANIEL~1\AppData\Local\Temp\amiupdater942.exe <==== ATTENTION
Task: {658A7160-D5FE-40D6-8358-5AC71CDD5600} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Arbeitscomputer-XXXXX XXXXX Arbeitscomputer => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: {739C86AB-D488-4894-A94A-E1C873D935C4} - System32\Tasks\{239C0599-E784-4910-B228-5D5AB8D346A6} => pcalua.exe -a "C:\Users\XXXXX XXXXX\Downloads\HiJackThis204.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {773149FF-2A04-41E8-AEF1-735F0738EC51} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {792B72B2-C51B-4379-B2AA-007529DB50F0} - System32\Tasks\{8D77E667-A31C-4EB4-B209-1E559B732CBC} => pcalua.exe -a "C:\Program Files (x86)\Canon\IJEREG\MP160\UNINST.EXE"
Task: {79995E4D-7C32-4800-8797-6893DD64333B} - System32\Tasks\{186E3D0B-D440-49E7-8F64-7917C92B0863} => pcalua.exe -a "C:\Users\XXXXX XXXXX\AppData\Roaming\omiga-plus\UninstallManager.exe" -c -ptid=obw <==== ATTENTION
Task: {7AEAE564-35D2-434E-8BC2-12BF5BC672DE} - System32\Tasks\HPCustParticipation HP Deskjet 3070 B611 series => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {7D1191F0-1BD9-4237-AF9D-126E1D8D114C} - System32\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-6 => C:\Program Files (x86)\CinemaP-1.4cV31.01\beddc3a5-14c1-4be6-a132-5174f13a7c15-6.exe <==== ATTENTION
Task: {7EED0456-B087-4708-8496-6474B917CECB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {80334391-EA16-43DB-A5A5-7A265F76DFB7} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {8711E45B-02BC-4D37-9B3C-575379E12E30} - System32\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-7 => C:\Program Files (x86)\Object Browser\b64080d3-a27b-4f56-bf65-9831b019eee8-7.exe <==== ATTENTION
Task: {898A776F-4C75-419B-8A79-921940A3FC6C} - System32\Tasks\amiupdaterExd => cmd.exe /c start /min bitsadmin /transfer amijob /download /priority high http://d17xr4aw9ok0me.cloudfront.net/Updater.exe "C:\Users\DANIEL~1\AppData\Local\Temp\amiupdater942.exe"
Task: {8A7B2FE2-33B2-41C1-BEB0-7E26EE1FF684} - System32\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-1-6 => C:\Program Files (x86)\CinemaP-1.4cV31.01\beddc3a5-14c1-4be6-a132-5174f13a7c15-1-6.exe <==== ATTENTION
Task: {92533B9B-37E7-4E54-B7DE-F8B0B255CFEE} - System32\Tasks\{4781B96F-C3F4-45CF-AB6F-C64C9AD3E88D} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{319D91C6-3D44-436C-9F79-36C0D22372DC}\setup.exe" -d "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK" -c -runfromtemp -removeonly
Task: {98287A7A-28BD-4B30-B27C-ADDB220DF384} - System32\Tasks\04c81119-30a3-4168-b759-0865e99d237c-7 => C:\Program Files (x86)\iWebar\04c81119-30a3-4168-b759-0865e99d237c-7.exe <==== ATTENTION
Task: {9C395D30-C0E5-4B3A-A232-E38DA71A3827} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A1D835EF-9220-45A2-811E-2CA5B38166BF} - System32\Tasks\hpUrlLauncher.exe_{4AF7A75F-FDE8-41B8-80D9-5C3EBC32D019} => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\utils\hpUrlLauncher.exe
Task: {A8889BDD-EEA6-44D8-85E8-4A53B4C6FFC7} - System32\Tasks\avaxvyvax => C:\Users\XXXXX XXXXX\AppData\Local\avaxvyvax\avaxvyvax.exe [2015-01-20] ()
Task: {B7A342C6-6ABF-492E-9250-2C92CB583846} - System32\Tasks\{A2A68590-5CAE-4C98-8B98-D18CC5E4C073} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{3DB0448D-AD82-4923-B305-D001E521A964}\setup.exe" -c -runfromtemp -l0x407 -removeonly
Task: {B99335C8-3858-4912-916A-9AC2D8DFC005} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {BA5A1A7D-3276-4F1A-A78A-7FACC76C27A5} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {BBBF9E37-C1CD-4CF0-A783-CE021D6D2928} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {C1ACE4A8-19C0-45F4-9D33-A8411D825BF4} - System32\Tasks\NWAUR => C:\Users\XXXXX XXXXX\AppData\Roaming\NWAUR.exe <==== ATTENTION
Task: {C3A9171A-C2B0-4DD2-90FB-60F5166A5C06} - System32\Tasks\sondhschedule => C:\Users\XXXXX
Task: {C4D8DBDC-0684-4CD1-8370-6636F2A8C92D} - System32\Tasks\FMLW => C:\Users\XXXXX XXXXX\AppData\Roaming\FMLW.exe <==== ATTENTION
Task: {CAE649E2-C9AA-486B-8095-9F6E9D5B6007} - System32\Tasks\04c81119-30a3-4168-b759-0865e99d237c-1-7 => C:\Program Files (x86)\iWebar\04c81119-30a3-4168-b759-0865e99d237c-1-7.exe <==== ATTENTION
Task: {CDB52F14-D764-4638-997C-335E4F8D665E} - System32\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-5 => C:\Program Files (x86)\Object Browser\b64080d3-a27b-4f56-bf65-9831b019eee8-5.exe <==== ATTENTION
Task: {CE1FA602-4C6A-4185-89FF-E9C110D03F26} - System32\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-6 => C:\Program Files (x86)\Object Browser\b64080d3-a27b-4f56-bf65-9831b019eee8-6.exe <==== ATTENTION
Task: {CE5325CF-BB63-4751-AB56-BD427BEAA0D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-31] (Adobe Systems Incorporated)
Task: {D2F99B1D-9988-4D9E-A02E-163DF0B4BA4B} - System32\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-1-7 => C:\Program Files (x86)\Object Browser\b64080d3-a27b-4f56-bf65-9831b019eee8-1-7.exe <==== ATTENTION
Task: {D52B51BB-D081-4545-926A-14AF1CCED3BB} - System32\Tasks\04c81119-30a3-4168-b759-0865e99d237c-5 => C:\Program Files (x86)\iWebar\04c81119-30a3-4168-b759-0865e99d237c-5.exe <==== ATTENTION
Task: {D8BC15BF-E6F5-4406-95E2-4C359424AE7D} - System32\Tasks\SMW_UpdateTask_Time_333035393833303830392d5a556c6c4a5a575750414134 => Wscript.exe //B "C:\ProgramData\SearchModulePlus\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {DA50F050-8700-4A90-9184-FBA2F85ECA89} - System32\Tasks\Inst_Rep => C:\Users\XXXXX XXXXX\AppData\Local\Installer\Install_24189\DCytdieamo_amodc_setup.exe [2015-01-31] ()
Task: {E36CA599-B047-467B-99AF-5E380AFECE05} - System32\Tasks\{AC797CD7-B058-4AC8-84B2-B2307D6AFF9B} => C:\Program Files (x86)\Chandler1.0.3\chandler.exe
Task: {E52EF634-E971-4BC9-BD01-F4B71F2334FA} - System32\Tasks\04c81119-30a3-4168-b759-0865e99d237c-1-6 => C:\Program Files (x86)\iWebar\04c81119-30a3-4168-b759-0865e99d237c-1-6.exe <==== ATTENTION
Task: {E601D56A-E52D-4DEE-ACB4-7047712F00F9} - System32\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-4 => C:\Program Files (x86)\Object Browser\b64080d3-a27b-4f56-bf65-9831b019eee8-4.exe <==== ATTENTION
Task: {E70D6D91-7B6D-4F46-94B5-F7C18A92EE6F} - System32\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-1-7 => C:\Program Files (x86)\CinemaP-1.4cV31.01\beddc3a5-14c1-4be6-a132-5174f13a7c15-1-7.exe <==== ATTENTION
Task: {E85DBE85-E344-4E48-A05A-ACF97445121F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {E9A74425-992C-4024-A0F4-03BCF765A15D} - System32\Tasks\SPBIW_UpdateTask_Time_333035393833303830392d5a556c6c4a5a575750414134 => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {EE3DF0F4-E213-4E3E-AC3A-25D5F123BC42} - System32\Tasks\ShopperPro => C:\Program Files (x86)\ShopperPro\ShopperPro.exe <==== ATTENTION
Task: {F30712C0-5F79-4616-BFEE-8D27E1822469} - System32\Tasks\{581487AC-8AAF-40E1-A997-6B8519F0C5EC} => C:\Program Files (x86)\Chandler1.0.3\chandler.exe
Task: {F37499B6-D498-4624-87BF-F4121D73A4C5} - System32\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-5 => C:\Program Files (x86)\CinemaP-1.4cV31.01\beddc3a5-14c1-4be6-a132-5174f13a7c15-5.exe <==== ATTENTION
Task: {F45DE156-6655-484B-92CA-821464209F45} - System32\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-5_user => C:\Program Files (x86)\Object Browser\b64080d3-a27b-4f56-bf65-9831b019eee8-5.exe <==== ATTENTION
Task: {FC0397BA-8222-41E7-836D-453BA55E74DB} - System32\Tasks\{2E665153-C229-4C02-9699-2F4EF08B1807} => pcalua.exe -a C:\Users\DANIEL~1\AppData\Local\Temp\InstallFlashPlayer.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {FD0D7EA4-7A6F-420A-897E-F08E216CFB67} - System32\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-4 => C:\Program Files (x86)\CinemaP-1.4cV31.01\beddc3a5-14c1-4be6-a132-5174f13a7c15-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\04c81119-30a3-4168-b759-0865e99d237c-1-6.job => C:\Program Files (x86)\iWebar\04c81119-30a3-4168-b759-0865e99d237c-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\04c81119-30a3-4168-b759-0865e99d237c-1-7.job => C:\Program Files (x86)\iWebar\04c81119-30a3-4168-b759-0865e99d237c-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\04c81119-30a3-4168-b759-0865e99d237c-4.job => C:\Program Files (x86)\iWebar\04c81119-30a3-4168-b759-0865e99d237c-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\04c81119-30a3-4168-b759-0865e99d237c-5.job => C:\Program Files (x86)\iWebar\04c81119-30a3-4168-b759-0865e99d237c-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\04c81119-30a3-4168-b759-0865e99d237c-5_user.job => C:\Program Files (x86)\iWebar\04c81119-30a3-4168-b759-0865e99d237c-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\04c81119-30a3-4168-b759-0865e99d237c-6.job => C:\Program Files (x86)\iWebar\04c81119-30a3-4168-b759-0865e99d237c-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\04c81119-30a3-4168-b759-0865e99d237c-7.job => C:\Program Files (x86)\iWebar\04c81119-30a3-4168-b759-0865e99d237c-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-1-6.job => C:\Program Files (x86)\Object Browser\b64080d3-a27b-4f56-bf65-9831b019eee8-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-1-7.job => C:\Program Files (x86)\Object Browser\b64080d3-a27b-4f56-bf65-9831b019eee8-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-4.job => C:\Program Files (x86)\Object Browser\b64080d3-a27b-4f56-bf65-9831b019eee8-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-5.job => C:\Program Files (x86)\Object Browser\b64080d3-a27b-4f56-bf65-9831b019eee8-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-5_user.job => C:\Program Files (x86)\Object Browser\b64080d3-a27b-4f56-bf65-9831b019eee8-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-6.job => C:\Program Files (x86)\Object Browser\b64080d3-a27b-4f56-bf65-9831b019eee8-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\b64080d3-a27b-4f56-bf65-9831b019eee8-7.job => C:\Program Files (x86)\Object Browser\b64080d3-a27b-4f56-bf65-9831b019eee8-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-1-6.job => C:\Program Files (x86)\CinemaP-1.4cV31.01\beddc3a5-14c1-4be6-a132-5174f13a7c15-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-1-7.job => C:\Program Files (x86)\CinemaP-1.4cV31.01\beddc3a5-14c1-4be6-a132-5174f13a7c15-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-4.job => C:\Program Files (x86)\CinemaP-1.4cV31.01\beddc3a5-14c1-4be6-a132-5174f13a7c15-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-5.job => C:\Program Files (x86)\CinemaP-1.4cV31.01\beddc3a5-14c1-4be6-a132-5174f13a7c15-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-5_user.job => C:\Program Files (x86)\CinemaP-1.4cV31.01\beddc3a5-14c1-4be6-a132-5174f13a7c15-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-6.job => C:\Program Files (x86)\CinemaP-1.4cV31.01\beddc3a5-14c1-4be6-a132-5174f13a7c15-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\beddc3a5-14c1-4be6-a132-5174f13a7c15-7.job => C:\Program Files (x86)\CinemaP-1.4cV31.01\beddc3a5-14c1-4be6-a132-5174f13a7c15-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\FMLW.job => C:\Users\XXXXX XXXXX\AppData\Roaming\FMLW.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MLSC.job => C:\Users\XXXXX XXXXX\AppData\Roaming\MLSC.exe <==== ATTENTION
Task: C:\Windows\Tasks\NWAUR.job => C:\Users\XXXXX XXXXX\AppData\Roaming\NWAUR.exe <==== ATTENTION
Task: C:\Windows\Tasks\UHTQPK.job => C:\Users\XXXXX XXXXX\AppData\Roaming\UHTQPK.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2007-10-04 14:32 - 2007-10-04 14:32 - 00122880 _____ () C:\Program Files (x86)\Common Files\AAV\aavus.exe
2014-10-07 21:27 - 2014-10-07 21:27 - 00139264 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\moters\supna.dll
2011-01-13 09:04 - 2011-01-13 09:04 - 00030080 _____ () C:\Windows\snuvcdsm.exe
2011-11-13 22:52 - 2011-11-13 22:51 - 00200704 _____ () C:\Windows\PLFSetI.exe
2014-12-12 13:34 - 2014-12-12 13:34 - 00511416 _____ () C:\Users\XXXXX XXXXX\AppData\Local\winengine\rkr1.exe
2009-07-29 13:10 - 2009-07-29 13:10 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-11-13 21:44 - 2011-11-13 21:44 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-01-07 15:35 - 2015-01-07 15:35 - 01605632 _____ () C:\Program Files\Common Files\ShopperPro\spbici64.dll
2015-01-31 08:06 - 2015-01-31 08:06 - 00586752 _____ () C:\Program Files\Common Files\Goobzo\GBUpdatePlus\SCHelper.exe
2014-12-28 14:38 - 2014-04-22 19:39 - 00645592 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2014-11-16 12:20 - 2015-01-27 06:18 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-10-07 21:27 - 2014-10-07 21:27 - 00117760 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\moters\mentste.dll
2015-01-31 07:56 - 2015-01-31 07:56 - 16844976 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll
2015-01-07 15:34 - 2015-01-07 15:34 - 01270272 _____ () C:\Program Files\Common Files\ShopperPro\spbici32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BotkindSyncService => 2
MSCONFIG\Services: FoxitCloudUpdateService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NoIPDUCService4 => 2
MSCONFIG\Services: NTI IScheduleSvc => 2
MSCONFIG\Services: NTIBackupSvc => 3
MSCONFIG\Services: NTISchedulerSvc => 2
MSCONFIG\Services: OODefragAgent => 2
MSCONFIG\Services: PassThru Service => 2
MSCONFIG\Services: PDF Architect Helper Service => 2
MSCONFIG\Services: PDF Architect Service => 2
MSCONFIG\Services: SandraAgentSrv => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\Services: TomTomHOMEService => 2
MSCONFIG\Services: Updater Service => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart

========================= Accounts: ==========================

Administrator (S-1-5-21-1242904208-471078349-2963378918-500 - Administrator - Disabled)
XXXXX XXXXX (S-1-5-21-1242904208-471078349-2963378918-1000 - Administrator - Enabled) => C:\Users\XXXXX XXXXX
XXXXX (S-1-5-21-1242904208-471078349-2963378918-1003 - Limited - Enabled) => C:\Users\XXXXX
Gast (S-1-5-21-1242904208-471078349-2963378918-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1242904208-471078349-2963378918-1002 - Limited - Enabled)
Versuch (S-1-5-21-1242904208-471078349-2963378918-1004 - Administrator - Enabled) => C:\Users\Versuch

==================== Faulty Device Manager Devices =============

Name: SPDRIVER_1361.0.0.0
Description: SPDRIVER_1361.0.0.0
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SPDRIVER_1361.0.0.0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/31/2015 10:13:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm avscan.exe, Version 14.0.7.462 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1a3c

Startzeit: 01d03d35b866e4ff

Endzeit: 60000

Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe

Berichts-ID: 4d767bbd-a929-11e4-861f-00262d8cabd9

Error: (01/31/2015 10:00:53 AM) (Source: VSS) (EventID: 12298) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die E/A-Schreibvorgänge können während des Schattenkopie-Erstellungszeitraums auf Volume "C:\" nicht gespeichert werden.
Der Volumeindex im Schattenkopiesatz ist 0. Fehlerdetails: Offen[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Leerung[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Freigabe[0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
], Ausführung[0x00000000, Der Vorgang wurde erfolgreich beendet.
].


Vorgang:
  Asynchroner Vorgang wird ausgeführt

Kontext:
  Aktueller Status: DoSnapshotSet

Error: (01/31/2015 10:00:53 AM) (Source: VSS) (EventID: 12310) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die Schattenkopie kann nicht zugesichert werden - Vorgang hat das Zeitlimit überschritten.
Fehlerkontext: DeviceIoControl(\\?\Volume{b305a80e-0e37-11e1-862a-806e6f6e6963} - 0000000000000130,0x0053c010,0000000000351280,0,0000000000350270,4096,[0]).


Vorgang:
  Schattenkopien werden übertragen

Kontext:
  Ausführungskontext: System Provider

Error: (01/31/2015 09:34:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1bbc
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (01/31/2015 09:33:12 AM) (Source: MsiInstaller) (EventID: 11309) (User: Arbeitscomputer)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.

Error: (01/31/2015 09:33:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1d98
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (01/31/2015 09:30:25 AM) (Source: MsiInstaller) (EventID: 11309) (User: Arbeitscomputer)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.

Error: (01/31/2015 09:30:14 AM) (Source: MsiInstaller) (EventID: 11309) (User: Arbeitscomputer)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.

Error: (01/31/2015 09:28:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x15b0
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (01/31/2015 09:19:01 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Application: winword.exe; IdentityType: LiveId; HasToken: 0; AutoOrgId: 0; Roaming: 0; SessionLicensing: 0; LvuxSqm: 0; SppReady: 1; CurrentHr: 0x803d0013; CorrelationId: {A951B0F1-6DF7-42DD-B981-353AC6AB9025}; OlsErrorCode: 0x9; AllProductReleaseIds (from store):


System errors:
=============
Error: (01/31/2015 10:05:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "YTDUpdt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (01/31/2015 10:05:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SPDRIVER_1361.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (01/31/2015 09:45:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "TampaGeneration" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/31/2015 07:25:12 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (01/30/2015 07:48:03 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (01/30/2015 07:48:02 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (01/30/2015 07:48:00 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (01/30/2015 07:37:18 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (01/30/2015 07:37:16 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (01/30/2015 07:37:16 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.


Microsoft Office Sessions:
=========================
Error: (01/31/2015 10:13:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: avscan.exe14.0.7.4621a3c01d03d35b866e4ff60000C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe4d767bbd-a929-11e4-861f-00262d8cabd9

Error: (01/31/2015 10:00:53 AM) (Source: VSS) (EventID: 12298) (User: )
Description: C:\00x00000000, Der Vorgang wurde erfolgreich beendet.
0x00000000, Der Vorgang wurde erfolgreich beendet.
0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
0x00000000, Der Vorgang wurde erfolgreich beendet.


Vorgang:
  Asynchroner Vorgang wird ausgeführt

Kontext:
  Aktueller Status: DoSnapshotSet

Error: (01/31/2015 10:00:53 AM) (Source: VSS) (EventID: 12310) (User: )
Description: DeviceIoControl(\\?\Volume{b305a80e-0e37-11e1-862a-806e6f6e6963} - 0000000000000130,0x0053c010,0000000000351280,0,0000000000350270,4096,[0])

Vorgang:
  Schattenkopien werden übertragen

Kontext:
  Ausführungskontext: System Provider

Error: (01/31/2015 09:34:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f22480000003000014251bbc01d03d30912634f2C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlle954ef38-a923-11e4-998e-00262d8cabd9

Error: (01/31/2015 09:33:12 AM) (Source: MsiInstaller) (EventID: 11309) (User: Arbeitscomputer)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/31/2015 09:33:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f22480000003000014251d9801d03d3084eb88dbC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllc79b79ce-a923-11e4-998e-00262d8cabd9

Error: (01/31/2015 09:30:25 AM) (Source: MsiInstaller) (EventID: 11309) (User: Arbeitscomputer)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/31/2015 09:30:14 AM) (Source: MsiInstaller) (EventID: 11309) (User: Arbeitscomputer)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/31/2015 09:28:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f224800000030000142515b001d03d2fc43724d0C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll31a9c0e0-a923-11e4-998e-00262d8cabd9

Error: (01/31/2015 09:19:01 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Application: winword.exe; IdentityType: LiveId; HasToken: 0; AutoOrgId: 0; Roaming: 0; SessionLicensing: 0; LvuxSqm: 0; SppReady: 1; CurrentHr: 0x803d0013; CorrelationId: {A951B0F1-6DF7-42DD-B981-353AC6AB9025}; OlsErrorCode: 0x9; AllProductReleaseIds (from store):


CodeIntegrity Errors:
===================================
  Date: 2014-08-24 13:21:32.971
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.769
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.550
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.332
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:01.069
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\DANIEL~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:00.711
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\DANIEL~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:00.330
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:00.010
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-01 15:18:48.633
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-01 15:18:48.446
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 61%
Total physical RAM: 3956.5 MB
Available physical RAM: 1503.61 MB
Total Pagefile: 7911.18 MB
Available Pagefile: 4694.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:290.05 GB) (Free:100.44 GB) NTFS
Drive d: (DATA) (Fixed) (Total:290.4 GB) (Free:285.17 GB) NTFS
Drive f: (INTENSO) (Removable) (Total:14.44 GB) (Free:14.44 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 6D48B855)
Partition 1: (Not Active) - (Size=15.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=290.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=290.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.5 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.

==================== End Of Log ============================

Oh man, gibts da viele "Attention"... :kloppen:

Bootsektor 31.01.2015 15:38
Hallo,

:) ja, da ist ziemlich viel drauf, was da nicht hinsollte.

Schritt 1
Bitte deinstalliere folgende Programme (falls vorhanden) :

Java 7 Update 67
CinemaP-1.4cV31.01
ContentAdder
EZDownloader
Hearthstone Stream Browser
iWebar
moters
MyBestOffersToday 014.481
Object Browser
omiga-plus uninstall
Remote Desktop Access
Search Protect
Search Module Plus
Shopper-Pro
StormWatch
TabNav
unissales
winengine
youtubeadblocker
YTDownloader
Dazu gehe auf:
den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Programm auswählen --> entfernen

Falls du ein Programm nicht deinstallieren kannst, benutze bitte den Revo-Uninstaller dafür
Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 3
Starte noch einmal FRST.
  • Setze den Haken bei addition.txt und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop (oder in dem Verzeichnis in dem FRST liegt) gespeichert.
  • Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.

magigstar 31.01.2015 17:56
Ok,

habe einige Programme mit der Suchhilfe von "Programme deinstallieren" gefunden, ich dacchte, damit würde es schneller gehen.

AdwCleaner habe ich schon vorher laufen lassen...

Code:
# AdwCleaner v4.109 - Bericht erstellt am 31/01/2015 um 15:04:28
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : XXXXX XXXX - ARBEITSCOMPUTER
# Gestartet von : C:\Users\XXXXX XXXX\Desktop\AdwCleaner_4.109.exe
# Option : Suchen

***** [ Dienste ] *****

Dienst Gefunden : CltMngSvc
Dienst Gefunden : globalUpdatem
Dienst Gefunden : SMUpdd
Dienst Gefunden : SPBIUpd
Dienst Gefunden : SPBIUpdd
Dienst Gefunden : SPPD
Dienst Gefunden : SWUpdater
Dienst Gefunden : YahooAUService
Dienst Gefunden : InjectorService
Dienst Gefunden : abengine
Dienst Gefunden : YTDUpdt

***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\END
Datei Gefunden : C:\Users\XXXXX XXXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gefunden : C:\Users\XXXXX XXXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gefunden : C:\Users\XXXXX XXXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
Datei Gefunden : C:\Users\XXXXX XXXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
Datei Gefunden : C:\Users\XXXXX XXXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage
Datei Gefunden : C:\Users\XXXXX XXXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal
Datei Gefunden : C:\Users\XXXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\boost@boost.net.xpi
Datei Gefunden : C:\Users\XXXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\searchplugins\omiga-plus.xml
Datei Gefunden : C:\Users\XXXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\searchplugins\WebSearch.xml
Datei Gefunden : C:\Users\Public\Desktop\EZDownloader.lnk
Datei Gefunden : C:\Windows\System32\abengine64.dll
Datei Gefunden : C:\Windows\System32\abengineOff.ini
Datei Gefunden : C:\Windows\SysWOW64\abengine.dll
Datei Gefunden : C:\Windows\SysWOW64\abengine.ini
Datei Gefunden : C:\Windows\SysWOW64\abengineOff.ini
Ordner Gefunden : C:\Program Files (x86)\Boost
Ordner Gefunden : C:\Program Files (x86)\EZDownloader
Ordner Gefunden : C:\Program Files (x86)\mbot_de_481
Ordner Gefunden : C:\Program Files (x86)\SearchProtect
Ordner Gefunden : C:\Program Files (x86)\StormWatch
Ordner Gefunden : C:\Program Files (x86)\TampaGeneration
Ordner Gefunden : C:\Program Files (x86)\uenisaalEs
Ordner Gefunden : C:\Program Files (x86)\unissales
Ordner Gefunden : C:\Program Files (x86)\youtubeadblocker
Ordner Gefunden : C:\ProgramData\13418973723728696083
Ordner Gefunden : C:\ProgramData\hakphkngdipbpbhaokjpjfdbiipknffb
Ordner Gefunden : C:\ProgramData\hakphkngdipbpbhaokjpjfdbiipknffb
Ordner Gefunden : C:\ProgramData\MailUpdate
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyBestOffersToday
Ordner Gefunden : C:\ProgramData\ShopperPro
Ordner Gefunden : C:\ProgramData\Yahoo! Companion
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Local\Boost
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Local\CrashRpt
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Local\globalUpdate
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Local\mbot_de_481
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Local\SearchProtect
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Local\StormWatch
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Local\Weather_Protector_LLC
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\LocalLow\Yahoo! Companion
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Roaming\MailUpdate
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\23fb8bb3-ac21-4230-bbfa-49b94968bc63@gmail.com
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\boost@boost.net.xpi
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\fftoolbar2014@etech.com
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\wq@P.net
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\Za7@Ky.edu
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Roaming\omiga-plus
Ordner Gefunden : C:\Users\XXXXX XXXX\AppData\Roaming\VOPackage

***** [ Tasks ] *****

Task Gefunden : LaunchSignup
Task Gefunden : ShopperPro
Task Gefunden : ShopperProJSUpd
Task Gefunden : Smp
Task Gefunden : SMupdate1
Task Gefunden : SPDriver
Task Gefunden : YTDownloader
Task Gefunden : YTDownloaderUpd
Task Gefunden : 04c81119-30a3-4168-b759-0865e99d237c-1-6
Task Gefunden : 04c81119-30a3-4168-b759-0865e99d237c-1-7
Task Gefunden : 04c81119-30a3-4168-b759-0865e99d237c-4
Task Gefunden : 04c81119-30a3-4168-b759-0865e99d237c-5
Task Gefunden : 04c81119-30a3-4168-b759-0865e99d237c-5_user
Task Gefunden : 04c81119-30a3-4168-b759-0865e99d237c-6
Task Gefunden : 04c81119-30a3-4168-b759-0865e99d237c-7
Task Gefunden : b64080d3-a27b-4f56-bf65-9831b019eee8-1-6
Task Gefunden : b64080d3-a27b-4f56-bf65-9831b019eee8-1-7
Task Gefunden : b64080d3-a27b-4f56-bf65-9831b019eee8-4
Task Gefunden : b64080d3-a27b-4f56-bf65-9831b019eee8-5
Task Gefunden : b64080d3-a27b-4f56-bf65-9831b019eee8-5_user
Task Gefunden : b64080d3-a27b-4f56-bf65-9831b019eee8-6
Task Gefunden : b64080d3-a27b-4f56-bf65-9831b019eee8-7
Task Gefunden : beddc3a5-14c1-4be6-a132-5174f13a7c15-1-6
Task Gefunden : beddc3a5-14c1-4be6-a132-5174f13a7c15-1-7
Task Gefunden : beddc3a5-14c1-4be6-a132-5174f13a7c15-4
Task Gefunden : beddc3a5-14c1-4be6-a132-5174f13a7c15-5
Task Gefunden : beddc3a5-14c1-4be6-a132-5174f13a7c15-5_user
Task Gefunden : beddc3a5-14c1-4be6-a132-5174f13a7c15-6
Task Gefunden : beddc3a5-14c1-4be6-a132-5174f13a7c15-7

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command [(Default)] - "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://isearch.omiga-plus.com/?type=sc&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB
Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [(Default)] - "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://isearch.omiga-plus.com/?type=sc&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB
Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - "C:\Program Files (x86)\Internet Explorer\iexplore.exe" hxxp://isearch.omiga-plus.com/?type=sc&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB
Daten Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
Daten Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL
Schlüssel Gefunden : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gefunden : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Boost
Schlüssel Gefunden : HKCU\Software\Boost
Schlüssel Gefunden : HKCU\Software\GlobalUpdate
Schlüssel Gefunden : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gefunden : HKCU\Software\iWebar-nv
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2299856A-6506-42E3-A34F-CD35A47C1B19}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2299856A-6506-42E3-A34F-CD35A47C1B19}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\StormWatch
Schlüssel Gefunden : HKCU\Software\Mozilla\Extends
Schlüssel Gefunden : HKCU\Software\StormWatchApp
Schlüssel Gefunden : HKCU\Software\Tutorials
Schlüssel Gefunden : HKCU\Software\TutoTag
Schlüssel Gefunden : HKCU\Software\YTDownloader
Schlüssel Gefunden : [x64] HKCU\Software\Boost
Schlüssel Gefunden : [x64] HKCU\Software\GlobalUpdate
Schlüssel Gefunden : [x64] HKCU\Software\InstalledBrowserExtensions
Schlüssel Gefunden : [x64] HKCU\Software\iWebar-nv
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gefunden : [x64] HKCU\Software\StormWatchApp
Schlüssel Gefunden : [x64] HKCU\Software\Tutorials
Schlüssel Gefunden : [x64] HKCU\Software\TutoTag
Schlüssel Gefunden : [x64] HKCU\Software\YTDownloader
Schlüssel Gefunden : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Schlüssel Gefunden : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gefunden : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gefunden : HKLM\SOFTWARE\Boost
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gefunden : HKLM\SOFTWARE\CLASSES\Boost.BoostBho
Schlüssel Gefunden : HKLM\SOFTWARE\CLASSES\Boost.BoostBho.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2299856A-6506-42E3-A34F-CD35A47C1B19}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66a77d73-e5fa-4815-bba6-e6e6210fb9a0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{41634761-D0BA-4C1A-9AC2-04AEE9511370}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{88C20E16-1EB7-40CE-820C-6CFCB41B1D2F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\P66a77d73_e5fa_4815_bba6_e6e6210fb9a0_.P66a77d73_e5fa_4815_bba6_e6e6210fb9a0_
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\P66a77d73_e5fa_4815_bba6_e6e6210fb9a0_.P66a77d73_e5fa_4815_bba6_e6e6210fb9a0_.9
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2EBBFB4D-D6A8-4602-B2BC-EE9BE9B6A08A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{5EBF305B-8036-4379-B6AE-FC355BFF9464}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{E860F65C-6645-411C-A662-E12E25FD3A93}
Schlüssel Gefunden : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gefunden : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gefunden : HKLM\SOFTWARE\iWebar
Schlüssel Gefunden : HKLM\SOFTWARE\iWebar-nv
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2299856A-6506-42E3-A34F-CD35A47C1B19}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{66a77d73-e5fa-4815-bba6-e6e6210fb9a0}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{d65a1a66}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c8730ca5-3f82-41cc-65e2-01b87600cd89}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Boost
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iWebar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mbot_de_481_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Object Browser
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\omiga-plus uninstall
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gefunden : HKLM\SOFTWARE\MyBestOffersToday
Schlüssel Gefunden : HKLM\SOFTWARE\Object Browser
Schlüssel Gefunden : HKLM\SOFTWARE\omiga-plusSoftware
Schlüssel Gefunden : HKLM\SOFTWARE\SearchProtect
Schlüssel Gefunden : HKLM\SOFTWARE\ShopperPro
Schlüssel Gefunden : HKLM\SOFTWARE\SPPDCOM
Schlüssel Gefunden : HKLM\SOFTWARE\StormWatch
Schlüssel Gefunden : HKLM\SOFTWARE\YTDownloader
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{2299856A-6506-42E3-A34F-CD35A47C1B19}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{66a77d73-e5fa-4815-bba6-e6e6210fb9a0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{41634761-D0BA-4C1A-9AC2-04AEE9511370}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{88C20E16-1EB7-40CE-820C-6CFCB41B1D2F}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2299856A-6506-42E3-A34F-CD35A47C1B19}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66a77d73-e5fa-4815-bba6-e6e6210fb9a0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\ShopperPro
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SPDriver]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fftoolbar2014@etech.com]

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496

Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://websearch.thesearchpage.info/?pid=3458&r=2015/01/31&hid=4296634904664230215&lg=EN&cc=DE&unqvl=74
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://isearch.omiga-plus.com/?type=hp&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://isearch.omiga-plus.com/?type=hp&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://websearch.thesearchpage.info/?pid=3458&r=2015/01/31&hid=4296634904664230215&lg=EN&cc=DE&unqvl=74
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://isearch.omiga-plus.com/?type=hp&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://isearch.omiga-plus.com/?type=hp&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}

-\\ Mozilla Firefox v35.0.1 (x86 de)

[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7F3C43B3-690F-4276-959F-1C74A797CA2A&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SP9050A32E-D786-4A4[...]
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("browser.search.defaultenginename", "omiga-plus");
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("browser.search.defaultenginename,S", "WebSearch");
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("browser.search.defaulturl", "hxxp://websearch.thesearchpage.info/?pid=3458&r=2015/01/31&hid=4296634904664230215&lg=EN&cc=DE&unqvl=74&l=1&q=");
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("browser.search.order.1", "WebSearch");
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("browser.search.order.1,S", "WebSearch");
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("browser.search.searchengine.alias", "omiga-plus");
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("browser.search.searchengine.iconURL", "hxxp://isearch.omiga-plus.com/favicon.ico");
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("browser.search.searchengine.name", "omiga-plus");
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("browser.search.searchengine.url", "hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}");
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("browser.search.selectedEngine", "omiga-plus");
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("browser.search.selectedEngine,S", "WebSearch");
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("browser.startup.homepage", "hxxp://websearch.thesearchpage.info/?pid=3458&r=2015/01/31&hid=4296634904664230215&lg=EN&cc=DE&unqvl=74");
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("extensions.a14fef81ee28d4335a493c2d6383fd42ff9b4872bccb5bcom70121.70121.internaldb.Resources_meta.value", "%7B%22handlebars.js%22%3A%7B%22id%22%3A980195%2C%22ver%22%3A1%2C%22status%22%3A1%2[...]
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("extensions.a14fef81ee28d4335a493c2d6383fd42ff9b4872bccb5bcom70121.70121.internaldb.Resources_resource_980204.value", "%22function%20startAskCom%28e%2Ct%2Cr%29%7Bfunction%20a%28e%29%7Bvar%20[...]
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("extensions.a14fef81ee28d4335a493c2d6383fd42ff9b4872bccb5bcom70121.70121.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2[...]
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.cookie.previous_page.value", "%22hxxp%3A//www-searching.com/%3Fs%3DF1Vzamodk07628%2C8fde143b-bce1-4d1d-b797-3fbbcd45903f%2C%2[...]
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%[...]
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.__ICM_LITE__fifty_test_rules.value", "%7B%22DE%22%3A%7B%22ALL%22%3A%5B%22anastasiadate.com%22%2C%22optionweb.com%2[...]
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22deal[...]
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("extensions.blHSSWRgsJ7yAYl2.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.index[...]
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("extensions.crossrider.bic", "14b3f1e35f160e23b36c69527a7b28ac");
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("extensions.tl6eZyNRbiM0gqrh.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.index[...]
[ax92hz4x.default-1417957171376] - Zeile gefunden : user_pref("keyword.URL", "hxxp://www-searching.com/search.aspx?s=F1Vzamodk07628,8fde143b-bce1-4d1d-b797-3fbbcd45903f,&q=");

-\\ Google Chrome v40.0.2214.93

[C:\Users\XXXXX XXXX\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
[C:\Users\XXXXX XXXX\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
[C:\Users\XXXXX XXXX\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7F3C43B3-690F-4276-959F-1C74A797CA2A&SearchSource=58&CUI=&UM=8&UP=SP9050A32E-D786-4A42-9E49-5663C4588ECE&q={searchTerms}&SSPV=
[C:\Users\XXXXX XXXX\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=3458&r=2015/01/31&hid=4296634904664230215&lg=EN&cc=DE&unqvl=74
[C:\Users\XXXXX XXXX\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
[C:\Users\XXXXX XXXX\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
[C:\Users\XXXXX XXXX\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://www-searching.com/search.aspx?s=F1Vzamodk07628,8fde143b-bce1-4d1d-b797-3fbbcd45903f,&q={searchTerms}

-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [4287 octets] - [24/08/2014 18:37:07]
AdwCleaner[R1].txt - [2884 octets] - [29/11/2014 23:16:17]
AdwCleaner[R2].txt - [29329 octets] - [31/01/2015 15:04:28]
AdwCleaner[S0].txt - [4164 octets] - [24/08/2014 18:55:28]
AdwCleaner[S1].txt - [2721 octets] - [29/11/2014 23:19:24]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [29510 octets] ##########

Code:
# AdwCleaner v4.109 - Bericht erstellt am 31/01/2015 um 15:08:01
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : XXXXX XXXXX - ARBEITSCOMPUTER
# Gestartet von : C:\Users\XXXXX XXXXX\Desktop\AdwCleaner_4.109.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : CltMngSvc
[#] Dienst Gelöscht : globalUpdatem
Dienst Gelöscht : SMUpdd
Dienst Gelöscht : SPBIUpd
Dienst Gelöscht : SPBIUpdd
Dienst Gelöscht : SPPD
Dienst Gelöscht : SWUpdater
[#] Dienst Gelöscht : YahooAUService
[#] Dienst Gelöscht : InjectorService
[#] Dienst Gelöscht : abengine
[#] Dienst Gelöscht : YTDUpdt

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\ShopperPro
Ordner Gelöscht : C:\ProgramData\MailUpdate
Ordner Gelöscht : C:\ProgramData\Yahoo! Companion
Ordner Gelöscht : C:\ProgramData\13418973723728696083
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyBestOffersToday
Ordner Gelöscht : C:\Program Files (x86)\Boost
Ordner Gelöscht : C:\Program Files (x86)\EZDownloader
Ordner Gelöscht : C:\Program Files (x86)\SearchProtect
Ordner Gelöscht : C:\Program Files (x86)\StormWatch
Ordner Gelöscht : C:\Program Files (x86)\TampaGeneration
Ordner Gelöscht : C:\Program Files (x86)\uenisaalEs
Ordner Gelöscht : C:\Program Files (x86)\unissales
Ordner Gelöscht : C:\Program Files (x86)\youtubeadblocker
Ordner Gelöscht : C:\Program Files (x86)\mbot_de_481
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Local\Boost
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Local\StormWatch
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Local\Weather_Protector_LLC
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Local\mbot_de_481
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\LocalLow\Yahoo! Companion
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Roaming\omiga-plus
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Roaming\VOPackage
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Roaming\MailUpdate
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}
[!] Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\boost@boost.net.xpi
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\23fb8bb3-ac21-4230-bbfa-49b94968bc63@gmail.com
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\fftoolbar2014@etech.com
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\wq@P.net
Ordner Gelöscht : C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\Za7@Ky.edu
Ordner Gelöscht : C:\ProgramData\hakphkngdipbpbhaokjpjfdbiipknffb
Datei Gelöscht : C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\boost@boost.net.xpi
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Public\Desktop\EZDownloader.lnk
Datei Gelöscht : C:\Windows\SysWOW64\abengine.ini
Datei Gelöscht : C:\Windows\SysWOW64\abengineOff.ini
Datei Gelöscht : C:\Windows\SysWOW64\abengine.dll
Datei Gelöscht : C:\Windows\System32\abengineOff.ini
Datei Gelöscht : C:\Windows\System32\abengine64.dll
Datei Gelöscht : C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\searchplugins\WebSearch.xml
Datei Gelöscht : C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\searchplugins\omiga-plus.xml
Datei Gelöscht : C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
Datei Gelöscht : C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
Datei Gelöscht : C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage
Datei Gelöscht : C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal

***** [ Tasks ] *****

Task Gelöscht : LaunchSignup
Task Gelöscht : ShopperPro
Task Gelöscht : ShopperProJSUpd
Task Gelöscht : Smp
Task Gelöscht : SMupdate1
Task Gelöscht : SPDriver
Task Gelöscht : YTDownloader
Task Gelöscht : YTDownloaderUpd
Task Gelöscht : 04c81119-30a3-4168-b759-0865e99d237c-1-6
Task Gelöscht : 04c81119-30a3-4168-b759-0865e99d237c-1-7
Task Gelöscht : 04c81119-30a3-4168-b759-0865e99d237c-4
Task Gelöscht : 04c81119-30a3-4168-b759-0865e99d237c-5
Task Gelöscht : 04c81119-30a3-4168-b759-0865e99d237c-5_user
Task Gelöscht : 04c81119-30a3-4168-b759-0865e99d237c-6
Task Gelöscht : 04c81119-30a3-4168-b759-0865e99d237c-7
Task Gelöscht : b64080d3-a27b-4f56-bf65-9831b019eee8-1-6
Task Gelöscht : b64080d3-a27b-4f56-bf65-9831b019eee8-1-7
Task Gelöscht : b64080d3-a27b-4f56-bf65-9831b019eee8-4
Task Gelöscht : b64080d3-a27b-4f56-bf65-9831b019eee8-5
Task Gelöscht : b64080d3-a27b-4f56-bf65-9831b019eee8-5_user
Task Gelöscht : b64080d3-a27b-4f56-bf65-9831b019eee8-6
Task Gelöscht : b64080d3-a27b-4f56-bf65-9831b019eee8-7
Task Gelöscht : beddc3a5-14c1-4be6-a132-5174f13a7c15-1-6
Task Gelöscht : beddc3a5-14c1-4be6-a132-5174f13a7c15-1-7
Task Gelöscht : beddc3a5-14c1-4be6-a132-5174f13a7c15-4
Task Gelöscht : beddc3a5-14c1-4be6-a132-5174f13a7c15-5
Task Gelöscht : beddc3a5-14c1-4be6-a132-5174f13a7c15-5_user
Task Gelöscht : beddc3a5-14c1-4be6-a132-5174f13a7c15-6
Task Gelöscht : beddc3a5-14c1-4be6-a132-5174f13a7c15-7

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fftoolbar2014@etech.com]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SPDriver]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\CLASSES\Boost.BoostBho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\CLASSES\Boost.BoostBho
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P66a77d73_e5fa_4815_bba6_e6e6210fb9a0_.P66a77d73_e5fa_4815_bba6_e6e6210fb9a0_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P66a77d73_e5fa_4815_bba6_e6e6210fb9a0_.P66a77d73_e5fa_4815_bba6_e6e6210fb9a0_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{d65a1a66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2299856A-6506-42E3-A34F-CD35A47C1B19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66a77d73-e5fa-4815-bba6-e6e6210fb9a0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{88C20E16-1EB7-40CE-820C-6CFCB41B1D2F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{41634761-D0BA-4C1A-9AC2-04AEE9511370}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E860F65C-6645-411C-A662-E12E25FD3A93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2EBBFB4D-D6A8-4602-B2BC-EE9BE9B6A08A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5EBF305B-8036-4379-B6AE-FC355BFF9464}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2299856A-6506-42E3-A34F-CD35A47C1B19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2299856A-6506-42E3-A34F-CD35A47C1B19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2299856A-6506-42E3-A34F-CD35A47C1B19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{66a77d73-e5fa-4815-bba6-e6e6210fb9a0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{2299856A-6506-42E3-A34F-CD35A47C1B19}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{66a77d73-e5fa-4815-bba6-e6e6210fb9a0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{88C20E16-1EB7-40CE-820C-6CFCB41B1D2F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{41634761-D0BA-4C1A-9AC2-04AEE9511370}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2299856A-6506-42E3-A34F-CD35A47C1B19}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66a77d73-e5fa-4815-bba6-e6e6210fb9a0}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gelöscht : HKCU\Software\Boost
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\iWebar-nv
Schlüssel Gelöscht : HKCU\Software\Tutorials
Schlüssel Gelöscht : HKCU\Software\TutoTag
Schlüssel Gelöscht : HKCU\Software\StormWatchApp
Schlüssel Gelöscht : HKCU\Software\YTDownloader
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Boost
Schlüssel Gelöscht : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Boost
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\iWebar
Schlüssel Gelöscht : HKLM\SOFTWARE\iWebar-nv
Schlüssel Gelöscht : HKLM\SOFTWARE\MyBestOffersToday
Schlüssel Gelöscht : HKLM\SOFTWARE\Object Browser
Schlüssel Gelöscht : HKLM\SOFTWARE\omiga-plusSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\ShopperPro
Schlüssel Gelöscht : HKLM\SOFTWARE\StormWatch
Schlüssel Gelöscht : HKLM\SOFTWARE\YTDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Schlüssel Gelöscht : HKLM\SOFTWARE\SPPDCOM
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\StormWatch
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Boost
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iWebar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Object Browser
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\omiga-plus uninstall
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c8730ca5-3f82-41cc-65e2-01b87600cd89}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mbot_de_481_is1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\ShopperPro
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v35.0.1 (x86 de)

[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7F3C43B3-690F-4276-959F-1C74A797CA2A&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SP9050A32E-D786-4A4[...]
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultenginename", "omiga-plus");
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultenginename,S", "WebSearch");
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://websearch.thesearchpage.info/?pid=3458&r=2015/01/31&hid=4296634904664230215&lg=EN&cc=DE&unqvl=74&l=1&q=");
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("browser.search.order.1", "WebSearch");
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("browser.search.order.1,S", "WebSearch");
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.alias", "omiga-plus");
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://isearch.omiga-plus.com/favicon.ico");
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.name", "omiga-plus");
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.url", "hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}");
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "omiga-plus");
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine,S", "WebSearch");
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://websearch.thesearchpage.info/?pid=3458&r=2015/01/31&hid=4296634904664230215&lg=EN&cc=DE&unqvl=74");
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("extensions.a14fef81ee28d4335a493c2d6383fd42ff9b4872bccb5bcom70121.70121.internaldb.Resources_meta.value", "%7B%22handlebars.js%22%3A%7B%22id%22%3A980195%2C%22ver%22%3A1%2C%22status%22%3A1%2[...]
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("extensions.a14fef81ee28d4335a493c2d6383fd42ff9b4872bccb5bcom70121.70121.internaldb.Resources_resource_980204.value", "%22function%20startAskCom%28e%2Ct%2Cr%29%7Bfunction%20a%28e%29%7Bvar%20[...]
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("extensions.a14fef81ee28d4335a493c2d6383fd42ff9b4872bccb5bcom70121.70121.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2[...]
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.cookie.previous_page.value", "%22hxxp%3A//www-searching.com/%3Fs%3DF1Vzamodk07628%2C8fde143b-bce1-4d1d-b797-3fbbcd45903f%2C%2[...]
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%[...]
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.__ICM_LITE__fifty_test_rules.value", "%7B%22DE%22%3A%7B%22ALL%22%3A%5B%22anastasiadate.com%22%2C%22optionweb.com%2[...]
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22deal[...]
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("extensions.blHSSWRgsJ7yAYl2.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("extensions.crossrider.bic", "14b3f1e35f160e23b36c69527a7b28ac");
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("extensions.tl6eZyNRbiM0gqrh.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[ax92hz4x.default-1417957171376\prefs.js] - Zeile gelöscht : user_pref("keyword.URL", "hxxp://www-searching.com/search.aspx?s=F1Vzamodk07628,8fde143b-bce1-4d1d-b797-3fbbcd45903f,&q=");

-\\ Google Chrome v40.0.2214.93

[C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
[C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
[C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7F3C43B3-690F-4276-959F-1C74A797CA2A&SearchSource=58&CUI=&UM=8&UP=SP9050A32E-D786-4A42-9E49-5663C4588ECE&q={searchTerms}&SSPV=
[C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=3458&r=2015/01/31&hid=4296634904664230215&lg=EN&cc=DE&unqvl=74
[C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
[C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
[C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www-searching.com/search.aspx?s=F1Vzamodk07628,8fde143b-bce1-4d1d-b797-3fbbcd45903f,&q={searchTerms}

-\\ Opera v0.0.0.0

[C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
[C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
[C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7F3C43B3-690F-4276-959F-1C74A797CA2A&SearchSource=58&CUI=&UM=8&UP=SP9050A32E-D786-4A42-9E49-5663C4588ECE&q={searchTerms}&SSPV=
[C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=3458&r=2015/01/31&hid=4296634904664230215&lg=EN&cc=DE&unqvl=74
[C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
[C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}
[C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www-searching.com/search.aspx?s=F1Vzamodk07628,8fde143b-bce1-4d1d-b797-3fbbcd45903f,&q={searchTerms}

*************************

AdwCleaner[R0].txt - [4287 octets] - [24/08/2014 18:37:07]
AdwCleaner[R1].txt - [2884 octets] - [29/11/2014 23:16:17]
AdwCleaner[R2].txt - [29703 octets] - [31/01/2015 15:04:28]
AdwCleaner[S0].txt - [4164 octets] - [24/08/2014 18:55:28]
AdwCleaner[S1].txt - [2721 octets] - [29/11/2014 23:19:24]
AdwCleaner[S2].txt - [29924 octets] - [31/01/2015 15:08:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [29985 octets] ##########

Es gibt trotzdem noch einige Probleme, auch wenn es schon etwas sauberer läuft...


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-01-2015 01
Ran by XXXXX XXXXX (administrator) on ARBEITSCOMPUTER on 31-01-2015 17:50:50
Running from C:\Users\XXXXX XXXXX\Desktop
Loaded Profiles: XXXXX XXXXX &  (Available profiles: XXXXX XXXXX & XXXXX & Versuch)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Common Files\AAV\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Windows\snuvcdsm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\PLFSetI.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(RescueTime, Inc.) C:\Program Files (x86)\RescueTime\RescueTime.exe
(Mirko Böer) C:\Program Files (x86)\SSS\SimpleScreenshot.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SNUVCDSM] => C:\Windows\snuvcdsm.exe [30080 2011-01-13] ()
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-29] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetL] => C:\Windows\PLFSetL.exe [99712 2011-01-13] (Sonix Technology Co., Ltd.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2011-11-13] ()
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-11] (Egis Technology Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-07-22] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SimpleScreenshot] => C:\Program Files (x86)\SSS\SIMPLESCREENSHOT.EXE [2255360 2008-02-09] (Mirko Böer)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-02] (Dritek System Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-23] (BillP Studios)
HKU\S-1-5-21-1242904208-471078349-2963378918-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-1242904208-471078349-2963378918-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
Startup: C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk
ShortcutTarget: RescueTime.lnk -> C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1242904208-471078349-2963378918-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.de/
HKU\S-1-5-21-1242904208-471078349-2963378918-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27361111d106l0498z1j5t4471e496
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1242904208-471078349-2963378918-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1242904208-471078349-2963378918-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1242904208-471078349-2963378918-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE457
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: unissales -> {7e0aaab3-ba7d-4a2d-b1e6-4289ce4d1b1e} -> C:\Program Files (x86)\unissales\9vFbOLvEX4RE1d.x64.dll No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Booster-Web helper -> {B5147546-9359-4D9B-8B36-F54C54555799} -> C:\Program Files (x86)\Booster-Web\Booster-Web.dll (App LLC)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Booster-Web helper -> {B5147546-9359-4D9B-8B36-F54C54555799} -> C:\Program Files (x86)\Booster-Web\Booster-Web.dll (App LLC)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1242904208-471078349-2963378918-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\searchplugins\trovi.xml
FF Extension: Booster Web - C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\jid1-U7omKQ6kQfxMaQ@jetpack [2015-01-31]
FF Extension: Zoom It - C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{680219c9-7bbf-5dfc-84d8-33b88668b4ab} [2015-01-31]
FF Extension: LeechBlock - C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2014-12-07]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7F3C43B3-690F-4276-959F-1C74A797CA2A&SearchSource=55&CUI=&UM=8&UP=SP9050A32E-D786-4A42-9E49-5663C4588ECE&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7F3C43B3-690F-4276-959F-1C74A797CA2A&SearchSource=55&CUI=&UM=8&UP=SP9050A32E-D786-4A42-9E49-5663C4588ECE&SSPV="
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (Google Docs) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-25]
CHR Extension: (Google Drive) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-26]
CHR Extension: (YouTube) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-25]
CHR Extension: (Google Search) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-25]
CHR Extension: (Avira Browser Safety) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-26]
CHR Extension: (Google Wallet) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-26]
CHR Extension: (Hearthstone Stream Browser) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\obdejhodejngcbmkiddfjkieejekbfil [2015-01-31]
CHR Extension: (Gmail) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-25]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Common Files\AAV\aavus.exe [122880 2007-10-04] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
S4 BotkindSyncService; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [182784 2013-10-10] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S4 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241704 2014-03-25] (Foxit Corporation)
R2 HPSLPSVC; C:\Users\XXXXX XXXXX\AppData\Local\Temp\7zS1D89\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-11] (Egis Technology Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 NoIPDUCService4; C:\Program Files (x86)\No-IP\ducservice.exe [11264 2013-01-24] () [File not signed]
S4 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3051848 2011-01-25] (O&O Software GmbH)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] () [File not signed]
S4 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S4 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) [File not signed]
S4 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe [72344 2008-05-19] (SiSoftware) [File not signed]
S4 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [247152 2010-04-27] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 EkaProt6; C:\Windows\System32\DRIVERS\ekaprot6.sys [27288 2012-03-23] (Ekahau Inc.)
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [109144 2014-01-30] (Softwareentwicklung Remus - ArchiCrypt - )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806592 2011-01-13] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 SPDRIVER_1361.0.0.0; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1361.0.0.0\jsdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 17:50 - 2015-01-31 17:50 - 00000000 ____D () C:\Users\XXXXX XXXXX\Desktop\FRST-OlderVersion
2015-01-31 17:48 - 2015-01-31 17:48 - 00000337 _____ () C:\Users\XXXXX XXXXX\Desktop\Samsung Tab - kein Speicherplatz - Android-Hilfe.de.URL
2015-01-31 17:00 - 2015-01-31 17:01 - 00001671 _____ () C:\Users\XXXXX XXXXX\Desktop\JRT.txt
2015-01-31 16:55 - 2015-01-31 16:55 - 00057200 _____ () C:\Users\XXXXX XXXXX\Desktop\Malwarebytes Anti-Malware.txt
2015-01-31 15:22 - 2015-01-31 15:22 - 00029874 _____ () C:\Users\XXXXX XXXXX\Desktop\AdwCleaner[S2].txt
2015-01-31 15:22 - 2015-01-31 15:22 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-31 15:07 - 2015-01-31 15:07 - 00029469 _____ () C:\Users\XXXXX XXXXX\Desktop\AdwCleaner[R2].txt
2015-01-31 15:03 - 2015-01-31 15:03 - 02194432 _____ () C:\Users\XXXXX XXXXX\Desktop\AdwCleaner_4.109.exe
2015-01-31 15:03 - 2015-01-31 15:03 - 01707939 _____ (Thisisu) C:\Users\XXXXX XXXXX\Desktop\JRT.exe
2015-01-31 14:59 - 2015-01-31 15:01 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\XXXXX XXXXX\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-31 11:33 - 2015-01-31 11:33 - 00000000 ____D () C:\Users\XXXXX XXXXX\Documents\TokensBackup
2015-01-31 10:17 - 2015-01-31 10:18 - 00065033 _____ () C:\Users\XXXXX XXXXX\Desktop\Addition.txt
2015-01-31 10:14 - 2015-01-31 17:51 - 00022961 _____ () C:\Users\XXXXX XXXXX\Desktop\FRST.txt
2015-01-31 10:12 - 2015-01-31 17:50 - 02130944 _____ (Farbar) C:\Users\XXXXX XXXXX\Desktop\FRST64.exe
2015-01-31 10:10 - 2015-01-31 10:10 - 00001101 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-31 09:43 - 2015-01-31 09:46 - 00000000 ____D () C:\Users\XXXXX XXXXX\Desktop\Ordnung
2015-01-31 09:35 - 2015-01-31 09:35 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Booster-Web
2015-01-31 09:34 - 2015-01-31 10:01 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\Booster-Web
2015-01-31 09:34 - 2015-01-31 09:35 - 00000000 ____D () C:\Program Files (x86)\Booster-Web
2015-01-31 09:34 - 2015-01-31 09:34 - 00003408 _____ () C:\Windows\System32\Tasks\sondhschedule
2015-01-31 09:34 - 2015-01-31 09:34 - 00003108 _____ () C:\Windows\System32\Tasks\zupa3002
2015-01-31 09:33 - 2015-01-31 17:20 - 00001380 _____ () C:\Windows\Tasks\NWAUR.job
2015-01-31 09:33 - 2015-01-31 17:20 - 00001378 _____ () C:\Windows\Tasks\FMLW.job
2015-01-31 09:33 - 2015-01-31 16:56 - 00000000 ____D () C:\Program Files (x86)\878e2246-8f7a-48fe-89f9-845dc6abbab7
2015-01-31 09:33 - 2015-01-31 09:33 - 00004442 _____ () C:\Windows\System32\Tasks\NWAUR
2015-01-31 09:33 - 2015-01-31 09:33 - 00004440 _____ () C:\Windows\System32\Tasks\FMLW
2015-01-31 09:32 - 2015-01-31 09:32 - 00001117 _____ () C:\Users\XXXXX XXXXX\Desktop\Continue installation .lnk
2015-01-31 09:31 - 2015-01-31 09:31 - 00000000 ____D () C:\ProgramData\SearchModulePlus
2015-01-31 09:30 - 2015-01-31 17:20 - 00001382 _____ () C:\Windows\Tasks\UHTQPK.job
2015-01-31 09:30 - 2015-01-31 17:20 - 00001378 _____ () C:\Windows\Tasks\MLSC.job
2015-01-31 09:30 - 2015-01-31 16:56 - 00000000 ____D () C:\Program Files (x86)\ed55547d-8d98-4039-96d9-00407eb30671
2015-01-31 09:30 - 2015-01-31 09:30 - 00004444 _____ () C:\Windows\System32\Tasks\UHTQPK
2015-01-31 09:30 - 2015-01-31 09:30 - 00004440 _____ () C:\Windows\System32\Tasks\MLSC
2015-01-31 09:30 - 2015-01-31 09:30 - 00000000 ____D () C:\Program Files (x86)\38307773-d954-48f2-8127-93df0ea63e4a
2015-01-31 09:29 - 2015-01-31 09:29 - 00003446 _____ () C:\Windows\System32\Tasks\Inst_Rep
2015-01-31 09:06 - 2015-01-31 17:44 - 00000000 ____D () C:\Program Files (x86)\Hearthstone Stream Browser
2015-01-31 09:06 - 2015-01-31 09:06 - 00000000 ____D () C:\Windows\SysWOW64\X86
2015-01-31 09:06 - 2015-01-31 09:06 - 00000000 ____D () C:\Windows\SysWOW64\AMD64
2015-01-31 09:03 - 2015-01-31 09:03 - 00000000 ____D () C:\ProgramData\{06467b43-d78a-a739-0646-67b43d78ed0f}
2015-01-31 08:59 - 2015-01-31 16:56 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\avaxvyvax
2015-01-31 08:59 - 2015-01-31 08:59 - 00003556 _____ () C:\Windows\System32\Tasks\avaxvyvax
2015-01-31 08:59 - 2015-01-31 08:59 - 00003206 _____ () C:\Windows\System32\Tasks\{186E3D0B-D440-49E7-8F64-7917C92B0863}
2015-01-31 08:57 - 2015-01-31 08:57 - 01191200 _____ () C:\Users\XXXXX XXXXX\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2015-01-31 08:52 - 2014-12-14 10:53 - 00378640 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll
2015-01-31 08:52 - 2014-12-14 10:53 - 00332568 _____ (CartCrunch Israel Ltd.) C:\Windows\SysWOW64\ColorMedia.dll
2015-01-30 20:51 - 2015-01-30 20:51 - 00000600 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\winscp.rnd
2015-01-30 20:08 - 2015-01-30 20:08 - 00000000 ____D () C:\Users\Versuch\AppData\Roaming\PDF Architect
2015-01-30 20:08 - 2015-01-30 20:08 - 00000000 ____D () C:\Users\Versuch\AppData\Local\IsolatedStorage
2015-01-30 19:16 - 2015-01-30 19:17 - 00000000 ____D () C:\Users\Versuch\AppData\OICE_15_974FA576_32C1D314_2072
2015-01-27 21:08 - 2015-01-31 17:41 - 00005192 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Arbeitscomputer-XXXXX XXXXX Arbeitscomputer
2015-01-25 17:12 - 2015-01-25 17:12 - 00002086 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\UHTQPK
2015-01-25 17:12 - 2015-01-25 17:12 - 00002086 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\NWAUR
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\MLSC
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\FMLW
2015-01-20 06:34 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-20 06:34 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-20 06:34 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-20 06:34 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-20 06:34 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-20 06:34 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-20 06:34 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 08:06 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:06 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:06 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 08:06 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:06 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 08:06 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 05:55 - 2015-01-13 05:55 - 00009429 _____ () C:\Users\XXXXX XXXXX\AppData\Local\recently-used.xbel

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 17:51 - 2014-08-21 20:10 - 00000000 ____D () C:\FRST
2015-01-31 17:39 - 2013-09-19 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-31 17:39 - 2012-03-11 02:08 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-31 17:25 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-31 17:25 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-31 17:24 - 2011-11-13 21:43 - 01339110 _____ () C:\Windows\WindowsUpdate.log
2015-01-31 17:20 - 2012-09-20 04:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-31 17:19 - 2014-06-20 13:07 - 00110776 _____ () C:\Windows\PFRO.log
2015-01-31 17:19 - 2014-06-18 08:20 - 00027685 _____ () C:\Windows\setupact.log
2015-01-31 17:19 - 2011-11-14 06:15 - 00000000 ____D () C:\Windows\Lan
2015-01-31 17:19 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-31 17:05 - 2012-08-14 18:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-31 16:56 - 2009-11-05 01:49 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-01-31 15:24 - 2014-08-05 14:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-31 15:22 - 2014-08-05 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-31 15:22 - 2014-08-05 14:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-31 15:08 - 2014-11-16 12:18 - 00001025 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-31 15:08 - 2014-11-16 12:18 - 00001013 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-31 15:08 - 2014-10-25 07:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-31 15:08 - 2014-08-24 18:36 - 00000000 ____D () C:\AdwCleaner
2015-01-31 15:08 - 2011-11-20 15:41 - 00001021 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-31 10:10 - 2014-08-06 10:55 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-31 10:10 - 2013-02-24 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-31 10:09 - 2013-02-24 19:39 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-31 09:44 - 2014-08-07 20:56 - 02931200 ___SH () C:\Users\XXXXX XXXXX\Desktop\Thumbs.db
2015-01-31 09:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-31 07:56 - 2014-08-15 15:44 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\Adobe
2015-01-31 07:56 - 2012-04-02 19:28 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-31 07:56 - 2012-04-02 19:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-31 07:56 - 2011-11-15 21:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-30 19:03 - 2014-09-10 06:10 - 00000000 ____D () C:\Users\Versuch\AppData\Roaming\SimpleScreenshot
2015-01-27 20:12 - 2014-11-10 20:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 06:18 - 2014-11-16 12:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 07:21 - 2012-06-10 14:07 - 00000000 ____D () C:\Users\XXXXX XXXXX\Documents\Bewerbungen
2015-01-25 17:19 - 2011-11-14 06:34 - 00702664 _____ () C:\Windows\system32\perfh007.dat
2015-01-25 17:19 - 2011-11-14 06:34 - 00151424 _____ () C:\Windows\system32\perfc007.dat
2015-01-25 17:19 - 2009-07-14 06:13 - 01629998 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-23 21:11 - 2013-11-02 09:43 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\Skype
2015-01-20 14:50 - 2014-09-10 06:09 - 00000000 ____D () C:\Users\Versuch
2015-01-20 14:50 - 2013-05-22 21:33 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\RescueTime.com
2015-01-20 14:50 - 2012-03-30 17:57 - 00000000 ____D () C:\Users\XXXXX
2015-01-20 14:50 - 2011-12-01 21:23 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-01-20 14:50 - 2011-11-20 16:01 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\SimpleScreenshot
2015-01-20 14:50 - 2009-11-05 01:26 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-20 14:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-20 06:21 - 2011-11-13 22:46 - 00000000 ____D () C:\Users\XXXXX XXXXX
2015-01-18 20:07 - 2012-04-07 11:49 - 00000000 ____D () C:\Users\XXXXX XXXXX\Documents\Finanzen
2015-01-15 18:59 - 2013-07-13 08:36 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 18:46 - 2011-11-18 19:58 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 05:55 - 2014-06-15 19:34 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\gtk-2.0
2015-01-13 05:55 - 2012-08-29 10:11 - 00000000 ____D () C:\Users\XXXXX XXXXX\.gimp-2.8
2015-01-08 09:55 - 2011-11-15 21:40 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 18:47 - 2012-03-23 13:19 - 00000000 ____D () C:\Users\XXXXX XXXXX\Documents\Cellula
2015-01-03 15:28 - 2012-03-11 19:16 - 00000000 ____D () C:\Users\XXXXX XXXXX\Documents\ERGO
2015-01-03 10:51 - 2012-03-11 19:16 - 00000000 ____D () C:\Users\XXXXX XXXXX\Documents\SP
2015-01-03 08:31 - 2012-03-25 11:40 - 00000000 ____D () C:\Users\XXXXX XXXXX\Documents\Steuerfälle

==================== Files in the root of some directories =======

2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\FMLW
2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\MLSC
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\NWAUR
2014-06-28 07:10 - 2014-07-23 21:30 - 14159872 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\Sandra.mdb
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\UHTQPK
2015-01-30 20:51 - 2015-01-30 20:51 - 0000600 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\winscp.rnd
2012-04-20 18:28 - 2014-07-07 01:20 - 0006656 _____ () C:\Users\XXXXX XXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-22 21:07 - 2014-09-22 21:07 - 0001482 _____ () C:\Users\XXXXX XXXXX\AppData\Local\RecConfig.xml
2015-01-13 05:55 - 2015-01-13 05:55 - 0009429 _____ () C:\Users\XXXXX XXXXX\AppData\Local\recently-used.xbel
2013-08-12 21:15 - 2013-08-12 21:15 - 0007603 _____ () C:\Users\XXXXX XXXXX\AppData\Local\Resmon.ResmonCfg
2012-03-31 10:26 - 2012-03-31 10:26 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-11-13 22:53 - 2011-11-13 22:57 - 0008282 _____ () C:\ProgramData\ArcadeDeluxe3.log
2014-09-22 19:19 - 2014-10-06 19:45 - 0008737 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\XXXXX XXXXX\AppData\Local\Temp\a15d7.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\avgnt.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\bdbcabfccbhi.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\Booster-Web-Installer.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\KMSPico 9.2.4__7628_il125.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\OnlineBackup.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\Quarantine.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\sfamcc00001.dll
C:\Users\XXXXX XXXXX\AppData\Local\Temp\SkypeSetup.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\SpOrder.dll
C:\Users\XXXXX XXXXX\AppData\Local\Temp\sqlite3.dll
C:\Users\XXXXX XXXXX\AppData\Local\Temp\vsdel.exe
C:\Users\Versuch\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-31 13:31

==================== End Of Log ============================
--- --- ---

--- --- ---

magigstar 31.01.2015 17:57
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-01-2015 01
Ran by XXXXX XXXXX at 2015-01-31 17:52:11
Running from C:\Users\XXXXX XXXXX\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.7112 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.0.7112 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.29 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.124.1120 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.124.1120 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3004 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.2009.1217 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3000 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.103 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}) (Version: 1.4.17.35005 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.4.17.35005 - Alcor Micro Corp.) Hidden
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
Alle meine Passworte 4.13 (HKLM\...\AllemeinePassworte) (Version:  - Mirko Böer)
Allway Sync version 12.16.9 (HKLM-x32\...\Allway Sync_is1) (Version:  - Botkind Inc)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1105 - Alps Electric)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{11F38253-8940-FFDA-D131-B14120C357E4}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avi2Dvd 0.6.4 (HKLM-x32\...\Avi2Dvd) (Version: 0.6.4 - TrustFm)
Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Backup Manager Basic (x32 Version: 2.0.0.29 - NewTech Infosystems) Hidden
BatteryCare 0.9.10.0 (HKLM-x32\...\{C6A6036D-FBD0-4324-BEAA-C0845257160C}_is1) (Version: 0.9.10.0 - Filipe Lourenço)
BitTorrent (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\BitTorrent) (Version: 7.9.2.31638 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Booster-Web (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Booster-Web) (Version: 4 - ${CompanyName})
Broadcom Gigabit NetLink Controller (HKLM\...\{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}) (Version: 12.33.03 - Broadcom Corporation)
Canon MP160 Benutzerregistrierung (HKLM-x32\...\Canon MP160 Benutzerregistrierung) (Version:  - )
ccc-core-static (x32 Version: 2009.1209.2335.42329 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP)
Chandler 1.0.3 (HKLM-x32\...\Chandler) (Version: 1.0.3 - Open Source Applications Foundation)
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)
CoreAAC Audio Decoder (remove only) (HKLM-x32\...\CoreAAC Audio Decoder) (Version:  - )
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
EinsteinBrainTrainer (remove only) (HKLM-x32\...\EinsteinBrainTrainer) (Version:  - )
Ekahau HeatMapper (HKLM\...\Heatmapper-1.1.4.39795) (Version: 1.1.4.39795 - Ekahau Inc.)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
ffdshow [rev 3299] [2010-03-03] (HKLM-x32\...\ffdshow_is1) (Version: 1.0.0.3299 - )
Fiat eco:Drive (HKLM-x32\...\com.fiat.convergence.385E4263E7379A5D22A7076E99B02868EFF10711.1) (Version: 2.0.2 - Fiat Group Automobiles)
Fiat eco:Drive (x32 Version: 2.0.2 - Fiat Group Automobiles) Hidden
First Class Flurry (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}) (Version:  - Oberon Media)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.105.325 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.3.321 - Foxit Corporation)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free DVD Video Burner version 3.0.4.426 (HKLM-x32\...\Free DVD Video Burner_is1) (Version:  - DVDVideoSoft Limited.)
Free System Utilities (HKLM-x32\...\{ad2818b3-1616-4ec8-855d-be6936103e5a}) (Version: 1.1.0.70 - Covus Freemium GmbH)
Free SystemUtilities (x32 Version: 1.1.0.70 - Covus Freemium GmbH) Hidden
Free YouTube Download version 3.1.37.918 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.37.918 - DVDVideoSoft Ltd.)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0_RC_10 - )
FRITZ!Box-Fernzugang einrichten (HKLM-x32\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
FrostWire 5.3.5 (HKLM-x32\...\FrostWire 5) (Version: 5.3.5.0 - FrostWire Team)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photosmart 5520 series - Grundlegende Software für das Gerät (HKLM\...\{4F396B08-301D-4E53-A372-95A7E93ABD04}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.007 - HTC Corporation)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Join Air (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - ZTE Corporation)
Kassenbuch (HKLM-x32\...\{29531C6B-7B64-4C53-B54A-6C8AB5DE2159}) (Version: 1.0.0 - Office Consult GmbH)
K-Lite Codec Pack 9.2.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.2.0 - )
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.05 - Acer Inc.)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MediaHuman YouTube to MP3 Converter Version 3.3 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.3 - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 (KB971118) (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971118)) (Version:  - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 Language Pack - DEU (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 Language Pack - DEU) (Version:  - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1242904208-471078349-2963378918-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\SkyDriveSetup.exe) (Version: 16.4.6010.0727 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MPC-HC 1.7.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.0.1 - Vitalwerks Internet Solutions LLC)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6623 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6623 - NewTech Infosystems) Hidden
O&O Defrag Free Edition (HKLM\...\{C10CAF82-9D36-4D9A-9DC0-C4549F06B519}) (Version: 14.1.431 - O&O Software GmbH)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF24 Creator 6.8.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
pomodairo (HKLM-x32\...\{EEBEA077-AB92-5083-ECB1-C15BD842D00B}) (Version: 1.9 - UNKNOWN)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Random Dresser (HKLM-x32\...\RandomDresser) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
RescueTime 2.2.1 (HKLM-x32\...\{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1) (Version:  - RescueTime.com)
Restorer2000 3.3 (HKLM-x32\...\Restorer2000_is1) (Version: 3.3 - Bitmart Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shutdown Manager (HKLM-x32\...\{C457BA5F-35F9-480C-90F8-5C91DB443A15}_is1) (Version: 2.0.7 - Daniel Höllig)
SimpleScreenshot 1.40 (HKLM-x32\...\SimpleScreenshot) (Version:  - )
SiSoftware Sandra Lite 2014.SP2a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 20.35.2014.6 - SiSoftware)
SIW version 2011.10.29 (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.10.29 - Topala Software Solutions)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Steganos Safe 14 (HKLM-x32\...\{13B7FBFB-622E-4002-8570-594798E6167D}) (Version: 14.2.2 - Steganos Software GmbH)
Steuer-Spar-Erklärung 2008 (HKLM-x32\...\{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}) (Version: 13.02.0000 - Akademische Arbeitsgemeinschaft)
Steuer-Spar-Erklärung 2009 (HKLM-x32\...\{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}) (Version: 14.01.0000 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2010 (HKLM-x32\...\{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}) (Version: 15.15 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2011 (HKLM-x32\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.18 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.14 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.12.92 - Akademische Arbeitsgemeinschaft)
Streamripper (Remove only) (HKLM-x32\...\Streamripper) (Version:  - )
Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten (HKLM\...\{CAD7B6DD-9C82-4D17-BAE8-3E9AE4971B90}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
Time Stamp (HKLM-x32\...\Time Stamp_is1) (Version:  - 3.23.2010-0313)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.0.0 - TP-LINK)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
Tunatic (HKLM-x32\...\Tunatic) (Version:  - )
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinPatrol (HKLM\...\{6E575124-6D34-4E65-9375-7D69468A6089}) (Version: 30.9 - BillP Studios)
WinRAR 5.10 Beta 4 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Zuzahlungsrechner (HKLM-x32\...\{B2C69E77-F209-4B63-8676-4F32B27E162B}) (Version: 3.6.0 - sfr-software-fuers-heim)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1242904208-471078349-2963378918-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\XXXXX XXXXX\AppData\Roaming\moters\supna.dll No File <==== ATTENTION

==================== Restore Points  =========================

14-01-2015 08:05:58 Windows Update
15-01-2015 18:45:05 Windows Update
16-01-2015 05:01:13 Windows Modules Installer
20-01-2015 06:35:31 Windows Update
21-01-2015 00:02:16 Windows Update
27-01-2015 20:19:44 Windows Update
31-01-2015 17:38:41 Removed Java 7 Update 67

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-08-24 12:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0CAEEB6B-A216-4E04-9EA6-AC310639FD8D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {0E16AE93-AC32-4015-9120-BB0947F3E1AF} - System32\Tasks\MLSC => C:\Users\XXXXX XXXXX\AppData\Roaming\MLSC.exe <==== ATTENTION
Task: {13DABB31-ABBE-4704-8EDF-E28147F8962C} - \SMWPUpd No Task File <==== ATTENTION
Task: {23CEA58C-8E99-49B6-96E0-E0033F148659} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {26DA7882-781D-4FC9-B1A5-5F5B1F7227FE} - System32\Tasks\{6A246FB0-E753-4188-9543-22389AB30F4E} => pcalua.exe -a "C:\Users\XXXXX XXXXX\Downloads\Chandler_win_1.0.3.exe" -d "C:\Users\XXXXX XXXXX\Downloads"
Task: {2F491965-426D-4740-BA34-9AC1AFB8DDE2} - System32\Tasks\UHTQPK => C:\Users\XXXXX XXXXX\AppData\Roaming\UHTQPK.exe <==== ATTENTION
Task: {331D0C36-5AAC-434D-A64B-8F53AF5F083F} - System32\Tasks\zupa3002 => C:\PROGRA~2\TabNav\zupa3002.exe
Task: {38C51694-B081-4739-8E17-069D4A49D4D4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {47C46238-A6C4-4C4B-BE85-E6E1425608CB} - System32\Tasks\{144D2C4F-2583-452B-AC74-C64839CF03CC} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller" -c -hunter
Task: {5A42985A-DC32-4FE1-8210-CA09F67316FC} - System32\Tasks\HPCustPartic.exe_{96420065-3C4E-4B3E-96DB-DB0760F51DDD} => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {5B5D6CC7-9FA7-4441-9A09-8A3C4EA669FD} - System32\Tasks\{9B880EC1-DC3B-45D7-A7BB-4E131A7A884F} => pcalua.exe -a "C:\Users\XXXXX XXXXX\Downloads\esetsmartinstaller_enu.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {5E1E681C-C0F1-4E87-8C95-38A011634E9C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {658A7160-D5FE-40D6-8358-5AC71CDD5600} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Arbeitscomputer-XXXXX XXXXX Arbeitscomputer => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: {739C86AB-D488-4894-A94A-E1C873D935C4} - System32\Tasks\{239C0599-E784-4910-B228-5D5AB8D346A6} => pcalua.exe -a "C:\Users\XXXXX XXXXX\Downloads\HiJackThis204.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {773149FF-2A04-41E8-AEF1-735F0738EC51} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {792B72B2-C51B-4379-B2AA-007529DB50F0} - System32\Tasks\{8D77E667-A31C-4EB4-B209-1E559B732CBC} => pcalua.exe -a "C:\Program Files (x86)\Canon\IJEREG\MP160\UNINST.EXE"
Task: {79995E4D-7C32-4800-8797-6893DD64333B} - System32\Tasks\{186E3D0B-D440-49E7-8F64-7917C92B0863} => pcalua.exe -a "C:\Users\XXXXX XXXXX\AppData\Roaming\omiga-plus\UninstallManager.exe" -c -ptid=obw <==== ATTENTION
Task: {7AEAE564-35D2-434E-8BC2-12BF5BC672DE} - System32\Tasks\HPCustParticipation HP Deskjet 3070 B611 series => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {7EED0456-B087-4708-8496-6474B917CECB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {92533B9B-37E7-4E54-B7DE-F8B0B255CFEE} - System32\Tasks\{4781B96F-C3F4-45CF-AB6F-C64C9AD3E88D} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{319D91C6-3D44-436C-9F79-36C0D22372DC}\setup.exe" -d "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK" -c -runfromtemp -removeonly
Task: {9C395D30-C0E5-4B3A-A232-E38DA71A3827} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A1D835EF-9220-45A2-811E-2CA5B38166BF} - System32\Tasks\hpUrlLauncher.exe_{4AF7A75F-FDE8-41B8-80D9-5C3EBC32D019} => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\utils\hpUrlLauncher.exe
Task: {A8889BDD-EEA6-44D8-85E8-4A53B4C6FFC7} - System32\Tasks\avaxvyvax => C:\Users\XXXXX XXXXX\AppData\Local\avaxvyvax\avaxvyvax.exe
Task: {B7A342C6-6ABF-492E-9250-2C92CB583846} - System32\Tasks\{A2A68590-5CAE-4C98-8B98-D18CC5E4C073} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{3DB0448D-AD82-4923-B305-D001E521A964}\setup.exe" -c -runfromtemp -l0x407 -removeonly
Task: {B99335C8-3858-4912-916A-9AC2D8DFC005} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {BBBF9E37-C1CD-4CF0-A783-CE021D6D2928} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {C1ACE4A8-19C0-45F4-9D33-A8411D825BF4} - System32\Tasks\NWAUR => C:\Users\XXXXX XXXXX\AppData\Roaming\NWAUR.exe <==== ATTENTION
Task: {C3A9171A-C2B0-4DD2-90FB-60F5166A5C06} - System32\Tasks\sondhschedule => C:\Users\XXXXX
Task: {C4D8DBDC-0684-4CD1-8370-6636F2A8C92D} - System32\Tasks\FMLW => C:\Users\XXXXX XXXXX\AppData\Roaming\FMLW.exe <==== ATTENTION
Task: {CE5325CF-BB63-4751-AB56-BD427BEAA0D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-31] (Adobe Systems Incorporated)
Task: {D8BC15BF-E6F5-4406-95E2-4C359424AE7D} - \SMW_UpdateTask_Time_333035393833303830392d5a556c6c4a5a575750414134 No Task File <==== ATTENTION
Task: {DA50F050-8700-4A90-9184-FBA2F85ECA89} - System32\Tasks\Inst_Rep => C:\Users\XXXXX XXXXX\AppData\Local\Installer\Install_24189\DCytdieamo_amodc_setup.exe [2015-01-31] ()
Task: {E36CA599-B047-467B-99AF-5E380AFECE05} - System32\Tasks\{AC797CD7-B058-4AC8-84B2-B2307D6AFF9B} => C:\Program Files (x86)\Chandler1.0.3\chandler.exe
Task: {E85DBE85-E344-4E48-A05A-ACF97445121F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {E9A74425-992C-4024-A0F4-03BCF765A15D} - \SPBIW_UpdateTask_Time_333035393833303830392d5a556c6c4a5a575750414134 No Task File <==== ATTENTION
Task: {F30712C0-5F79-4616-BFEE-8D27E1822469} - System32\Tasks\{581487AC-8AAF-40E1-A997-6B8519F0C5EC} => C:\Program Files (x86)\Chandler1.0.3\chandler.exe
Task: {FC0397BA-8222-41E7-836D-453BA55E74DB} - System32\Tasks\{2E665153-C229-4C02-9699-2F4EF08B1807} => pcalua.exe -a C:\Users\DANIEL~1\AppData\Local\Temp\InstallFlashPlayer.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FMLW.job => C:\Users\XXXXX XXXXX\AppData\Roaming\FMLW.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MLSC.job => C:\Users\XXXXX XXXXX\AppData\Roaming\MLSC.exe <==== ATTENTION
Task: C:\Windows\Tasks\NWAUR.job => C:\Users\XXXXX XXXXX\AppData\Roaming\NWAUR.exe <==== ATTENTION
Task: C:\Windows\Tasks\UHTQPK.job => C:\Users\XXXXX XXXXX\AppData\Roaming\UHTQPK.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2007-10-04 14:32 - 2007-10-04 14:32 - 00122880 _____ () C:\Program Files (x86)\Common Files\AAV\aavus.exe
2011-01-13 09:04 - 2011-01-13 09:04 - 00030080 _____ () C:\Windows\snuvcdsm.exe
2011-11-13 22:52 - 2011-11-13 22:51 - 00200704 _____ () C:\Windows\PLFSetI.exe
2009-07-29 13:10 - 2009-07-29 13:10 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-11-13 21:44 - 2011-11-13 21:44 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-12-28 14:38 - 2014-04-22 19:39 - 00645592 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BotkindSyncService => 2
MSCONFIG\Services: FoxitCloudUpdateService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NoIPDUCService4 => 2
MSCONFIG\Services: NTI IScheduleSvc => 2
MSCONFIG\Services: NTIBackupSvc => 3
MSCONFIG\Services: NTISchedulerSvc => 2
MSCONFIG\Services: OODefragAgent => 2
MSCONFIG\Services: PassThru Service => 2
MSCONFIG\Services: PDF Architect Helper Service => 2
MSCONFIG\Services: PDF Architect Service => 2
MSCONFIG\Services: SandraAgentSrv => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\Services: TomTomHOMEService => 2
MSCONFIG\Services: Updater Service => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart

========================= Accounts: ==========================

Administrator (S-1-5-21-1242904208-471078349-2963378918-500 - Administrator - Disabled)
XXXXX XXXXX (S-1-5-21-1242904208-471078349-2963378918-1000 - Administrator - Enabled) => C:\Users\XXXXX XXXXX
XXXXX (S-1-5-21-1242904208-471078349-2963378918-1003 - Limited - Enabled) => C:\Users\XXXXX
Gast (S-1-5-21-1242904208-471078349-2963378918-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1242904208-471078349-2963378918-1002 - Limited - Enabled)
Versuch (S-1-5-21-1242904208-471078349-2963378918-1004 - Administrator - Enabled) => C:\Users\Versuch

==================== Faulty Device Manager Devices =============

Name: SPDRIVER_1361.0.0.0
Description: SPDRIVER_1361.0.0.0
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SPDRIVER_1361.0.0.0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/31/2015 05:20:22 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
  bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
  bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)


System errors:
=============
Error: (01/31/2015 05:19:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SPDRIVER_1361.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3


Microsoft Office Sessions:
=========================
Error: (01/31/2015 05:20:22 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
  bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
  bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)


CodeIntegrity Errors:
===================================
  Date: 2014-08-24 13:21:32.971
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.769
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.550
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.332
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:01.069
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\DANIEL~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:00.711
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\DANIEL~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:00.330
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:00.010
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-01 15:18:48.633
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-01 15:18:48.446
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 39%
Total physical RAM: 3956.5 MB
Available physical RAM: 2407.97 MB
Total Pagefile: 7911.18 MB
Available Pagefile: 5902.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:290.05 GB) (Free:101.13 GB) NTFS
Drive d: (DATA) (Fixed) (Total:290.4 GB) (Free:285.17 GB) NTFS
Drive f: (INTENSO) (Removable) (Total:14.44 GB) (Free:14.44 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 6D48B855)
Partition 1: (Not Active) - (Size=15.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=290.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=290.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.5 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.

==================== End Of Log ============================

Bootsektor 01.02.2015 00:20
Hallo,
Zitat:


Es gibt trotzdem noch einige Probleme, auch wenn es schon etwas sauberer läuft...
Wir sind ja auch noch nicht fertig :)

Schritt 1
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Schritt 2
Starte noch einmal FRST.
  • Setze den Haken bei addition.txt und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop (oder in dem Verzeichnis in dem FRST liegt) gespeichert.
  • Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.

magigstar 01.02.2015 01:03
Es ist echt komisch...

Ich habe alles deaktiviert.
Habe ComboFix auf den Desktop verschoben.

Ich klicke an, es lädt bzw. wird ausgespackt.
Aber dann nichts...

Starte ich ComboFix erneut, kommt gleich eine Fehlermeldung, die ich ignorieren, wiederholen oder abbrechen kann.

Bootsektor 01.02.2015 01:19
Was ist denn der genaue Wortlaut der Fehlermeldung?

magigstar 01.02.2015 09:08
Combofix hat doch noch funktioniert...

Code:
ComboFix 15-01-29.01 - XXXXXX XXXXXX 01.02.2015  8:31.2.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3956.2532 [GMT 1:00]
ausgeführt von:: c:\users\XXXXXX XXXXXX\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\38307773-d954-48f2-8127-93df0ea63e4a\3e7d90a7-d362-46a9-a145-3ee08200dffd.dll
c:\program files (x86)\878e2246-8f7a-48fe-89f9-845dc6abbab7\74ac0708-eebd-4d53-83f6-7f4779f2f294.dll
c:\program files (x86)\878e2246-8f7a-48fe-89f9-845dc6abbab7\878e2246-8f7a-48fe-89f9-845dc6abbab7.dll
c:\program files (x86)\Acer\38307773-d954-48f2-8127-93df0ea63e4a.dll
c:\program files (x86)\Acer\ed55547d-8d98-4039-96d9-00407eb30671.dll
c:\program files (x86)\ed55547d-8d98-4039-96d9-00407eb30671\ca846dc2-84dd-4e20-94fa-902a5cafe3c0.dll
c:\program files (x86)\sss
c:\program files (x86)\sss\SimpleScreenshot.exe
c:\program files (x86)\sss\upload.php
c:\users\DANIEL~1\AppData\Local\Temp\7zS1D89\HPSLPSVC64.DLL
c:\users\DANIEL~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdejhodejngcbmkiddfjkieejekbfil
c:\users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdejhodejngcbmkiddfjkieejekbfil\242\background.html
c:\users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdejhodejngcbmkiddfjkieejekbfil\242\content.js
c:\users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdejhodejngcbmkiddfjkieejekbfil\242\GuJbTt1.js
c:\users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdejhodejngcbmkiddfjkieejekbfil\242\lsdb.js
c:\users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdejhodejngcbmkiddfjkieejekbfil\242\manifest.json
c:\users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_afleebcccoakjdegifmipchmkmnbmbcg_0.localstorage-journal
c:\users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_afleebcccoakjdegifmipchmkmnbmbcg_0.localstorage
c:\users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_obdejhodejngcbmkiddfjkieejekbfil_0.localstorage-journal
c:\users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_obdejhodejngcbmkiddfjkieejekbfil_0.localstorage
c:\users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\XXXXXX XXXXXX\AppData\Local\Temp\7zS1D89\HPSLPSVC64.DLL
c:\users\XXXXXX XXXXXX\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ilhln8u2.default\extensions\staged\wq@P.net
c:\users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ilhln8u2.default\extensions\staged\wq@P.net\bootstrap.js
c:\users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ilhln8u2.default\extensions\staged\wq@P.net\chrome.manifest
c:\users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ilhln8u2.default\extensions\staged\wq@P.net\content\bg.js
c:\users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ilhln8u2.default\extensions\staged\wq@P.net\install.rdf
c:\users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ilhln8u2.default\extensions\staged\Za7@Ky.edu
c:\users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ilhln8u2.default\extensions\staged\Za7@Ky.edu\bootstrap.js
c:\users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ilhln8u2.default\extensions\staged\Za7@Ky.edu\chrome.manifest
c:\users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ilhln8u2.default\extensions\staged\Za7@Ky.edu\content\bg.js
c:\users\XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ilhln8u2.default\extensions\staged\Za7@Ky.edu\install.rdf
c:\users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\r7teyr0l.default-1417873282698\extensions\staged\wq@P.net
c:\users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\r7teyr0l.default-1417873282698\extensions\staged\wq@P.net\bootstrap.js
c:\users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\r7teyr0l.default-1417873282698\extensions\staged\wq@P.net\chrome.manifest
c:\users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\r7teyr0l.default-1417873282698\extensions\staged\wq@P.net\content\bg.js
c:\users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\r7teyr0l.default-1417873282698\extensions\staged\wq@P.net\install.rdf
c:\users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\r7teyr0l.default-1417873282698\extensions\staged\Za7@Ky.edu
c:\users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\r7teyr0l.default-1417873282698\extensions\staged\Za7@Ky.edu\bootstrap.js
c:\users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\r7teyr0l.default-1417873282698\extensions\staged\Za7@Ky.edu\chrome.manifest
c:\users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\r7teyr0l.default-1417873282698\extensions\staged\Za7@Ky.edu\content\bg.js
c:\users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\r7teyr0l.default-1417873282698\extensions\staged\Za7@Ky.edu\install.rdf
c:\windows\SysWow64\X86
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SPDRIVER_1361.0.0.0
-------\Service_HPSLPSVC
-------\Service_SPDRIVER_1361.0.0.0
.
.
(((((((((((((((((((((((  Dateien erstellt von 2015-01-01 bis 2015-02-01  ))))))))))))))))))))))))))))))
.
.
2015-02-01 07:39 . 2015-02-01 07:39        --------        d-----w-        c:\users\Versuch\AppData\Local\temp
2015-02-01 07:39 . 2015-02-01 07:39        --------        d-----w-        c:\users\Public\AppData\Local\temp
2015-02-01 07:39 . 2015-02-01 07:39        --------        d-----w-        c:\users\XXXXXX\AppData\Local\temp
2015-02-01 07:39 . 2015-02-01 07:39        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-01-31 08:34 . 2015-01-31 08:35        --------        d-----w-        c:\program files (x86)\Booster-Web
2015-01-31 08:34 . 2015-01-31 09:01        --------        d-----w-        c:\users\XXXXXX XXXXXX\AppData\Roaming\Booster-Web
2015-01-31 08:33 . 2015-02-01 07:39        --------        d-----w-        c:\program files (x86)\878e2246-8f7a-48fe-89f9-845dc6abbab7
2015-01-31 08:31 . 2015-01-31 08:31        --------        d-----w-        c:\programdata\SearchModulePlus
2015-01-31 08:30 . 2015-02-01 07:39        --------        d-----w-        c:\program files (x86)\38307773-d954-48f2-8127-93df0ea63e4a
2015-01-31 08:30 . 2015-02-01 07:39        --------        d-----w-        c:\program files (x86)\ed55547d-8d98-4039-96d9-00407eb30671
2015-01-31 08:29 . 2015-01-31 08:29        --------        d-----w-        c:\users\XXXXXX XXXXXX\AppData\Local\Installer
2015-01-31 08:06 . 2015-01-31 08:06        --------        d-----w-        c:\windows\SysWow64\AMD64
2015-01-31 08:06 . 2015-01-31 16:44        --------        d-----w-        c:\program files (x86)\Hearthstone Stream Browser
2015-01-31 08:03 . 2015-01-31 08:03        --------        d-----w-        c:\programdata\{06467b43-d78a-a739-0646-67b43d78ed0f}
2015-01-31 07:59 . 2015-01-31 15:56        --------        d-----w-        c:\users\XXXXXX XXXXXX\AppData\Local\avaxvyvax
2015-01-31 07:52 . 2014-12-14 09:53        332568        ----a-w-        c:\windows\SysWow64\ColorMedia.dll
2015-01-31 07:52 . 2014-12-14 09:53        378640        ----a-w-        c:\windows\system32\ColorMedia64.dll
2015-01-30 19:08 . 2015-01-30 19:08        --------        d-----w-        c:\users\Versuch\AppData\Roaming\PDF Architect
2015-01-30 19:08 . 2015-01-30 19:08        --------        d-----w-        c:\users\Versuch\AppData\Local\IsolatedStorage
2015-01-30 18:28 . 2014-12-15 03:13        11870360        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{F9B7479F-896C-4FB5-A917-61263B03EDB4}\mpengine.dll
2015-01-29 10:55 . 2015-01-29 10:55        820072        ----a-w-        c:\program files\Common Files\System\SysMenu64.dll
2015-01-29 10:55 . 2015-01-29 10:55        649064        ----a-w-        c:\program files\Common Files\System\SysMenu.dll
2015-01-21 20:19 . 2015-01-27 05:18        73840        ----a-w-        c:\program files (x86)\Mozilla Firefox\wow_helper.exe
2015-01-20 05:34 . 2014-12-12 05:35        5553592        ----a-w-        c:\windows\system32\ntoskrnl.exe
2015-01-20 05:34 . 2014-12-12 05:11        3971512        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2015-01-20 05:34 . 2014-12-12 05:31        503808        ----a-w-        c:\windows\system32\srcore.dll
2015-01-20 05:34 . 2014-12-12 05:11        3916728        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2015-01-20 05:34 . 2014-12-12 05:31        50176        ----a-w-        c:\windows\system32\srclient.dll
2015-01-20 05:34 . 2014-12-12 05:31        296960        ----a-w-        c:\windows\system32\rstrui.exe
2015-01-20 05:34 . 2014-12-12 05:07        43008        ----a-w-        c:\windows\SysWow64\srclient.dll
2015-01-14 07:06 . 2014-12-19 01:46        141312        ----a-w-        c:\windows\system32\drivers\mrxdav.sys
2015-01-14 07:06 . 2014-12-06 04:17        303616        ----a-w-        c:\windows\system32\nlasvc.dll
2015-01-14 07:06 . 2014-12-06 03:50        52224        ----a-w-        c:\windows\SysWow64\nlaapi.dll
2015-01-14 07:06 . 2014-12-06 03:50        156672        ----a-w-        c:\windows\SysWow64\ncsi.dll
2015-01-14 07:06 . 2014-12-19 03:06        210432        ----a-w-        c:\windows\system32\profsvc.dll
2015-01-14 07:06 . 2014-12-11 17:47        87040        ----a-w-        c:\windows\system32\TSWbPrxy.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-31 14:24 . 2014-08-05 13:08        129752        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-31 06:56 . 2012-04-02 18:28        701616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-31 06:56 . 2011-11-15 20:21        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-15 17:46 . 2011-11-18 18:58        113365784        ----a-w-        c:\windows\system32\MRT.exe
2015-01-08 08:55 . 2011-11-15 20:40        298120        ------w-        c:\windows\system32\MpSigStub.exe
2014-12-13 05:09 . 2014-12-17 18:31        144384        ----a-w-        c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-17 18:31        115712        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2014-12-04 02:50 . 2014-12-11 21:49        413184        ----a-w-        c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-11 21:49        741376        ----a-w-        c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-11 21:49        396800        ----a-w-        c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-11 21:49        830976        ----a-w-        c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-11 21:49        192000        ----a-w-        c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-11 21:49        227328        ----a-w-        c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-11 21:49        1083392        ----a-w-        c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-11 21:49        1232040        ----a-w-        c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-11 21:46        389296        ----a-w-        c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-11 21:46        25059840        ----a-w-        c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-11 21:46        2724864        ----a-w-        c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-11 21:46        4096        ----a-w-        c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-11 21:46        66560        ----a-w-        c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-11 21:46        580096        ----a-w-        c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-11 21:46        48640        ----a-w-        c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-11 21:46        2885120        ----a-w-        c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-11 21:46        88064        ----a-w-        c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-11 21:46        54784        ----a-w-        c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-11 21:46        34304        ----a-w-        c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-11 21:46        633856        ----a-w-        c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-11 21:46        114688        ----a-w-        c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-11 21:46        814080        ----a-w-        c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-11 21:46        6039552        ----a-w-        c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-11 21:46        968704        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-11 21:46        490496        ----a-w-        c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-11 21:46        2724864        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-11 21:46        77824        ----a-w-        c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-11 21:46        199680        ----a-w-        c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-11 21:46        92160        ----a-w-        c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-11 21:46        501248        ----a-w-        c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-11 21:46        62464        ----a-w-        c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-11 21:46        47616        ----a-w-        c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-11 21:46        64000        ----a-w-        c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-11 21:46        316928        ----a-w-        c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-11 21:46        620032        ----a-w-        c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-11 21:46        718848        ----a-w-        c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-11 21:46        800768        ----a-w-        c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-11 21:46        1359360        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-11 21:46        2125312        ----a-w-        c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-11 21:46        14412800        ----a-w-        c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-11 21:46        60416        ----a-w-        c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-11 21:46        4299264        ----a-w-        c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-11 21:46        2358272        ----a-w-        c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-11 21:46        2052096        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-11 21:46        1155072        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-11 21:46        1548288        ----a-w-        c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-11 21:46        800768        ----a-w-        c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-11 21:46        1888256        ----a-w-        c:\windows\SysWow64\wininet.dll
2014-11-21 05:14 . 2014-08-05 13:08        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-11-21 05:14 . 2014-08-05 13:08        93400        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 05:14 . 2014-08-05 13:08        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-11-18 19:47 . 2014-11-18 19:47        1691816        ----a-w-        c:\windows\system32\FM20.DLL
2014-11-11 03:09 . 2014-12-11 21:46        1424384        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 19:06        241152        ----a-w-        c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 19:06        728064        ----a-w-        c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-11 21:46        1230336        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 19:06        186880        ----a-w-        c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 19:06        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-11 21:46        119296        ----a-w-        c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-11 21:38        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-11 21:38        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 16:19        1729744        ----a-w-        c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 16:19        1729744        ----a-w-        c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 16:19        1729744        ----a-w-        c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:41        120104        ----a-w-        c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Photosmart 5520 series (NET)"="c:\program files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2014-04-23 533568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-16 702768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-09 98304]
"SimpleScreenshot"="c:\progra~2\SSS\SIMPLESCREENSHOT.EXE" [BU]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-12-31 126712]
.
c:\users\XXXXXX XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
RescueTime.lnk - c:\program files (x86)\RescueTime\RescueTime.exe [2013-5-22 2401792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe"
"Download Protect"=c:\programdata\dlprotect.exe
"iSaverCtrl"=c:\program files (x86)\iSaver\iSaverCtrl.exe --startup
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 BotkindSyncService;Botkind Service;c:\program files (x86)\Allway Sync\Bin\SyncService.exe service;c:\program files (x86)\Allway Sync\Bin\SyncService.exe service [x]
R4 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
R4 NoIPDUCService4;NO-IP DUC v4;c:\program files (x86)\No-IP\ducservice.exe;c:\program files (x86)\No-IP\ducservice.exe [x]
R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
R4 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe;c:\program files\OO Software\Defrag\oodag.exe [x]
R4 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
R4 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
R4 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
R4 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe;c:\program files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
R4 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Join Air\AssistantServices.exe;c:\program files (x86)\Join Air\AssistantServices.exe [x]
R4 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S1 SLEE_18_DRIVER;Steganos Live Encryption Engine 18 [Driver];c:\windows\Sleen1864.sys;c:\windows\Sleen1864.sys [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Common Files\AAV\aavus.exe;c:\program files (x86)\Common Files\AAV\aavus.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 EkaProt6;Ekahau User Protocol Driver for NDIS 6;c:\windows\system32\DRIVERS\ekaprot6.sys;c:\windows\SYSNATIVE\DRIVERS\ekaprot6.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-27 05:19        1086280        ----a-w-        c:\program files (x86)\Google\Chrome\Application\40.0.2214.93\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-02-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 06:56]
.
2015-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-13 18:09]
.
2014-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-13 18:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 16:17        2334928        ----a-w-        c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 16:17        2334928        ----a-w-        c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 16:17        2334928        ----a-w-        c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:44        137512        ----a-w-        c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SNUVCDSM"="c:\windows\snuvcdsm.exe" [2011-01-13 30080]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-29 8312352]
"PLFSetL"="c:\windows\PLFSetL.exe" [2011-01-13 99712]
"PLFSetI"="c:\windows\PLFSetI.exe" [2011-11-13 200704]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-11 349480]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 295936]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\XXXXXX XXXXXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
Trusted Zone: sklavenzentrale.com\www
TCP: DhcpNameServer = 192.168.178.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\XXXXXX XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
BHO-{7e0aaab3-ba7d-4a2d-b1e6-4289ce4d1b1e} - c:\program files (x86)\unissales\9vFbOLvEX4RE1d.x64.dll
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
AddRemove-Chandler - c:\program files (x86)\Chandler1.0.3\uninst.exe
AddRemove-CoreAAC Audio Decoder - c:\windows\system32\CoreAAC-uninstall.exe
AddRemove-{ad2818b3-1616-4ec8-855d-be6936103e5a} - c:\programdata\Package Cache\{ad2818b3-1616-4ec8-855d-be6936103e5a}\free-system-utilities_Setup_chip_de-DE.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{722b3793-5367-4446-b6bb-db89b05c1f24}\LocalServer32]
@DACL=(02 0000)
@=expand:"%SystemRoot%\\System32\\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {722b3793-5367-4446-b6bb-db89b05c1f24}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
@DACL=(02 0000)
@="Bing"
"DisplayName"="@ieframe.dll,-12512"
"URL"="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-02-01  08:55:53 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-02-01 07:55
ComboFix2.txt  2014-08-24 11:42
.
Vor Suchlauf: 19 Verzeichnis(se), 109.177.110.528 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 116.623.638.528 Bytes frei
.
- - End Of File - - A99390E7139F2ECFA5F55E908DC41F65
A36C5E4F47E84449FF07ED3517B43A31

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by XXXX XXXX (administrator) on ARBEITSCOMPUTER on 01-02-2015 08:59:50
Running from C:\Users\XXXX XXXX\Desktop
Loaded Profiles: XXXX XXXX (Available profiles: XXXX XXXX & XXXX & Versuch)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Common Files\AAV\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SNUVCDSM] => C:\Windows\snuvcdsm.exe [30080 2011-01-13] ()
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-29] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetL] => C:\Windows\PLFSetL.exe [99712 2011-01-13] (Sonix Technology Co., Ltd.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2011-11-13] ()
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-11] (Egis Technology Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-07-22] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SimpleScreenshot] => C:\PROGRA~2\SSS\SIMPLESCREENSHOT.EXE
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-02] (Dritek System Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-23] (BillP Studios)
Startup: C:\Users\XXXX XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk
ShortcutTarget: RescueTime.lnk -> C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1242904208-471078349-2963378918-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: unissales -> {7e0aaab3-ba7d-4a2d-b1e6-4289ce4d1b1e} -> C:\Program Files (x86)\unissales\9vFbOLvEX4RE1d.x64.dll No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Booster-Web helper -> {B5147546-9359-4D9B-8B36-F54C54555799} -> C:\Program Files (x86)\Booster-Web\Booster-Web.dll (App LLC)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Booster-Web helper -> {B5147546-9359-4D9B-8B36-F54C54555799} -> C:\Program Files (x86)\Booster-Web\Booster-Web.dll (App LLC)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\searchplugins\trovi.xml
FF Extension: Booster Web - C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\jid1-U7omKQ6kQfxMaQ@jetpack [2015-01-31]
FF Extension: Zoom It - C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{680219c9-7bbf-5dfc-84d8-33b88668b4ab} [2015-01-31]
FF Extension: LeechBlock - C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2014-12-07]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\XXXX XXXX\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (Google Docs) - C:\Users\XXXX XXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-25]
CHR Extension: (Google Drive) - C:\Users\XXXX XXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\XXXX XXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-26]
CHR Extension: (YouTube) - C:\Users\XXXX XXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-25]
CHR Extension: (Google Search) - C:\Users\XXXX XXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-25]
CHR Extension: (Avira Browser Safety) - C:\Users\XXXX XXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-26]
CHR Extension: (Google Wallet) - C:\Users\XXXX XXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-26]
CHR Extension: (Gmail) - C:\Users\XXXX XXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-25]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Common Files\AAV\aavus.exe [122880 2007-10-04] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
S4 BotkindSyncService; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [182784 2013-10-10] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S4 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241704 2014-03-25] (Foxit Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-11] (Egis Technology Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 NoIPDUCService4; C:\Program Files (x86)\No-IP\ducservice.exe [11264 2013-01-24] () [File not signed]
S4 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3051848 2011-01-25] (O&O Software GmbH)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] () [File not signed]
S4 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S4 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) [File not signed]
S4 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe [72344 2008-05-19] (SiSoftware) [File not signed]
S4 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [247152 2010-04-27] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 EkaProt6; C:\Windows\System32\DRIVERS\ekaprot6.sys [27288 2012-03-23] (Ekahau Inc.)
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [109144 2014-01-30] (Softwareentwicklung Remus - ArchiCrypt - )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806592 2011-01-13] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 08:59 - 2015-02-01 09:00 - 00019065 _____ () C:\Users\XXXX XXXX\Desktop\FRST.txt
2015-02-01 08:55 - 2015-02-01 08:55 - 00039830 _____ () C:\ComboFix.txt
2015-02-01 01:01 - 2015-02-01 00:56 - 05611408 ____R (Swearware) C:\Users\XXXX XXXX\Desktop\ComboFix.exe
2015-02-01 00:56 - 2015-02-01 00:56 - 05611408 ____R (Swearware) C:\Users\XXXX XXXX\Downloads\ComboFix.exe
2015-02-01 00:46 - 2015-02-01 00:46 - 00000249 _____ () C:\Users\XXXX XXXX\Desktop\TM-Kurse in Lörrach Transzendentale Meditation.URL
2015-01-31 23:47 - 2015-01-31 23:51 - 00002169 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2015.lnk
2015-01-31 20:29 - 2015-01-31 20:29 - 00000269 _____ () C:\Users\XXXX XXXX\Desktop\Online Fitness mit Trainingsplänen - FREELETICS.URL
2015-01-31 17:50 - 2015-02-01 08:59 - 00000000 ____D () C:\Users\XXXX XXXX\Desktop\FRST-OlderVersion
2015-01-31 17:48 - 2015-01-31 17:48 - 00000337 _____ () C:\Users\XXXX XXXX\Desktop\Samsung Tab - kein Speicherplatz - Android-Hilfe.de.URL
2015-01-31 17:00 - 2015-01-31 17:01 - 00001671 _____ () C:\Users\XXXX XXXX\Desktop\JRT.txt
2015-01-31 16:55 - 2015-01-31 16:55 - 00057200 _____ () C:\Users\XXXX XXXX\Desktop\Malwarebytes Anti-Malware.txt
2015-01-31 15:22 - 2015-01-31 15:22 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-31 15:03 - 2015-01-31 15:03 - 02194432 _____ () C:\Users\XXXX XXXX\Desktop\AdwCleaner_4.109.exe
2015-01-31 15:03 - 2015-01-31 15:03 - 01707939 _____ (Thisisu) C:\Users\XXXX XXXX\Desktop\JRT.exe
2015-01-31 11:33 - 2015-01-31 11:33 - 00000000 ____D () C:\Users\XXXX XXXX\Documents\TokensBackup
2015-01-31 10:12 - 2015-02-01 08:59 - 02131456 _____ (Farbar) C:\Users\XXXX XXXX\Desktop\FRST64.exe
2015-01-31 10:10 - 2015-01-31 10:10 - 00001101 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-31 09:43 - 2015-01-31 09:46 - 00000000 ____D () C:\Users\XXXX XXXX\Desktop\Ordnung
2015-01-31 09:35 - 2015-01-31 09:35 - 00000000 ____D () C:\Users\XXXX XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Booster-Web
2015-01-31 09:34 - 2015-01-31 10:01 - 00000000 ____D () C:\Users\XXXX XXXX\AppData\Roaming\Booster-Web
2015-01-31 09:34 - 2015-01-31 09:35 - 00000000 ____D () C:\Program Files (x86)\Booster-Web
2015-01-31 09:34 - 2015-01-31 09:34 - 00003408 _____ () C:\Windows\System32\Tasks\sondhschedule
2015-01-31 09:34 - 2015-01-31 09:34 - 00003108 _____ () C:\Windows\System32\Tasks\zupa3002
2015-01-31 09:33 - 2015-02-01 08:39 - 00000000 ____D () C:\Program Files (x86)\878e2246-8f7a-48fe-89f9-845dc6abbab7
2015-01-31 09:32 - 2015-01-31 09:32 - 00001117 _____ () C:\Users\XXXX XXXX\Desktop\Continue installation .lnk
2015-01-31 09:31 - 2015-01-31 09:31 - 00000000 ____D () C:\ProgramData\SearchModulePlus
2015-01-31 09:30 - 2015-02-01 08:39 - 00000000 ____D () C:\Program Files (x86)\ed55547d-8d98-4039-96d9-00407eb30671
2015-01-31 09:30 - 2015-02-01 08:39 - 00000000 ____D () C:\Program Files (x86)\38307773-d954-48f2-8127-93df0ea63e4a
2015-01-31 09:29 - 2015-01-31 09:29 - 00003446 _____ () C:\Windows\System32\Tasks\Inst_Rep
2015-01-31 09:06 - 2015-01-31 17:44 - 00000000 ____D () C:\Program Files (x86)\Hearthstone Stream Browser
2015-01-31 09:06 - 2015-01-31 09:06 - 00000000 ____D () C:\Windows\SysWOW64\AMD64
2015-01-31 09:03 - 2015-01-31 09:03 - 00000000 ____D () C:\ProgramData\{06467b43-d78a-a739-0646-67b43d78ed0f}
2015-01-31 08:59 - 2015-01-31 16:56 - 00000000 ____D () C:\Users\XXXX XXXX\AppData\Local\avaxvyvax
2015-01-31 08:59 - 2015-01-31 08:59 - 00003556 _____ () C:\Windows\System32\Tasks\avaxvyvax
2015-01-31 08:59 - 2015-01-31 08:59 - 00003206 _____ () C:\Windows\System32\Tasks\{186E3D0B-D440-49E7-8F64-7917C92B0863}
2015-01-31 08:57 - 2015-01-31 08:57 - 01191200 _____ () C:\Users\XXXX XXXX\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2015-01-31 08:52 - 2014-12-14 10:53 - 00378640 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll
2015-01-31 08:52 - 2014-12-14 10:53 - 00332568 _____ (CartCrunch Israel Ltd.) C:\Windows\SysWOW64\ColorMedia.dll
2015-01-30 20:51 - 2015-01-30 20:51 - 00000600 _____ () C:\Users\XXXX XXXX\AppData\Roaming\winscp.rnd
2015-01-30 20:08 - 2015-01-30 20:08 - 00000000 ____D () C:\Users\Versuch\AppData\Roaming\PDF Architect
2015-01-30 20:08 - 2015-01-30 20:08 - 00000000 ____D () C:\Users\Versuch\AppData\Local\IsolatedStorage
2015-01-30 19:16 - 2015-01-30 19:17 - 00000000 ____D () C:\Users\Versuch\AppData\OICE_15_974FA576_32C1D314_2072
2015-01-27 21:08 - 2015-02-01 08:52 - 00005192 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Arbeitscomputer-XXXX XXXX Arbeitscomputer
2015-01-25 17:12 - 2015-01-25 17:12 - 00002086 _____ () C:\Users\XXXX XXXX\AppData\Roaming\UHTQPK
2015-01-25 17:12 - 2015-01-25 17:12 - 00002086 _____ () C:\Users\XXXX XXXX\AppData\Roaming\NWAUR
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\XXXX XXXX\AppData\Roaming\MLSC
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\XXXX XXXX\AppData\Roaming\FMLW
2015-01-20 06:34 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-20 06:34 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-20 06:34 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-20 06:34 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-20 06:34 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-20 06:34 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-20 06:34 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 08:06 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:06 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:06 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 08:06 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:06 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 08:06 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 05:55 - 2015-01-13 05:55 - 00009429 _____ () C:\Users\XXXX XXXX\AppData\Local\recently-used.xbel

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 08:59 - 2014-08-21 20:10 - 00000000 ____D () C:\FRST
2015-02-01 08:55 - 2014-08-24 12:03 - 00000000 ____D () C:\Qoobox
2015-02-01 08:50 - 2012-09-20 04:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-01 08:50 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-01 08:48 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-01 08:48 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-01 08:46 - 2011-11-13 21:43 - 01373674 _____ () C:\Windows\WindowsUpdate.log
2015-02-01 08:41 - 2014-06-20 13:07 - 00112126 _____ () C:\Windows\PFRO.log
2015-02-01 08:41 - 2014-06-18 08:20 - 00027797 _____ () C:\Windows\setupact.log
2015-02-01 08:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-01 08:40 - 2013-10-13 19:47 - 00000000 ____D () C:\Windows\erdnt
2015-02-01 08:40 - 2009-07-14 03:34 - 24379392 _____ () C:\Windows\system32\config\system.bak
2015-02-01 08:40 - 2009-07-14 03:34 - 113508352 _____ () C:\Windows\system32\config\software.bak
2015-02-01 08:40 - 2009-07-14 03:34 - 05505024 _____ () C:\Windows\system32\config\default.bak
2015-02-01 08:40 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-02-01 08:40 - 2009-07-14 03:34 - 00032768 _____ () C:\Windows\system32\config\security.bak
2015-02-01 08:39 - 2009-11-05 01:49 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-02-01 08:05 - 2012-08-14 18:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-01 00:31 - 2012-03-25 11:40 - 00000000 ____D () C:\Users\XXXX XXXX\Documents\Steuerfälle
2015-01-31 23:47 - 2012-03-25 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps
2015-01-31 23:47 - 2012-03-25 11:26 - 00000000 ____D () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft
2015-01-31 17:39 - 2013-09-19 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-31 17:39 - 2012-03-11 02:08 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-31 17:19 - 2011-11-14 06:15 - 00000000 ____D () C:\Windows\Lan
2015-01-31 15:24 - 2014-08-05 14:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-31 15:22 - 2014-08-05 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-31 15:22 - 2014-08-05 14:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-31 15:08 - 2014-11-16 12:18 - 00001025 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-31 15:08 - 2014-11-16 12:18 - 00001013 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-31 15:08 - 2014-10-25 07:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-31 15:08 - 2014-08-24 18:36 - 00000000 ____D () C:\AdwCleaner
2015-01-31 15:08 - 2011-11-20 15:41 - 00001021 _____ () C:\Users\XXXX XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-31 10:10 - 2014-08-06 10:55 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-31 10:10 - 2013-02-24 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-31 10:09 - 2013-02-24 19:39 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-31 09:44 - 2014-08-07 20:56 - 02931200 ___SH () C:\Users\XXXX XXXX\Desktop\Thumbs.db
2015-01-31 09:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-31 07:56 - 2014-08-15 15:44 - 00000000 ____D () C:\Users\XXXX XXXX\AppData\Local\Adobe
2015-01-31 07:56 - 2012-04-02 19:28 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-31 07:56 - 2012-04-02 19:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-31 07:56 - 2011-11-15 21:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-30 19:03 - 2014-09-10 06:10 - 00000000 ____D () C:\Users\Versuch\AppData\Roaming\SimpleScreenshot
2015-01-27 20:12 - 2014-11-10 20:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 06:18 - 2014-11-16 12:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 07:21 - 2012-06-10 14:07 - 00000000 ____D () C:\Users\XXXX XXXX\Documents\Bewerbungen
2015-01-25 17:19 - 2011-11-14 06:34 - 00702664 _____ () C:\Windows\system32\perfh007.dat
2015-01-25 17:19 - 2011-11-14 06:34 - 00151424 _____ () C:\Windows\system32\perfc007.dat
2015-01-25 17:19 - 2009-07-14 06:13 - 01629998 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-23 21:11 - 2013-11-02 09:43 - 00000000 ____D () C:\Users\XXXX XXXX\AppData\Roaming\Skype
2015-01-20 14:50 - 2014-09-10 06:09 - 00000000 ____D () C:\Users\Versuch
2015-01-20 14:50 - 2013-05-22 21:33 - 00000000 ____D () C:\Users\XXXX XXXX\AppData\Local\RescueTime.com
2015-01-20 14:50 - 2012-03-30 17:57 - 00000000 ____D () C:\Users\XXXX
2015-01-20 14:50 - 2011-12-01 21:23 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-01-20 14:50 - 2011-11-20 16:01 - 00000000 ____D () C:\Users\XXXX XXXX\AppData\Roaming\SimpleScreenshot
2015-01-20 14:50 - 2009-11-05 01:26 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-20 14:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-20 06:21 - 2011-11-13 22:46 - 00000000 ____D () C:\Users\XXXX XXXX
2015-01-18 20:07 - 2012-04-07 11:49 - 00000000 ____D () C:\Users\XXXX XXXX\Documents\Finanzen
2015-01-15 18:59 - 2013-07-13 08:36 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 18:46 - 2011-11-18 19:58 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 05:55 - 2014-06-15 19:34 - 00000000 ____D () C:\Users\XXXX XXXX\AppData\Local\gtk-2.0
2015-01-13 05:55 - 2012-08-29 10:11 - 00000000 ____D () C:\Users\XXXX XXXX\.gimp-2.8
2015-01-08 09:55 - 2011-11-15 21:40 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 18:47 - 2012-03-23 13:19 - 00000000 ____D () C:\Users\XXXX XXXX\Documents\Cellula
2015-01-03 15:28 - 2012-03-11 19:16 - 00000000 ____D () C:\Users\XXXX XXXX\Documents\ERGO
2015-01-03 10:51 - 2012-03-11 19:16 - 00000000 ____D () C:\Users\XXXX XXXX\Documents\SP

==================== Files in the root of some directories =======

2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\XXXX XXXX\AppData\Roaming\FMLW
2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\XXXX XXXX\AppData\Roaming\MLSC
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\XXXX XXXX\AppData\Roaming\NWAUR
2014-06-28 07:10 - 2014-07-23 21:30 - 14159872 _____ () C:\Users\XXXX XXXX\AppData\Roaming\Sandra.mdb
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\XXXX XXXX\AppData\Roaming\UHTQPK
2015-01-30 20:51 - 2015-01-30 20:51 - 0000600 _____ () C:\Users\XXXX XXXX\AppData\Roaming\winscp.rnd
2012-04-20 18:28 - 2014-07-07 01:20 - 0006656 _____ () C:\Users\XXXX XXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-22 21:07 - 2014-09-22 21:07 - 0001482 _____ () C:\Users\XXXX XXXX\AppData\Local\RecConfig.xml
2015-01-13 05:55 - 2015-01-13 05:55 - 0009429 _____ () C:\Users\XXXX XXXX\AppData\Local\recently-used.xbel
2013-08-12 21:15 - 2013-08-12 21:15 - 0007603 _____ () C:\Users\XXXX XXXX\AppData\Local\Resmon.ResmonCfg
2012-03-31 10:26 - 2012-03-31 10:26 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-11-13 22:53 - 2011-11-13 22:57 - 0008282 _____ () C:\ProgramData\ArcadeDeluxe3.log
2014-09-22 19:19 - 2014-10-06 19:45 - 0008737 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-31 13:31

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by XXXXX XXXXX at 2015-02-01 09:00:56
Running from C:\Users\XXXXX XXXXX\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.7112 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.0.7112 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.29 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.124.1120 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.124.1120 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3004 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.2009.1217 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3000 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.103 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}) (Version: 1.4.17.35005 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.4.17.35005 - Alcor Micro Corp.) Hidden
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
Alle meine Passworte 4.13 (HKLM\...\AllemeinePassworte) (Version:  - Mirko Böer)
Allway Sync version 12.16.9 (HKLM-x32\...\Allway Sync_is1) (Version:  - Botkind Inc)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1105 - Alps Electric)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{11F38253-8940-FFDA-D131-B14120C357E4}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avi2Dvd 0.6.4 (HKLM-x32\...\Avi2Dvd) (Version: 0.6.4 - TrustFm)
Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Backup Manager Basic (x32 Version: 2.0.0.29 - NewTech Infosystems) Hidden
BatteryCare 0.9.10.0 (HKLM-x32\...\{C6A6036D-FBD0-4324-BEAA-C0845257160C}_is1) (Version: 0.9.10.0 - Filipe Lourenço)
BitTorrent (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\BitTorrent) (Version: 7.9.2.31638 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Booster-Web (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Booster-Web) (Version: 4 - ${CompanyName})
Broadcom Gigabit NetLink Controller (HKLM\...\{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}) (Version: 12.33.03 - Broadcom Corporation)
Canon MP160 Benutzerregistrierung (HKLM-x32\...\Canon MP160 Benutzerregistrierung) (Version:  - )
ccc-core-static (x32 Version: 2009.1209.2335.42329 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP)
Chandler 1.0.3 (HKLM-x32\...\Chandler) (Version: 1.0.3 - Open Source Applications Foundation)
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)
CoreAAC Audio Decoder (remove only) (HKLM-x32\...\CoreAAC Audio Decoder) (Version:  - )
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
EinsteinBrainTrainer (remove only) (HKLM-x32\...\EinsteinBrainTrainer) (Version:  - )
Ekahau HeatMapper (HKLM\...\Heatmapper-1.1.4.39795) (Version: 1.1.4.39795 - Ekahau Inc.)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
ffdshow [rev 3299] [2010-03-03] (HKLM-x32\...\ffdshow_is1) (Version: 1.0.0.3299 - )
Fiat eco:Drive (HKLM-x32\...\com.fiat.convergence.385E4263E7379A5D22A7076E99B02868EFF10711.1) (Version: 2.0.2 - Fiat Group Automobiles)
Fiat eco:Drive (x32 Version: 2.0.2 - Fiat Group Automobiles) Hidden
First Class Flurry (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}) (Version:  - Oberon Media)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.105.325 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.3.321 - Foxit Corporation)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free DVD Video Burner version 3.0.4.426 (HKLM-x32\...\Free DVD Video Burner_is1) (Version:  - DVDVideoSoft Limited.)
Free System Utilities (HKLM-x32\...\{ad2818b3-1616-4ec8-855d-be6936103e5a}) (Version: 1.1.0.70 - Covus Freemium GmbH)
Free SystemUtilities (x32 Version: 1.1.0.70 - Covus Freemium GmbH) Hidden
Free YouTube Download version 3.1.37.918 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.37.918 - DVDVideoSoft Ltd.)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0_RC_10 - )
FRITZ!Box-Fernzugang einrichten (HKLM-x32\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
FrostWire 5.3.5 (HKLM-x32\...\FrostWire 5) (Version: 5.3.5.0 - FrostWire Team)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photosmart 5520 series - Grundlegende Software für das Gerät (HKLM\...\{4F396B08-301D-4E53-A372-95A7E93ABD04}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.007 - HTC Corporation)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Join Air (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - ZTE Corporation)
Kassenbuch (HKLM-x32\...\{29531C6B-7B64-4C53-B54A-6C8AB5DE2159}) (Version: 1.0.0 - Office Consult GmbH)
K-Lite Codec Pack 9.2.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.2.0 - )
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.05 - Acer Inc.)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MediaHuman YouTube to MP3 Converter Version 3.3 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.3 - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 (KB971118) (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971118)) (Version:  - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 Language Pack - DEU (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 Language Pack - DEU) (Version:  - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MPC-HC 1.7.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.0.1 - Vitalwerks Internet Solutions LLC)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6623 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6623 - NewTech Infosystems) Hidden
O&O Defrag Free Edition (HKLM\...\{C10CAF82-9D36-4D9A-9DC0-C4549F06B519}) (Version: 14.1.431 - O&O Software GmbH)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF24 Creator 6.8.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
pomodairo (HKLM-x32\...\{EEBEA077-AB92-5083-ECB1-C15BD842D00B}) (Version: 1.9 - UNKNOWN)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Random Dresser (HKLM-x32\...\RandomDresser) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
RescueTime 2.2.1 (HKLM-x32\...\{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1) (Version:  - RescueTime.com)
Restorer2000 3.3 (HKLM-x32\...\Restorer2000_is1) (Version: 3.3 - Bitmart Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shutdown Manager (HKLM-x32\...\{C457BA5F-35F9-480C-90F8-5C91DB443A15}_is1) (Version: 2.0.7 - Daniel Höllig)
SimpleScreenshot 1.40 (HKLM-x32\...\SimpleScreenshot) (Version:  - )
SiSoftware Sandra Lite 2014.SP2a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 20.35.2014.6 - SiSoftware)
SIW version 2011.10.29 (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.10.29 - Topala Software Solutions)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Steganos Safe 14 (HKLM-x32\...\{13B7FBFB-622E-4002-8570-594798E6167D}) (Version: 14.2.2 - Steganos Software GmbH)
Steuer-Spar-Erklärung 2008 (HKLM-x32\...\{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}) (Version: 13.02.0000 - Akademische Arbeitsgemeinschaft)
Steuer-Spar-Erklärung 2009 (HKLM-x32\...\{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}) (Version: 14.01.0000 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2010 (HKLM-x32\...\{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}) (Version: 15.15 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2011 (HKLM-x32\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.18 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.14 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.12.92 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.25.123 - Akademische Arbeitsgemeinschaft)
Streamripper (Remove only) (HKLM-x32\...\Streamripper) (Version:  - )
Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten (HKLM\...\{CAD7B6DD-9C82-4D17-BAE8-3E9AE4971B90}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
Time Stamp (HKLM-x32\...\Time Stamp_is1) (Version:  - 3.23.2010-0313)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.0.0 - TP-LINK)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
Tunatic (HKLM-x32\...\Tunatic) (Version:  - )
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinPatrol (HKLM\...\{6E575124-6D34-4E65-9375-7D69468A6089}) (Version: 30.9 - BillP Studios)
WinRAR 5.10 Beta 4 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Zuzahlungsrechner (HKLM-x32\...\{B2C69E77-F209-4B63-8676-4F32B27E162B}) (Version: 3.6.0 - sfr-software-fuers-heim)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1242904208-471078349-2963378918-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\XXXXX XXXXX\AppData\Roaming\moters\supna.dll No File <==== ATTENTION

==================== Restore Points  =========================

14-01-2015 08:05:58 Windows Update
15-01-2015 18:45:05 Windows Update
16-01-2015 05:01:13 Windows Modules Installer
20-01-2015 06:35:31 Windows Update
21-01-2015 00:02:16 Windows Update
27-01-2015 20:19:44 Windows Update
31-01-2015 17:38:41 Removed Java 7 Update 67
31-01-2015 23:45:00 SteuerSparErklärung 2015 wurde installiert.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-02-01 08:39 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0CAEEB6B-A216-4E04-9EA6-AC310639FD8D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {13DABB31-ABBE-4704-8EDF-E28147F8962C} - \SMWPUpd No Task File <==== ATTENTION
Task: {23CEA58C-8E99-49B6-96E0-E0033F148659} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {26DA7882-781D-4FC9-B1A5-5F5B1F7227FE} - System32\Tasks\{6A246FB0-E753-4188-9543-22389AB30F4E} => pcalua.exe -a "C:\Users\XXXXX XXXXX\Downloads\Chandler_win_1.0.3.exe" -d "C:\Users\XXXXX XXXXX\Downloads"
Task: {331D0C36-5AAC-434D-A64B-8F53AF5F083F} - System32\Tasks\zupa3002 => C:\PROGRA~2\TabNav\zupa3002.exe
Task: {38C51694-B081-4739-8E17-069D4A49D4D4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {47C46238-A6C4-4C4B-BE85-E6E1425608CB} - System32\Tasks\{144D2C4F-2583-452B-AC74-C64839CF03CC} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller" -c -hunter
Task: {5A42985A-DC32-4FE1-8210-CA09F67316FC} - System32\Tasks\HPCustPartic.exe_{96420065-3C4E-4B3E-96DB-DB0760F51DDD} => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {5B5D6CC7-9FA7-4441-9A09-8A3C4EA669FD} - System32\Tasks\{9B880EC1-DC3B-45D7-A7BB-4E131A7A884F} => pcalua.exe -a "C:\Users\XXXXX XXXXX\Downloads\esetsmartinstaller_enu.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {5E1E681C-C0F1-4E87-8C95-38A011634E9C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {658A7160-D5FE-40D6-8358-5AC71CDD5600} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Arbeitscomputer-XXXXX XXXXX Arbeitscomputer => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: {739C86AB-D488-4894-A94A-E1C873D935C4} - System32\Tasks\{239C0599-E784-4910-B228-5D5AB8D346A6} => pcalua.exe -a "C:\Users\XXXXX XXXXX\Downloads\HiJackThis204.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {773149FF-2A04-41E8-AEF1-735F0738EC51} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {792B72B2-C51B-4379-B2AA-007529DB50F0} - System32\Tasks\{8D77E667-A31C-4EB4-B209-1E559B732CBC} => pcalua.exe -a "C:\Program Files (x86)\Canon\IJEREG\MP160\UNINST.EXE"
Task: {79995E4D-7C32-4800-8797-6893DD64333B} - System32\Tasks\{186E3D0B-D440-49E7-8F64-7917C92B0863} => pcalua.exe -a "C:\Users\XXXXX XXXXX\AppData\Roaming\omiga-plus\UninstallManager.exe" -c -ptid=obw <==== ATTENTION
Task: {7AEAE564-35D2-434E-8BC2-12BF5BC672DE} - System32\Tasks\HPCustParticipation HP Deskjet 3070 B611 series => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {7EED0456-B087-4708-8496-6474B917CECB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {92533B9B-37E7-4E54-B7DE-F8B0B255CFEE} - System32\Tasks\{4781B96F-C3F4-45CF-AB6F-C64C9AD3E88D} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{319D91C6-3D44-436C-9F79-36C0D22372DC}\setup.exe" -d "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK" -c -runfromtemp -removeonly
Task: {9C395D30-C0E5-4B3A-A232-E38DA71A3827} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A1D835EF-9220-45A2-811E-2CA5B38166BF} - System32\Tasks\hpUrlLauncher.exe_{4AF7A75F-FDE8-41B8-80D9-5C3EBC32D019} => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\utils\hpUrlLauncher.exe
Task: {A8889BDD-EEA6-44D8-85E8-4A53B4C6FFC7} - System32\Tasks\avaxvyvax => C:\Users\XXXXX XXXXX\AppData\Local\avaxvyvax\avaxvyvax.exe
Task: {B7A342C6-6ABF-492E-9250-2C92CB583846} - System32\Tasks\{A2A68590-5CAE-4C98-8B98-D18CC5E4C073} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{3DB0448D-AD82-4923-B305-D001E521A964}\setup.exe" -c -runfromtemp -l0x407 -removeonly
Task: {B99335C8-3858-4912-916A-9AC2D8DFC005} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {BBBF9E37-C1CD-4CF0-A783-CE021D6D2928} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {C3A9171A-C2B0-4DD2-90FB-60F5166A5C06} - System32\Tasks\sondhschedule => C:\Users\XXXXX
Task: {CE5325CF-BB63-4751-AB56-BD427BEAA0D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-31] (Adobe Systems Incorporated)
Task: {D8BC15BF-E6F5-4406-95E2-4C359424AE7D} - \SMW_UpdateTask_Time_333035393833303830392d5a556c6c4a5a575750414134 No Task File <==== ATTENTION
Task: {DA50F050-8700-4A90-9184-FBA2F85ECA89} - System32\Tasks\Inst_Rep => C:\Users\XXXXX XXXXX\AppData\Local\Installer\Install_24189\DCytdieamo_amodc_setup.exe [2015-01-31] ()
Task: {E36CA599-B047-467B-99AF-5E380AFECE05} - System32\Tasks\{AC797CD7-B058-4AC8-84B2-B2307D6AFF9B} => C:\Program Files (x86)\Chandler1.0.3\chandler.exe
Task: {E85DBE85-E344-4E48-A05A-ACF97445121F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {E9A74425-992C-4024-A0F4-03BCF765A15D} - \SPBIW_UpdateTask_Time_333035393833303830392d5a556c6c4a5a575750414134 No Task File <==== ATTENTION
Task: {F30712C0-5F79-4616-BFEE-8D27E1822469} - System32\Tasks\{581487AC-8AAF-40E1-A997-6B8519F0C5EC} => C:\Program Files (x86)\Chandler1.0.3\chandler.exe
Task: {FC0397BA-8222-41E7-836D-453BA55E74DB} - System32\Tasks\{2E665153-C229-4C02-9699-2F4EF08B1807} => pcalua.exe -a C:\Users\DANIEL~1\AppData\Local\Temp\InstallFlashPlayer.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2007-10-04 14:32 - 2007-10-04 14:32 - 00122880 _____ () C:\Program Files (x86)\Common Files\AAV\aavus.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BotkindSyncService => 2
MSCONFIG\Services: FoxitCloudUpdateService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NoIPDUCService4 => 2
MSCONFIG\Services: NTI IScheduleSvc => 2
MSCONFIG\Services: NTIBackupSvc => 3
MSCONFIG\Services: NTISchedulerSvc => 2
MSCONFIG\Services: OODefragAgent => 2
MSCONFIG\Services: PassThru Service => 2
MSCONFIG\Services: PDF Architect Helper Service => 2
MSCONFIG\Services: PDF Architect Service => 2
MSCONFIG\Services: SandraAgentSrv => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\Services: TomTomHOMEService => 2
MSCONFIG\Services: Updater Service => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart

========================= Accounts: ==========================

Administrator (S-1-5-21-1242904208-471078349-2963378918-500 - Administrator - Disabled)
XXXXX XXXXX (S-1-5-21-1242904208-471078349-2963378918-1000 - Administrator - Enabled) => C:\Users\XXXXX XXXXX
XXXXX (S-1-5-21-1242904208-471078349-2963378918-1003 - Limited - Enabled) => C:\Users\XXXXX
Gast (S-1-5-21-1242904208-471078349-2963378918-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1242904208-471078349-2963378918-1002 - Limited - Enabled)
Versuch (S-1-5-21-1242904208-471078349-2963378918-1004 - Administrator - Enabled) => C:\Users\Versuch

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/31/2015 05:20:22 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
  bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
  bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)


System errors:
=============
Error: (02/01/2015 08:40:11 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (02/01/2015 08:39:59 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (02/01/2015 08:39:15 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (02/01/2015 08:39:14 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (02/01/2015 08:35:41 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (02/01/2015 08:02:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SPDRIVER_1361.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (01/31/2015 11:28:38 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (01/31/2015 11:28:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (01/31/2015 11:28:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (01/31/2015 11:28:36 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.


Microsoft Office Sessions:
=========================
Error: (01/31/2015 05:20:22 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
  bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
  bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)


CodeIntegrity Errors:
===================================
  Date: 2015-02-01 08:39:15.425
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-01 08:39:15.175
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-01 08:39:14.941
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-01 08:39:14.692
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.971
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.769
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.550
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.332
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:01.069
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\DANIEL~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:00.711
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\DANIEL~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 37%
Total physical RAM: 3956.5 MB
Available physical RAM: 2463.49 MB
Total Pagefile: 7911.18 MB
Available Pagefile: 6194.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:290.05 GB) (Free:108.79 GB) NTFS
Drive d: (DATA) (Fixed) (Total:290.4 GB) (Free:285.17 GB) NTFS
Drive f: (INTENSO) (Removable) (Total:14.44 GB) (Free:14.44 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 6D48B855)
Partition 1: (Not Active) - (Size=15.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=290.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=290.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.5 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.

==================== End Of Log ============================

Bootsektor 01.02.2015 17:06
Hallo,

bitte achte darauf, dass du den Username in den Fixes wieder einsetzt!

Nachdem wir hier fertig sind, ändere bitte alle Passwörter

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKLM-x32\...\Run: [SimpleScreenshot] => C:\PROGRA~2\SSS\SIMPLESCREENSHOT.EXE
BHO: Booster-Web helper -> {B5147546-9359-4D9B-8B36-F54C54555799} -> C:\Program Files (x86)\Booster-Web\Booster-Web.dll (App LLC)
BHO-x32: Booster-Web helper -> {B5147546-9359-4D9B-8B36-F54C54555799} -> C:\Program Files (x86)\Booster-Web\Booster-Web.dll (App LLC)
FF SearchPlugin: C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\searchplugins\trovi.xml
FF Extension: Booster Web - C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\jid1-U7omKQ6kQfxMaQ@jetpack [2015-01-31]
FF Extension: Zoom It - C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{680219c9-7bbf-5dfc-84d8-33b88668b4ab} [2015-01-31]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {13DABB31-ABBE-4704-8EDF-E28147F8962C} - \SMWPUpd No Task File <==== ATTENTION
Task: {331D0C36-5AAC-434D-A64B-8F53AF5F083F} - System32\Tasks\zupa3002 => C:\PROGRA~2\TabNav\zupa3002.exe
Task: {773149FF-2A04-41E8-AEF1-735F0738EC51} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {79995E4D-7C32-4800-8797-6893DD64333B} - System32\Tasks\{186E3D0B-D440-49E7-8F64-7917C92B0863} => pcalua.exe -a "C:\Users\XXXXX XXXXX\AppData\Roaming\omiga-plus\UninstallManager.exe" -c -ptid=obw <==== ATTENTION
Task: {A8889BDD-EEA6-44D8-85E8-4A53B4C6FFC7} - System32\Tasks\avaxvyvax => C:\Users\XXXXX XXXXX\AppData\Local\avaxvyvax\avaxvyvax.exe
Task: {B99335C8-3858-4912-916A-9AC2D8DFC005} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {C3A9171A-C2B0-4DD2-90FB-60F5166A5C06} - System32\Tasks\sondhschedule => C:\Users\XXXXX
Task: {D8BC15BF-E6F5-4406-95E2-4C359424AE7D} - \SMW_UpdateTask_Time_333035393833303830392d5a556c6c4a5a575750414134 No Task File <==== ATTENTION
Task: {DA50F050-8700-4A90-9184-FBA2F85ECA89} - System32\Tasks\Inst_Rep => C:\Users\XXXXX XXXXX\AppData\Local\Installer\Install_24189\DCytdieamo_amodc_setup.exe [2015-01-31] ()
Task: {E9A74425-992C-4024-A0F4-03BCF765A15D} - \SPBIW_UpdateTask_Time_333035393833303830392d5a556c6c4a5a575750414134 No Task File <==== ATTENTION
c:\program files (x86)\sss
C:\Program Files (x86)\Booster-Web
C:\Windows\System32\Tasks\sondhschedule
C:\Windows\System32\Tasks\zupa3002
C:\Program Files (x86)\878e2246-8f7a-48fe-89f9-845dc6abbab7
C:\Program Files (x86)\ed55547d-8d98-4039-96d9-00407eb30671
C:\Program Files (x86)\38307773-d954-48f2-8127-93df0ea63e4a
C:\ProgramData\{06467b43-d78a-a739-0646-67b43d78ed0f}
C:\Users\XXXX XXXX\AppData\Local\avaxvyvax
C:\Windows\System32\Tasks\avaxvyvax
C:\Users\XXXX XXXX\AppData\Roaming\UHTQPK
C:\Users\XXXX XXXX\AppData\Roaming\NWAUR
C:\Users\XXXX XXXX\AppData\Roaming\MLSC
C:\Users\XXXX XXXX\AppData\Roaming\FMLW
C:\C:\Program Files (x86)\TabNav
C:\PROGRAM Files\COMMON files\System\SysMenu.dll
C:\Users\XXXXX XXXXX\AppData\Roaming\omiga-plus\UninstallManager.exe
C:\Users\XXXXX XXXXX\AppData\Local\Installer\Install_24189\DCytdieamo_amodc_setup.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Schritt 2
Starte noch einmal FRST.
  • Setze den Haken bei addition.txt und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop (oder in dem Verzeichnis in dem FRST liegt) gespeichert.
  • Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.

magigstar 01.02.2015 22:02
Fixlog...

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
Ran by XXXXXX XXXXXX at 2015-02-01 21:49:59 Run:2
Running from C:\Users\XXXXXX XXXXXX\Desktop
Loaded Profiles: XXXXXX XXXXXX (Available profiles: XXXXXX XXXXXX & XXXXXX & Versuch)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [SimpleScreenshot] => C:\PROGRA~2\SSS\SIMPLESCREENSHOT.EXE
BHO: Booster-Web helper -> {B5147546-9359-4D9B-8B36-F54C54555799} -> C:\Program Files (x86)\Booster-Web\Booster-Web.dll (App LLC)
BHO-x32: Booster-Web helper -> {B5147546-9359-4D9B-8B36-F54C54555799} -> C:\Program Files (x86)\Booster-Web\Booster-Web.dll (App LLC)
FF SearchPlugin: C:\Users\XXXXXX XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\searchplugins\trovi.xml
FF Extension: Booster Web - C:\Users\XXXXXX XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\jid1-U7omKQ6kQfxMaQ@jetpack [2015-01-31]
FF Extension: Zoom It - C:\Users\XXXXXX XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{680219c9-7bbf-5dfc-84d8-33b88668b4ab} [2015-01-31]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {13DABB31-ABBE-4704-8EDF-E28147F8962C} - \SMWPUpd No Task File <==== ATTENTION
Task: {331D0C36-5AAC-434D-A64B-8F53AF5F083F} - System32\Tasks\zupa3002 => C:\PROGRA~2\TabNav\zupa3002.exe
Task: {773149FF-2A04-41E8-AEF1-735F0738EC51} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {79995E4D-7C32-4800-8797-6893DD64333B} - System32\Tasks\{186E3D0B-D440-49E7-8F64-7917C92B0863} => pcalua.exe -a "C:\Users\XXXXXXX XXXXXX\AppData\Roaming\omiga-plus\UninstallManager.exe" -c -ptid=obw <==== ATTENTION
Task: {A8889BDD-EEA6-44D8-85E8-4A53B4C6FFC7} - System32\Tasks\avaxvyvax => C:\Users\XXXXXXX XXXXXX\AppData\Local\avaxvyvax\avaxvyvax.exe
Task: {B99335C8-3858-4912-916A-9AC2D8DFC005} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {C3A9171A-C2B0-4DD2-90FB-60F5166A5C06} - System32\Tasks\sondhschedule => C:\Users\XXXXX
Task: {D8BC15BF-E6F5-4406-95E2-4C359424AE7D} - \SMW_UpdateTask_Time_333035393833303830392d5a556c6c4a5a575750414134 No Task File <==== ATTENTION
Task: {DA50F050-8700-4A90-9184-FBA2F85ECA89} - System32\Tasks\Inst_Rep => C:\Users\XXXXXXX XXXXXX\AppData\Local\Installer\Install_24189\DCytdieamo_amodc_setup.exe [2015-01-31] ()
Task: {E9A74425-992C-4024-A0F4-03BCF765A15D} - \SPBIW_UpdateTask_Time_333035393833303830392d5a556c6c4a5a575750414134 No Task File <==== ATTENTION
c:\program files (x86)\sss
C:\Program Files (x86)\Booster-Web
C:\Windows\System32\Tasks\sondhschedule
C:\Windows\System32\Tasks\zupa3002
C:\Program Files (x86)\878e2246-8f7a-48fe-89f9-845dc6abbab7
C:\Program Files (x86)\ed55547d-8d98-4039-96d9-00407eb30671
C:\Program Files (x86)\38307773-d954-48f2-8127-93df0ea63e4a
C:\ProgramData\{06467b43-d78a-a739-0646-67b43d78ed0f}
C:\Users\XXXXXX XXXXXX\AppData\Local\avaxvyvax
C:\Windows\System32\Tasks\avaxvyvax
C:\Users\XXXXXX XXXXXX\AppData\Roaming\UHTQPK
C:\Users\XXXXXX XXXXXX\AppData\Roaming\NWAUR
C:\Users\XXXXXX XXXXXX\AppData\Roaming\MLSC
C:\Users\XXXXXX XXXXXX\AppData\Roaming\FMLW
C:\C:\Program Files (x86)\TabNav
C:\PROGRAM Files\COMMON files\System\SysMenu.dll
C:\Users\XXXXXX XXXXXX\AppData\Roaming\omiga-plus\UninstallManager.exe
C:\Users\XXXXXX XXXXXX\AppData\Local\Installer\Install_24189\DCytdieamo_amodc_setup.exe
       
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SimpleScreenshot => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B5147546-9359-4D9B-8B36-F54C54555799}" => Key deleted successfully.
"HKCR\CLSID\{B5147546-9359-4D9B-8B36-F54C54555799}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B5147546-9359-4D9B-8B36-F54C54555799}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{B5147546-9359-4D9B-8B36-F54C54555799}" => Key deleted successfully.
C:\Users\XXXXXX XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\searchplugins\trovi.xml => Moved successfully.
C:\Users\XXXXXX XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\jid1-U7omKQ6kQfxMaQ@jetpack => Moved successfully.
C:\Users\XXXXXX XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{680219c9-7bbf-5dfc-84d8-33b88668b4ab} => Moved successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1242904208-471078349-2963378918-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{13DABB31-ABBE-4704-8EDF-E28147F8962C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13DABB31-ABBE-4704-8EDF-E28147F8962C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWPUpd" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{331D0C36-5AAC-434D-A64B-8F53AF5F083F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{331D0C36-5AAC-434D-A64B-8F53AF5F083F}" => Key deleted successfully.
C:\Windows\System32\Tasks\zupa3002 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\zupa3002" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{773149FF-2A04-41E8-AEF1-735F0738EC51}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{773149FF-2A04-41E8-AEF1-735F0738EC51}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\SMupdate2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79995E4D-7C32-4800-8797-6893DD64333B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79995E4D-7C32-4800-8797-6893DD64333B}" => Key deleted successfully.
C:\Windows\System32\Tasks\{186E3D0B-D440-49E7-8F64-7917C92B0863} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{186E3D0B-D440-49E7-8F64-7917C92B0863}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8889BDD-EEA6-44D8-85E8-4A53B4C6FFC7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8889BDD-EEA6-44D8-85E8-4A53B4C6FFC7}" => Key deleted successfully.
C:\Windows\System32\Tasks\avaxvyvax => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avaxvyvax" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B99335C8-3858-4912-916A-9AC2D8DFC005}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B99335C8-3858-4912-916A-9AC2D8DFC005}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C3A9171A-C2B0-4DD2-90FB-60F5166A5C06}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3A9171A-C2B0-4DD2-90FB-60F5166A5C06}" => Key deleted successfully.
C:\Windows\System32\Tasks\sondhschedule => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\sondhschedule" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8BC15BF-E6F5-4406-95E2-4C359424AE7D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8BC15BF-E6F5-4406-95E2-4C359424AE7D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_333035393833303830392d5a556c6c4a5a575750414134" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA50F050-8700-4A90-9184-FBA2F85ECA89}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA50F050-8700-4A90-9184-FBA2F85ECA89}" => Key deleted successfully.
C:\Windows\System32\Tasks\Inst_Rep => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Inst_Rep" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E9A74425-992C-4024-A0F4-03BCF765A15D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9A74425-992C-4024-A0F4-03BCF765A15D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_333035393833303830392d5a556c6c4a5a575750414134" => Key deleted successfully.
"c:\program files (x86)\sss" => File/Directory not found.
C:\Program Files (x86)\Booster-Web => Moved successfully.
"C:\Windows\System32\Tasks\sondhschedule" => File/Directory not found.
"C:\Windows\System32\Tasks\zupa3002" => File/Directory not found.
C:\Program Files (x86)\878e2246-8f7a-48fe-89f9-845dc6abbab7 => Moved successfully.
C:\Program Files (x86)\ed55547d-8d98-4039-96d9-00407eb30671 => Moved successfully.
C:\Program Files (x86)\38307773-d954-48f2-8127-93df0ea63e4a => Moved successfully.
C:\ProgramData\{06467b43-d78a-a739-0646-67b43d78ed0f} => Moved successfully.
C:\Users\XXXXXX XXXXXX\AppData\Local\avaxvyvax => Moved successfully.
"C:\Windows\System32\Tasks\avaxvyvax" => File/Directory not found.
C:\Users\XXXXXX XXXXXX\AppData\Roaming\UHTQPK => Moved successfully.
C:\Users\XXXXXX XXXXXX\AppData\Roaming\NWAUR => Moved successfully.
C:\Users\XXXXXX XXXXXX\AppData\Roaming\MLSC => Moved successfully.
C:\Users\XXXXXX XXXXXX\AppData\Roaming\FMLW => Moved successfully.
"C:\C:\Program Files (x86)\TabNav" => File/Directory not found.
C:\PROGRAM Files\COMMON files\System\SysMenu.dll => Moved successfully.
"C:\Users\XXXXXX XXXXXX\AppData\Roaming\omiga-plus\UninstallManager.exe" => File/Directory not found.
C:\Users\XXXXXX XXXXXX\AppData\Local\Installer\Install_24189\DCytdieamo_amodc_setup.exe => Moved successfully.

==== End of Fixlog 21:50:00 ====
FRST:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by XXXXXX XXXXXX (administrator) on ARBEITSCOMPUTER on 01-02-2015 21:52:07
Running from C:\Users\XXXXXX XXXXXX\Desktop
Loaded Profiles: XXXXXX XXXXXX (Available profiles: XXXXXX XXXXXX & XXXXXX & Versuch)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Common Files\AAV\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Windows\snuvcdsm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\PLFSetI.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(RescueTime, Inc.) C:\Program Files (x86)\RescueTime\RescueTime.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mirko Böer) C:\Program Files\AmP\AmP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SNUVCDSM] => C:\Windows\snuvcdsm.exe [30080 2011-01-13] ()
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-29] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetL] => C:\Windows\PLFSetL.exe [99712 2011-01-13] (Sonix Technology Co., Ltd.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2011-11-13] ()
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-11] (Egis Technology Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-07-22] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-02] (Dritek System Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-23] (BillP Studios)
Startup: C:\Users\XXXXXX XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk
ShortcutTarget: RescueTime.lnk -> C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1242904208-471078349-2963378918-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: unissales -> {7e0aaab3-ba7d-4a2d-b1e6-4289ce4d1b1e} -> C:\Program Files (x86)\unissales\9vFbOLvEX4RE1d.x64.dll No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\XXXXXX XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: Zoom It - C:\Users\XXXXXX XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{f3ed9e96-8429-593c-c858-ebf7b2bc0864} [2015-02-01]
FF Extension: LeechBlock - C:\Users\XXXXXX XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2014-12-07]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7F3C43B3-690F-4276-959F-1C74A797CA2A&SearchSource=55&CUI=&UM=8&UP=SP9050A32E-D786-4A42-9E49-5663C4588ECE&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7F3C43B3-690F-4276-959F-1C74A797CA2A&SearchSource=55&CUI=&UM=8&UP=SP9050A32E-D786-4A42-9E49-5663C4588ECE&SSPV="
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (Google Präsentationen) - C:\Users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-01]
CHR Extension: (Google Docs) - C:\Users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-25]
CHR Extension: (Google Drive) - C:\Users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-26]
CHR Extension: (YouTube) - C:\Users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-25]
CHR Extension: (Google-Suche) - C:\Users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-25]
CHR Extension: (Google Tabellen) - C:\Users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-01]
CHR Extension: (Avira Browserschutz) - C:\Users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-26]
CHR Extension: (Google Wallet) - C:\Users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-26]
CHR Extension: (Google Mail) - C:\Users\XXXXXX XXXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-25]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Common Files\AAV\aavus.exe [122880 2007-10-04] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
S4 BotkindSyncService; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [182784 2013-10-10] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S4 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241704 2014-03-25] (Foxit Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-11] (Egis Technology Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 NoIPDUCService4; C:\Program Files (x86)\No-IP\ducservice.exe [11264 2013-01-24] () [File not signed]
S4 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3051848 2011-01-25] (O&O Software GmbH)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] () [File not signed]
S4 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S4 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) [File not signed]
S4 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe [72344 2008-05-19] (SiSoftware) [File not signed]
S4 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [247152 2010-04-27] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 EkaProt6; C:\Windows\System32\DRIVERS\ekaprot6.sys [27288 2012-03-23] (Ekahau Inc.)
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [109144 2014-01-30] (Softwareentwicklung Remus - ArchiCrypt - )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806592 2011-01-13] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 21:52 - 2015-02-01 21:52 - 00020391 _____ () C:\Users\XXXXXX XXXXXX\Desktop\FRST.txt
2015-02-01 21:45 - 2015-02-01 21:45 - 01156136 _____ (Ruiware) C:\Users\XXXXXX XXXXXX\Downloads\wpsetup(1).exe
2015-02-01 08:55 - 2015-02-01 08:55 - 00039830 _____ () C:\ComboFix.txt
2015-02-01 01:01 - 2015-02-01 00:56 - 05611408 ____R (Swearware) C:\Users\XXXXXX XXXXXX\Desktop\ComboFix.exe
2015-02-01 00:56 - 2015-02-01 00:56 - 05611408 ____R (Swearware) C:\Users\XXXXXX XXXXXX\Downloads\ComboFix.exe
2015-02-01 00:46 - 2015-02-01 00:46 - 00000249 _____ () C:\Users\XXXXXX XXXXXX\Desktop\Link.URL
2015-01-31 23:47 - 2015-01-31 23:51 - 00002169 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2015.lnk
2015-01-31 20:29 - 2015-01-31 20:29 - 00000269 _____ () C:\Users\XXXXXX XXXXXX\Desktop\FREELETICS.URL
2015-01-31 17:50 - 2015-02-01 08:59 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Desktop\FRST-OlderVersion
2015-01-31 17:48 - 2015-01-31 17:48 - 00000337 _____ () C:\Users\XXXXXX XXXXXX\Desktop\Samsung Tab - kein Speicherplatz - Android-Hilfe.de.URL
2015-01-31 17:00 - 2015-01-31 17:01 - 00001671 _____ () C:\Users\XXXXXX XXXXXX\Desktop\JRT.txt
2015-01-31 16:55 - 2015-01-31 16:55 - 00057200 _____ () C:\Users\XXXXXX XXXXXX\Desktop\Malwarebytes Anti-Malware.txt
2015-01-31 15:22 - 2015-01-31 15:22 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-31 15:03 - 2015-01-31 15:03 - 02194432 _____ () C:\Users\XXXXXX XXXXXX\Desktop\AdwCleaner_4.109.exe
2015-01-31 15:03 - 2015-01-31 15:03 - 01707939 _____ (Thisisu) C:\Users\XXXXXX XXXXXX\Desktop\JRT.exe
2015-01-31 11:33 - 2015-01-31 11:33 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Documents\TokensBackup
2015-01-31 10:12 - 2015-02-01 08:59 - 02131456 _____ (Farbar) C:\Users\XXXXXX XXXXXX\Desktop\FRST64.exe
2015-01-31 10:10 - 2015-01-31 10:10 - 00001101 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-31 09:43 - 2015-01-31 09:46 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Desktop\Ordnung
2015-01-31 09:35 - 2015-01-31 09:35 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Booster-Web
2015-01-31 09:34 - 2015-01-31 10:01 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Roaming\Booster-Web
2015-01-31 09:32 - 2015-01-31 09:32 - 00001117 _____ () C:\Users\XXXXXX XXXXXX\Desktop\Continue installation .lnk
2015-01-31 09:31 - 2015-01-31 09:31 - 00000000 ____D () C:\ProgramData\SearchModulePlus
2015-01-31 09:06 - 2015-01-31 17:44 - 00000000 ____D () C:\Program Files (x86)\Hearthstone Stream Browser
2015-01-31 09:06 - 2015-01-31 09:06 - 00000000 ____D () C:\Windows\SysWOW64\AMD64
2015-01-31 08:57 - 2015-01-31 08:57 - 01191200 _____ () C:\Users\XXXXXX XXXXXX\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2015-01-31 08:52 - 2014-12-14 10:53 - 00378640 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll
2015-01-31 08:52 - 2014-12-14 10:53 - 00332568 _____ (CartCrunch Israel Ltd.) C:\Windows\SysWOW64\ColorMedia.dll
2015-01-30 20:51 - 2015-01-30 20:51 - 00000600 _____ () C:\Users\XXXXXX XXXXXX\AppData\Roaming\winscp.rnd
2015-01-30 20:08 - 2015-01-30 20:08 - 00000000 ____D () C:\Users\Versuch\AppData\Roaming\PDF Architect
2015-01-30 20:08 - 2015-01-30 20:08 - 00000000 ____D () C:\Users\Versuch\AppData\Local\IsolatedStorage
2015-01-30 19:16 - 2015-01-30 19:17 - 00000000 ____D () C:\Users\Versuch\AppData\OICE_15_974FA576_32C1D314_2072
2015-01-27 21:08 - 2015-02-01 21:31 - 00005190 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Arbeitscomputer-XXXXXX XXXXXX Arbeitscomputer
2015-01-20 06:34 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-20 06:34 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-20 06:34 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-20 06:34 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-20 06:34 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-20 06:34 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-20 06:34 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 08:06 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:06 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:06 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 08:06 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:06 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 08:06 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 05:55 - 2015-01-13 05:55 - 00009429 _____ () C:\Users\XXXXXX XXXXXX\AppData\Local\recently-used.xbel

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 21:52 - 2014-08-21 20:10 - 00000000 ____D () C:\FRST
2015-02-01 21:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-02-01 21:17 - 2012-09-20 04:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-01 21:17 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-01 21:17 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-01 21:12 - 2011-11-13 21:43 - 01403085 _____ () C:\Windows\WindowsUpdate.log
2015-02-01 21:08 - 2014-06-18 08:20 - 00027853 _____ () C:\Windows\setupact.log
2015-02-01 21:08 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-01 12:05 - 2012-08-14 18:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-01 11:54 - 2012-03-25 11:40 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Documents\Steuerfälle
2015-02-01 08:55 - 2014-08-24 12:03 - 00000000 ____D () C:\Qoobox
2015-02-01 08:50 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-01 08:41 - 2014-06-20 13:07 - 00112126 _____ () C:\Windows\PFRO.log
2015-02-01 08:40 - 2013-10-13 19:47 - 00000000 ____D () C:\Windows\erdnt
2015-02-01 08:40 - 2009-07-14 03:34 - 24379392 _____ () C:\Windows\system32\config\system.bak
2015-02-01 08:40 - 2009-07-14 03:34 - 113508352 _____ () C:\Windows\system32\config\software.bak
2015-02-01 08:40 - 2009-07-14 03:34 - 05505024 _____ () C:\Windows\system32\config\default.bak
2015-02-01 08:40 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-02-01 08:40 - 2009-07-14 03:34 - 00032768 _____ () C:\Windows\system32\config\security.bak
2015-02-01 08:39 - 2009-11-05 01:49 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-01-31 23:47 - 2012-03-25 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps
2015-01-31 23:47 - 2012-03-25 11:26 - 00000000 ____D () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft
2015-01-31 17:39 - 2013-09-19 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-31 17:39 - 2012-03-11 02:08 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-31 17:19 - 2011-11-14 06:15 - 00000000 ____D () C:\Windows\Lan
2015-01-31 15:24 - 2014-08-05 14:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-31 15:22 - 2014-08-05 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-31 15:22 - 2014-08-05 14:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-31 15:08 - 2014-11-16 12:18 - 00001025 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-31 15:08 - 2014-11-16 12:18 - 00001013 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-31 15:08 - 2014-10-25 07:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-31 15:08 - 2014-08-24 18:36 - 00000000 ____D () C:\AdwCleaner
2015-01-31 15:08 - 2011-11-20 15:41 - 00001021 _____ () C:\Users\XXXXXX XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-31 10:10 - 2014-08-06 10:55 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-31 10:10 - 2013-02-24 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-31 10:09 - 2013-02-24 19:39 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-31 09:44 - 2014-08-07 20:56 - 02931200 ___SH () C:\Users\XXXXXX XXXXXX\Desktop\Thumbs.db
2015-01-31 07:56 - 2014-08-15 15:44 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Local\Adobe
2015-01-31 07:56 - 2012-04-02 19:28 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-31 07:56 - 2012-04-02 19:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-31 07:56 - 2011-11-15 21:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-30 19:03 - 2014-09-10 06:10 - 00000000 ____D () C:\Users\Versuch\AppData\Roaming\SimpleScreenshot
2015-01-27 20:12 - 2014-11-10 20:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 06:18 - 2014-11-16 12:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 07:21 - 2012-06-10 14:07 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Documents\Bewerbungen
2015-01-25 17:19 - 2011-11-14 06:34 - 00702664 _____ () C:\Windows\system32\perfh007.dat
2015-01-25 17:19 - 2011-11-14 06:34 - 00151424 _____ () C:\Windows\system32\perfc007.dat
2015-01-25 17:19 - 2009-07-14 06:13 - 01629998 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-23 21:11 - 2013-11-02 09:43 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Roaming\Skype
2015-01-20 14:50 - 2014-09-10 06:09 - 00000000 ____D () C:\Users\Versuch
2015-01-20 14:50 - 2013-05-22 21:33 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Local\RescueTime.com
2015-01-20 14:50 - 2012-03-30 17:57 - 00000000 ____D () C:\Users\XXXXXX
2015-01-20 14:50 - 2011-12-01 21:23 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-01-20 14:50 - 2011-11-20 16:01 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Roaming\SimpleScreenshot
2015-01-20 14:50 - 2009-11-05 01:26 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-20 14:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-20 06:21 - 2011-11-13 22:46 - 00000000 ____D () C:\Users\XXXXXX XXXXXX
2015-01-18 20:07 - 2012-04-07 11:49 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Documents\Finanzen
2015-01-15 18:59 - 2013-07-13 08:36 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 18:46 - 2011-11-18 19:58 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 05:55 - 2014-06-15 19:34 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Local\gtk-2.0
2015-01-13 05:55 - 2012-08-29 10:11 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\.gimp-2.8
2015-01-08 09:55 - 2011-11-15 21:40 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 18:47 - 2012-03-23 13:19 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Documents\Cellula
2015-01-03 15:28 - 2012-03-11 19:16 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Documents\ERGO
2015-01-03 10:51 - 2012-03-11 19:16 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Documents\SP

==================== Files in the root of some directories =======

2014-06-28 07:10 - 2014-07-23 21:30 - 14159872 _____ () C:\Users\XXXXXX XXXXXX\AppData\Roaming\Sandra.mdb
2015-01-30 20:51 - 2015-01-30 20:51 - 0000600 _____ () C:\Users\XXXXXX XXXXXX\AppData\Roaming\winscp.rnd
2012-04-20 18:28 - 2014-07-07 01:20 - 0006656 _____ () C:\Users\XXXXXX XXXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-22 21:07 - 2014-09-22 21:07 - 0001482 _____ () C:\Users\XXXXXX XXXXXX\AppData\Local\RecConfig.xml
2015-01-13 05:55 - 2015-01-13 05:55 - 0009429 _____ () C:\Users\XXXXXX XXXXXX\AppData\Local\recently-used.xbel
2013-08-12 21:15 - 2013-08-12 21:15 - 0007603 _____ () C:\Users\XXXXXX XXXXXX\AppData\Local\Resmon.ResmonCfg
2012-03-31 10:26 - 2012-03-31 10:26 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-11-13 22:53 - 2011-11-13 22:57 - 0008282 _____ () C:\ProgramData\ArcadeDeluxe3.log
2014-09-22 19:19 - 2014-10-06 19:45 - 0008737 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\XXXXXX XXXXXX\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-31 13:31

==================== End Of Log ============================
--- --- ---

--- --- ---




Addition:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by XXXXXX XXXXXX at 2015-02-01 21:53:33
Running from C:\Users\XXXXXX XXXXXX\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.7112 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.0.7112 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.29 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.124.1120 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.124.1120 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3004 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.2009.1217 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3000 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.103 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}) (Version: 1.4.17.35005 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.4.17.35005 - Alcor Micro Corp.) Hidden
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
Alle meine Passworte 4.13 (HKLM\...\AllemeinePassworte) (Version:  - Mirko Böer)
Allway Sync version 12.16.9 (HKLM-x32\...\Allway Sync_is1) (Version:  - Botkind Inc)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1105 - Alps Electric)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{11F38253-8940-FFDA-D131-B14120C357E4}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avi2Dvd 0.6.4 (HKLM-x32\...\Avi2Dvd) (Version: 0.6.4 - TrustFm)
Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Backup Manager Basic (x32 Version: 2.0.0.29 - NewTech Infosystems) Hidden
BatteryCare 0.9.10.0 (HKLM-x32\...\{C6A6036D-FBD0-4324-BEAA-C0845257160C}_is1) (Version: 0.9.10.0 - Filipe Lourenço)
BitTorrent (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\BitTorrent) (Version: 7.9.2.31638 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Booster-Web (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Booster-Web) (Version: 4 - ${CompanyName})
Broadcom Gigabit NetLink Controller (HKLM\...\{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}) (Version: 12.33.03 - Broadcom Corporation)
Canon MP160 Benutzerregistrierung (HKLM-x32\...\Canon MP160 Benutzerregistrierung) (Version:  - )
ccc-core-static (x32 Version: 2009.1209.2335.42329 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP)
Chandler 1.0.3 (HKLM-x32\...\Chandler) (Version: 1.0.3 - Open Source Applications Foundation)
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)
CoreAAC Audio Decoder (remove only) (HKLM-x32\...\CoreAAC Audio Decoder) (Version:  - )
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
EinsteinBrainTrainer (remove only) (HKLM-x32\...\EinsteinBrainTrainer) (Version:  - )
Ekahau HeatMapper (HKLM\...\Heatmapper-1.1.4.39795) (Version: 1.1.4.39795 - Ekahau Inc.)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
ffdshow [rev 3299] [2010-03-03] (HKLM-x32\...\ffdshow_is1) (Version: 1.0.0.3299 - )
Fiat eco:Drive (HKLM-x32\...\com.fiat.convergence.385E4263E7379A5D22A7076E99B02868EFF10711.1) (Version: 2.0.2 - Fiat Group Automobiles)
Fiat eco:Drive (x32 Version: 2.0.2 - Fiat Group Automobiles) Hidden
First Class Flurry (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}) (Version:  - Oberon Media)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.105.325 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.3.321 - Foxit Corporation)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free DVD Video Burner version 3.0.4.426 (HKLM-x32\...\Free DVD Video Burner_is1) (Version:  - DVDVideoSoft Limited.)
Free System Utilities (HKLM-x32\...\{ad2818b3-1616-4ec8-855d-be6936103e5a}) (Version: 1.1.0.70 - Covus Freemium GmbH)
Free SystemUtilities (x32 Version: 1.1.0.70 - Covus Freemium GmbH) Hidden
Free YouTube Download version 3.1.37.918 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.37.918 - DVDVideoSoft Ltd.)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0_RC_10 - )
FRITZ!Box-Fernzugang einrichten (HKLM-x32\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
FrostWire 5.3.5 (HKLM-x32\...\FrostWire 5) (Version: 5.3.5.0 - FrostWire Team)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photosmart 5520 series - Grundlegende Software für das Gerät (HKLM\...\{4F396B08-301D-4E53-A372-95A7E93ABD04}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.007 - HTC Corporation)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Join Air (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - ZTE Corporation)
Kassenbuch (HKLM-x32\...\{29531C6B-7B64-4C53-B54A-6C8AB5DE2159}) (Version: 1.0.0 - Office Consult GmbH)
K-Lite Codec Pack 9.2.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.2.0 - )
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.05 - Acer Inc.)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MediaHuman YouTube to MP3 Converter Version 3.3 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.3 - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 (KB971118) (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971118)) (Version:  - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 Language Pack - DEU (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 Language Pack - DEU) (Version:  - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MPC-HC 1.7.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.0.1 - Vitalwerks Internet Solutions LLC)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6623 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6623 - NewTech Infosystems) Hidden
O&O Defrag Free Edition (HKLM\...\{C10CAF82-9D36-4D9A-9DC0-C4549F06B519}) (Version: 14.1.431 - O&O Software GmbH)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF24 Creator 6.8.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
pomodairo (HKLM-x32\...\{EEBEA077-AB92-5083-ECB1-C15BD842D00B}) (Version: 1.9 - UNKNOWN)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Random Dresser (HKLM-x32\...\RandomDresser) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
RescueTime 2.2.1 (HKLM-x32\...\{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1) (Version:  - RescueTime.com)
Restorer2000 3.3 (HKLM-x32\...\Restorer2000_is1) (Version: 3.3 - Bitmart Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shutdown Manager (HKLM-x32\...\{C457BA5F-35F9-480C-90F8-5C91DB443A15}_is1) (Version: 2.0.7 - Daniel Höllig)
SimpleScreenshot 1.40 (HKLM-x32\...\SimpleScreenshot) (Version:  - )
SiSoftware Sandra Lite 2014.SP2a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 20.35.2014.6 - SiSoftware)
SIW version 2011.10.29 (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.10.29 - Topala Software Solutions)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Steganos Safe 14 (HKLM-x32\...\{13B7FBFB-622E-4002-8570-594798E6167D}) (Version: 14.2.2 - Steganos Software GmbH)
Steuer-Spar-Erklärung 2008 (HKLM-x32\...\{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}) (Version: 13.02.0000 - Akademische Arbeitsgemeinschaft)
Steuer-Spar-Erklärung 2009 (HKLM-x32\...\{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}) (Version: 14.01.0000 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2010 (HKLM-x32\...\{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}) (Version: 15.15 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2011 (HKLM-x32\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.18 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.14 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.12.92 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.25.123 - Akademische Arbeitsgemeinschaft)
Streamripper (Remove only) (HKLM-x32\...\Streamripper) (Version:  - )
Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten (HKLM\...\{CAD7B6DD-9C82-4D17-BAE8-3E9AE4971B90}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
Time Stamp (HKLM-x32\...\Time Stamp_is1) (Version:  - 3.23.2010-0313)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.0.0 - TP-LINK)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
Tunatic (HKLM-x32\...\Tunatic) (Version:  - )
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinPatrol (HKLM\...\{6E575124-6D34-4E65-9375-7D69468A6089}) (Version: 30.9 - BillP Studios)
WinRAR 5.10 Beta 4 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Zuzahlungsrechner (HKLM-x32\...\{B2C69E77-F209-4B63-8676-4F32B27E162B}) (Version: 3.6.0 - sfr-software-fuers-heim)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1242904208-471078349-2963378918-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\XXXXXX XXXXXX\AppData\Roaming\moters\supna.dll No File <==== ATTENTION

==================== Restore Points  =========================

14-01-2015 08:05:58 Windows Update
15-01-2015 18:45:05 Windows Update
16-01-2015 05:01:13 Windows Modules Installer
20-01-2015 06:35:31 Windows Update
21-01-2015 00:02:16 Windows Update
27-01-2015 20:19:44 Windows Update
31-01-2015 17:38:41 Removed Java 7 Update 67
31-01-2015 23:45:00 SteuerSparErklärung 2015 wurde installiert.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-02-01 08:39 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0CAEEB6B-A216-4E04-9EA6-AC310639FD8D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {23CEA58C-8E99-49B6-96E0-E0033F148659} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {26DA7882-781D-4FC9-B1A5-5F5B1F7227FE} - System32\Tasks\{6A246FB0-E753-4188-9543-22389AB30F4E} => pcalua.exe -a "C:\Users\XXXXXX XXXXXX\Downloads\Chandler_win_1.0.3.exe" -d "C:\Users\XXXXXX XXXXXX\Downloads"
Task: {38C51694-B081-4739-8E17-069D4A49D4D4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {47C46238-A6C4-4C4B-BE85-E6E1425608CB} - System32\Tasks\{144D2C4F-2583-452B-AC74-C64839CF03CC} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller" -c -hunter
Task: {5A42985A-DC32-4FE1-8210-CA09F67316FC} - System32\Tasks\HPCustPartic.exe_{96420065-3C4E-4B3E-96DB-DB0760F51DDD} => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {5B5D6CC7-9FA7-4441-9A09-8A3C4EA669FD} - System32\Tasks\{9B880EC1-DC3B-45D7-A7BB-4E131A7A884F} => pcalua.exe -a "C:\Users\XXXXXX XXXXXX\Downloads\esetsmartinstaller_enu.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {5E1E681C-C0F1-4E87-8C95-38A011634E9C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {658A7160-D5FE-40D6-8358-5AC71CDD5600} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Arbeitscomputer-XXXXXX XXXXXX Arbeitscomputer => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: {739C86AB-D488-4894-A94A-E1C873D935C4} - System32\Tasks\{239C0599-E784-4910-B228-5D5AB8D346A6} => pcalua.exe -a "C:\Users\XXXXXX XXXXXX\Downloads\HiJackThis204.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {792B72B2-C51B-4379-B2AA-007529DB50F0} - System32\Tasks\{8D77E667-A31C-4EB4-B209-1E559B732CBC} => pcalua.exe -a "C:\Program Files (x86)\Canon\IJEREG\MP160\UNINST.EXE"
Task: {7AEAE564-35D2-434E-8BC2-12BF5BC672DE} - System32\Tasks\HPCustParticipation HP Deskjet 3070 B611 series => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {7EED0456-B087-4708-8496-6474B917CECB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {92533B9B-37E7-4E54-B7DE-F8B0B255CFEE} - System32\Tasks\{4781B96F-C3F4-45CF-AB6F-C64C9AD3E88D} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{319D91C6-3D44-436C-9F79-36C0D22372DC}\setup.exe" -d "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK" -c -runfromtemp -removeonly
Task: {9C395D30-C0E5-4B3A-A232-E38DA71A3827} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A1D835EF-9220-45A2-811E-2CA5B38166BF} - System32\Tasks\hpUrlLauncher.exe_{4AF7A75F-FDE8-41B8-80D9-5C3EBC32D019} => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\utils\hpUrlLauncher.exe
Task: {B7A342C6-6ABF-492E-9250-2C92CB583846} - System32\Tasks\{A2A68590-5CAE-4C98-8B98-D18CC5E4C073} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{3DB0448D-AD82-4923-B305-D001E521A964}\setup.exe" -c -runfromtemp -l0x407 -removeonly
Task: {BBBF9E37-C1CD-4CF0-A783-CE021D6D2928} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {CE5325CF-BB63-4751-AB56-BD427BEAA0D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-31] (Adobe Systems Incorporated)
Task: {E36CA599-B047-467B-99AF-5E380AFECE05} - System32\Tasks\{AC797CD7-B058-4AC8-84B2-B2307D6AFF9B} => C:\Program Files (x86)\Chandler1.0.3\chandler.exe
Task: {E85DBE85-E344-4E48-A05A-ACF97445121F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {F30712C0-5F79-4616-BFEE-8D27E1822469} - System32\Tasks\{581487AC-8AAF-40E1-A997-6B8519F0C5EC} => C:\Program Files (x86)\Chandler1.0.3\chandler.exe
Task: {FC0397BA-8222-41E7-836D-453BA55E74DB} - System32\Tasks\{2E665153-C229-4C02-9699-2F4EF08B1807} => pcalua.exe -a C:\Users\DANIEL~1\AppData\Local\Temp\InstallFlashPlayer.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2007-10-04 14:32 - 2007-10-04 14:32 - 00122880 _____ () C:\Program Files (x86)\Common Files\AAV\aavus.exe
2011-01-13 09:04 - 2011-01-13 09:04 - 00030080 _____ () C:\Windows\snuvcdsm.exe
2011-11-13 22:52 - 2011-11-13 22:51 - 00200704 _____ () C:\Windows\PLFSetI.exe
2009-07-29 13:10 - 2009-07-29 13:10 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-11-13 21:44 - 2011-11-13 21:44 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-12-28 14:38 - 2014-04-22 19:39 - 00645592 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BotkindSyncService => 2
MSCONFIG\Services: FoxitCloudUpdateService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NoIPDUCService4 => 2
MSCONFIG\Services: NTI IScheduleSvc => 2
MSCONFIG\Services: NTIBackupSvc => 3
MSCONFIG\Services: NTISchedulerSvc => 2
MSCONFIG\Services: OODefragAgent => 2
MSCONFIG\Services: PassThru Service => 2
MSCONFIG\Services: PDF Architect Helper Service => 2
MSCONFIG\Services: PDF Architect Service => 2
MSCONFIG\Services: SandraAgentSrv => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\Services: TomTomHOMEService => 2
MSCONFIG\Services: Updater Service => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart

========================= Accounts: ==========================

Administrator (S-1-5-21-1242904208-471078349-2963378918-500 - Administrator - Disabled)
XXXXXX XXXXXX (S-1-5-21-1242904208-471078349-2963378918-1000 - Administrator - Enabled) => C:\Users\XXXXXX XXXXXX
XXXXXX (S-1-5-21-1242904208-471078349-2963378918-1003 - Limited - Enabled) => C:\Users\XXXXXX
Gast (S-1-5-21-1242904208-471078349-2963378918-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1242904208-471078349-2963378918-1002 - Limited - Enabled)
Versuch (S-1-5-21-1242904208-471078349-2963378918-1004 - Administrator - Enabled) => C:\Users\Versuch

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/01/2015 09:09:18 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
  bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
  bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (01/31/2015 05:20:22 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
  bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
  bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)


System errors:
=============
Error: (02/01/2015 09:17:29 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (02/01/2015 08:40:11 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (02/01/2015 08:39:59 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (02/01/2015 08:39:15 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (02/01/2015 08:39:14 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (02/01/2015 08:35:41 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (02/01/2015 08:02:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SPDRIVER_1361.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (01/31/2015 11:28:38 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (01/31/2015 11:28:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (01/31/2015 11:28:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.


Microsoft Office Sessions:
=========================
Error: (02/01/2015 09:09:18 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
  bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
  bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (01/31/2015 05:20:22 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
  bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
  bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)


CodeIntegrity Errors:
===================================
  Date: 2015-02-01 08:39:15.425
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-01 08:39:15.175
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-01 08:39:14.941
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-01 08:39:14.692
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.971
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.769
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.550
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.332
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:01.069
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\DANIEL~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:00.711
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\DANIEL~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 38%
Total physical RAM: 3956.5 MB
Available physical RAM: 2438.69 MB
Total Pagefile: 7911.18 MB
Available Pagefile: 5998.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:290.05 GB) (Free:108.58 GB) NTFS
Drive d: (DATA) (Fixed) (Total:290.4 GB) (Free:285.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 6D48B855)
Partition 1: (Not Active) - (Size=15.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=290.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=290.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Bootsektor 02.02.2015 23:41
Ok,

wie läuft der Rechner denn nun?

Schritt 1
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Klicke im Anschluss auf Suchlauf, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf jetzt starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Aktionen anwenden.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Wähle Exportieren auf Textdatei (.txt) und speichere die Datei als mbam.txt auf dem Desktop ab.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 2
Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern :kaffee:

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt 3
Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

magigstar 05.02.2015 21:39
Sorry, dass ich die Woche nicht da war.
Musste spontan nach Italien fliegen bzw. nach Sizilien und alles stehen und liegen lassen.

Der Computer hat immer noch ein wenig Probleme.
Auch weitere Tabs öffnen sich, wenn ich etwas anklicke.
Scheinbar ist da noch einiges dran.


Dieses Protokoll ist praktisch noch vor Deiner Hilfestellung.
Da habe ich schon Malwarebytes laufen lassen.

Ich werde Malwarebytes erneut laufen lassen und ein frisches Protokoll nachreichen


Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 31.01.2015
Suchlauf-Zeit: 15:49:23
Logdatei: Malwarebytes Anti-Malware.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.31.03
Rootkit Datenbank: v2015.01.14.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: XXXX XXXX

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 464859
Verstrichene Zeit: 1 Std, 2 Min, 43 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 34
PUP.Optional.TabNav.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{1BCB34DC-BA6D-4B44-B786-4E259598A7C8}, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4AEC2270-2E5F-40C8-BE5A-E5A5264714C0}, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{62163814-0C94-4DC3-BA99-5E9E2420C914}, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{68AEA825-D48B-4A56-87F0-6FCE988A2C48}, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7AF435BC-80A9-466E-938B-32E4482EBD65}, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{85CEBABD-A775-41E2-8B67-FE06104F06ED}, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AE92A5AB-E575-4487-BCC0-96D333E5346C}, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{CDB85458-AE08-4106-B699-B946FF4A61CD}, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E1964712-F369-4B2B-8B66-3911C3CD4F02}, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4AEC2270-2E5F-40C8-BE5A-E5A5264714C0}, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{62163814-0C94-4DC3-BA99-5E9E2420C914}, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{68AEA825-D48B-4A56-87F0-6FCE988A2C48}, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7AF435BC-80A9-466E-938B-32E4482EBD65}, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{85CEBABD-A775-41E2-8B67-FE06104F06ED}, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AE92A5AB-E575-4487-BCC0-96D333E5346C}, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{CDB85458-AE08-4106-B699-B946FF4A61CD}, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E1964712-F369-4B2B-8B66-3911C3CD4F02}, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1BCB34DC-BA6D-4B44-B786-4E259598A7C8}, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TabNav, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, , [717eb7468108f046c9f48e730401bc44],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, , [b43b9d609eebcf673389f110fc093cc4],
PUP.Optional.Cinema.A, HKLM\SOFTWARE\WOW6432NODE\CinemaP-1.4cV31.01, , [8f6068955b2e61d57c1a52454bb87b85],
PUP.Optional.Cinema.A, HKLM\SOFTWARE\WOW6432NODE\CinemaP-1.4cV31.01-nv, , [737c28d5c1c8ea4cc5d13b5c0df68080],
PUP.Optional.Cinema.A, HKLM\SOFTWARE\WOW6432NODE\CinemaP-1.4cV31.01-nv-ie, , [698698652762d1659afcdbbca45f7987],
PUP.Optional.Cinema.A, HKU\S-1-5-21-1242904208-471078349-2963378918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CinemaP-1.4cV31.01-nv, , [519e03fa4d3c58dea3f4019692714ab6],
PUP.Optional.Cinema.A, HKU\S-1-5-21-1242904208-471078349-2963378918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CinemaP-1.4cV31.01-nv-ie, , [8c6341bcef9a87afe5b21e79e41f36ca],
PUP.Optional.Softonic.A, HKU\S-1-5-21-1242904208-471078349-2963378918-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, , [ab4454a9157487af53e6a6e1ba4920e0],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1242904208-471078349-2963378918-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, , [11def508a4e5fa3c6f409004ee155ca4],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1242904208-471078349-2963378918-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, , [d51a6796068370c676390094bf448a76],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, , [44ab5e9f58311a1ccce4e67a22e106fa],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, , [44ab5e9f58311a1ccce4e67a22e106fa],
PUP.Optional.Goobzo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SMUpdPlus, , [ea0549b4f19865d1edbced7c0df6f40c],
PUP.Optional.Goobzo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Search Module Plus, , [ea0549b4f19865d1edbced7c0df6f40c],
PUP.Optional.Cinema.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CinemaP-1.4cV31.01, , [d01f32cb494031051c9af575eb1807f9],

Registrierungswerte: 1
PUP.Optional.ShopperPro, HKU\S-1-5-21-1242904208-471078349-2963378918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SPDriver, C:\Program Files (x86)\ShopperPro\JSDriver\1361.0.0.0\jsdrv.exe, , [925d6499d9b08fa7d54c0b8fc043e11f]

Registrierungsdaten: 2
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|CustomizeSearch, http://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}, Gut: (www.google.com), Schlecht: (http://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}),,[33bcd825e3a637ffb34cb9f5838248b8]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}, Gut: (www.google.com), Schlecht: (http://isearch.omiga-plus.com/web/?type=ds&ts=1422690849&from=obw&uid=TOSHIBAXMK6465GSX_51ASD39BBXX51ASD39BB&q={searchTerms}),,[648bd6272d5cb3831de3bcf341c47f81]

Ordner: 26
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.Extutil.A, C:\Users\XXXX XXXX\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, , [e20d9f5e0782a78ff8ba1e4061a28977],
PUP.Optional.Managera.A, C:\Users\XXXX XXXX\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, , [935caa531b6edf5706ad97c7a65db848],
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.215855, , [44ab5e9f58311a1ccce4e67a22e106fa],
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.262501, , [77780eef3d4c310560503b2558ab57a9],
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.55868, , [836cc13cbdcc2a0c565ab9a744bf718f],
PUP.Optional.MBot.A, C:\Program Files (x86)\mbot_de_465, , [2fc047b64544f24407ea1353b053b44c],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo, , [ea0549b4f19865d1edbced7c0df6f40c],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus, , [ea0549b4f19865d1edbced7c0df6f40c],
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro, , [2bc4e21b95f463d37937a1c842c18f71],
PUP.Optional.Cinema.A, C:\Program Files (x86)\CinemaP-1.4cV31.01, , [d01f32cb494031051c9af575eb1807f9],
PUP.Optional.SmootherWeb.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\jetpack\jid1-U7omKQ6kQfxMaQ@jetpack, , [b837f508b4d552e418b5dc99956ee21e],
PUP.Optional.SmootherWeb.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\jetpack\jid1-U7omKQ6kQfxMaQ@jetpack\simple-storage, , [b837f508b4d552e418b5dc99956ee21e],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\api, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\defaults, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\defaults\preferences, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\userCode, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\locale, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\locale\en-US, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\skin, , [658aa25baadf181e9a0b82fbba4937c9],

Dateien: 234
PUP.Optional.Nova.A, C:\Program Files (x86)\38307773-d954-48f2-8127-93df0ea63e4a\a9ef88e0-f506-4e98-ac14-3d4f63dfe73b.dll, , [856ad627b2d738feef88e71e21e1f10f],
PUP.Optional.Nova.A, C:\Program Files (x86)\878e2246-8f7a-48fe-89f9-845dc6abbab7\8d66f909-3014-4d22-9e7f-d261cf0dd56b.dll, , [fdf2c23bddac2313116656afb34fd42c],
PUP.Optional.Nova.A, C:\Program Files (x86)\878e2246-8f7a-48fe-89f9-845dc6abbab7\dbd42d83-f0c0-4bd2-926f-4759e6025efe.dll, , [529dd22be7a238fec9aeb5501fe3df21],
PUP.Optional.Nova.A, C:\Program Files (x86)\Acer\3edae5d6-b855-40ec-a07b-dac4903be76c.dll, , [1ed131cc9feaa69043349075956d17e9],
PUP.Optional.Nova.A, C:\Program Files (x86)\Acer\e3422fba-763c-4c24-89fe-8ab2ed5f0ef7.dll, , [668936c7d6b370c61067de27c141857b],
PUP.Optional.Nova.A, C:\Program Files (x86)\CinemaP-1.4cV31.01\ba5cbe1b-a00a-4d46-81e4-746cea11eaa3.dll, , [7a757984d6b393a388efcd38ed155fa1],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\CinemaP-1.4cV31.01\beddc3a5-14c1-4be6-a132-5174f13a7c15-64.exe, , [34bbb548b2d771c565516a75d1347789],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\CinemaP-1.4cV31.01\utils.exe, , [32bd15e8b5d4e74f84e699b33fc12cd4],
PUP.Optional.Nova.A, C:\Program Files (x86)\ed55547d-8d98-4039-96d9-00407eb30671\1bf076f2-6fef-4672-9735-b8e6aaaeec3b.dll, , [13dc9e5f7712a98d1562a164639fb749],
PUP.Optional.Somoto, C:\$RECYCLE.BIN\S-1-5-21-1242904208-471078349-2963378918-1000\$RVYPVX1.exe, , [24cb1de03455211503ca8c86d82a916f],
PUP.Optional.OutBrowse, C:\$RECYCLE.BIN\S-1-5-21-1242904208-471078349-2963378918-1000\$RWRW0XK.exe, , [23cc1ae3c6c3a6901844059bab5a6e92],
PUP.Optional.Conduit.A, C:\Users\XXXX XXXX\AppData\Local\Temp\SearchProtectINT.exe, , [925da15cb8d1a98dba1b3f022bd6d828],
PUP.Optional.EZDownloader.A, C:\Users\XXXX XXXX\AppData\Local\Temp\6c5CCA96\temp\EzDownloader_setup.exe, , [35baa85511782f07758c58c8b54b51af],
PUP.Optional.MultiPlug.A, C:\Users\XXXX XXXX\AppData\Local\Temp\6c5CCA96\temp\hpds_setup.exe, , [27c804f9c5c476c095982cfe38caf20e],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Local\Temp\Install_12248\ins_cr.exe, , [a946e31af59459dd40c22abc1fe2fd03],
PUP.Optional.Goobzo, C:\Users\XXXX XXXX\AppData\Local\Temp\Install_6391\ins_smk.exe, , [01eec03da7e2c07600a42c5420e5c23e],
PUP.Optional.SearchProtect, C:\Users\XXXX XXXX\AppData\Local\avaxvyvax\avaxvyvax.exe, , [13dc04f9ff8a1f174a302ee3758d3fc1],
PUP.Optional.SearchProtect.A, C:\Users\XXXX XXXX\AppData\Local\avaxvyvax\pbqrmvbub, , [bf3055a85b2ea09668ada40e40c1659b],
PUP.Optional.SearchProtect.A, C:\Windows\AppPatch\AppPatch64\VCLdr64.dll, , [86698e6f1e6b88ae65b0c5ed8e73837d],
PUP.Optional.SearchProtect.A, C:\Windows\AppPatch\nbin\VC32Loader.dll, , [cc23d924fe8b300648cd8f23e41dab55],
PUP.Optional.SearchModule.A, C:\Windows\System32\Tasks\SMWPUpd, , [10df6b925d2cdf57cce4443d13f008f8],
PUP.Optional.Flowsurf.A, C:\Windows\temp\abengine.log, , [a64995685c2da690f82bfe86e71c13ed],
PUP.Optional.ShopperPro, C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333035393833303830392d5a556c6c4a5a575750414134, , [8d62dc219feabf77f035e0b85ba8c43c],
PUP.Optional.Goobzo, C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333035393833303830392d5a556c6c4a5a575750414134, , [ed02cc31fe8b70c6fccd3e5a31d29e62],
PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, , [f3fcad505237f73fa51bd22fbd48857b],
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\abengine.dll, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\abengine.exe, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\abengine.tlb, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\abengine64.dll, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\abenginecert.dll, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\abenginep.exe, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\abenginew.exe, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\abenginewd.dll, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\file.txt, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\freebl3.dll, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\jis.exe, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\lengine.exe, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\lengine.ini, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\lengine64.exe, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\libnspr4.dll, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\libplc4.dll, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\libplds4.dll, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\list.txt, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\nss3.dll, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\nssckbi.dll, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\nssdbm3.dll, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\nssutil3.dll, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\proc.txt, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\proc2.txt, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\reg.txt, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\smime3.dll, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\softokn3.dll, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\sq.exe, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\sqlite3.dll, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\ssl3.dll, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\term.txt, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\uninstall.exe, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.TabNav.A, C:\Program Files (x86)\TabNav\zupa3002.exe, , [509f0feee1a80f27c4f071984eb73bc5],
PUP.Optional.Extutil.A, C:\Users\XXXX XXXX\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, , [e20d9f5e0782a78ff8ba1e4061a28977],
PUP.Optional.Extutil.A, C:\Users\XXXX XXXX\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, , [e20d9f5e0782a78ff8ba1e4061a28977],
PUP.Optional.Extutil.A, C:\Users\XXXX XXXX\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, , [e20d9f5e0782a78ff8ba1e4061a28977],
PUP.Optional.Managera.A, C:\Users\XXXX XXXX\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, , [935caa531b6edf5706ad97c7a65db848],
PUP.Optional.Managera.A, C:\Users\XXXX XXXX\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, , [935caa531b6edf5706ad97c7a65db848],
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.215855\GoogleCrashHandler.exe, , [44ab5e9f58311a1ccce4e67a22e106fa],
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.215855\GoogleUpdate.exe, , [44ab5e9f58311a1ccce4e67a22e106fa],
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.215855\GoogleUpdateBroker.exe, , [44ab5e9f58311a1ccce4e67a22e106fa],
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.215855\GoogleUpdateHelper.msi, , [44ab5e9f58311a1ccce4e67a22e106fa],
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.215855\GoogleUpdateOnDemand.exe, , [44ab5e9f58311a1ccce4e67a22e106fa],
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.215855\goopdate.dll, , [44ab5e9f58311a1ccce4e67a22e106fa],
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.215855\goopdateres_en.dll, , [44ab5e9f58311a1ccce4e67a22e106fa],
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.215855\npGoogleUpdate4.dll, , [44ab5e9f58311a1ccce4e67a22e106fa],
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.215855\psmachine.dll, , [44ab5e9f58311a1ccce4e67a22e106fa],
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.215855\psuser.dll, , [44ab5e9f58311a1ccce4e67a22e106fa],
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.262501\GoogleCrashHandler.exe, , [77780eef3d4c310560503b2558ab57a9],
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.262501\GoogleUpdate.exe, , [77780eef3d4c310560503b2558ab57a9],
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.262501\GoogleUpdateBroker.exe, , [77780eef3d4c310560503b2558ab57a9],
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.262501\GoogleUpdateHelper.msi, , [77780eef3d4c310560503b2558ab57a9],
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.262501\GoogleUpdateOnDemand.exe, , [77780eef3d4c310560503b2558ab57a9],
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.262501\goopdate.dll, , [77780eef3d4c310560503b2558ab57a9],
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.262501\goopdateres_en.dll, , [77780eef3d4c310560503b2558ab57a9],
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.262501\npGoogleUpdate4.dll, , [77780eef3d4c310560503b2558ab57a9],
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.262501\psmachine.dll, , [77780eef3d4c310560503b2558ab57a9],
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.262501\psuser.dll, , [77780eef3d4c310560503b2558ab57a9],
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.55868\GoogleCrashHandler.exe, , [836cc13cbdcc2a0c565ab9a744bf718f],
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.55868\GoogleUpdate.exe, , [836cc13cbdcc2a0c565ab9a744bf718f],
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.55868\GoogleUpdateBroker.exe, , [836cc13cbdcc2a0c565ab9a744bf718f],
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.55868\GoogleUpdateHelper.msi, , [836cc13cbdcc2a0c565ab9a744bf718f],
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.55868\GoogleUpdateOnDemand.exe, , [836cc13cbdcc2a0c565ab9a744bf718f],
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.55868\goopdate.dll, , [836cc13cbdcc2a0c565ab9a744bf718f],
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.55868\goopdateres_en.dll, , [836cc13cbdcc2a0c565ab9a744bf718f],
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.55868\npGoogleUpdate4.dll, , [836cc13cbdcc2a0c565ab9a744bf718f],
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.55868\psmachine.dll, , [836cc13cbdcc2a0c565ab9a744bf718f],
PUP.Optional.GlobalUpdate.A, C:\Users\XXXX XXXX\AppData\Local\Temp\comh.55868\psuser.dll, , [836cc13cbdcc2a0c565ab9a744bf718f],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\SBIEBrowserHelperObject.dll, , [ea0549b4f19865d1edbced7c0df6f40c],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\SCHelper.exe, , [ea0549b4f19865d1edbced7c0df6f40c],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\Search.lnk, , [ea0549b4f19865d1edbced7c0df6f40c],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\sma.exe, , [ea0549b4f19865d1edbced7c0df6f40c],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smci32.dll, , [ea0549b4f19865d1edbced7c0df6f40c],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smci64.dll, , [ea0549b4f19865d1edbced7c0df6f40c],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smei32.dll, , [ea0549b4f19865d1edbced7c0df6f40c],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smei64.dll, , [ea0549b4f19865d1edbced7c0df6f40c],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smfi32.dll, , [ea0549b4f19865d1edbced7c0df6f40c],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smfi64.dll, , [ea0549b4f19865d1edbced7c0df6f40c],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smi32.exe, , [ea0549b4f19865d1edbced7c0df6f40c],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smi64.exe, , [ea0549b4f19865d1edbced7c0df6f40c],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smoi32.dll, , [ea0549b4f19865d1edbced7c0df6f40c],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smoi64.dll, , [ea0549b4f19865d1edbced7c0df6f40c],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smp.exe, , [ea0549b4f19865d1edbced7c0df6f40c],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smri32.dll, , [ea0549b4f19865d1edbced7c0df6f40c],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smri64.dll, , [ea0549b4f19865d1edbced7c0df6f40c],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smu.exe, , [ea0549b4f19865d1edbced7c0df6f40c],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\SMUninstall.exe, , [ea0549b4f19865d1edbced7c0df6f40c],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smw.sys, , [ea0549b4f19865d1edbced7c0df6f40c],
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro\spbia.exe, , [2bc4e21b95f463d37937a1c842c18f71],
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro\spbici32.dll, , [2bc4e21b95f463d37937a1c842c18f71],
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro\spbici64.dll, , [2bc4e21b95f463d37937a1c842c18f71],
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro\spbii32.exe, , [2bc4e21b95f463d37937a1c842c18f71],
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro\spbii64.exe, , [2bc4e21b95f463d37937a1c842c18f71],
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro\spbiu.exe, , [2bc4e21b95f463d37937a1c842c18f71],
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro\spbiw.sys, , [2bc4e21b95f463d37937a1c842c18f71],
PUP.Optional.Cinema.A, C:\Program Files (x86)\CinemaP-1.4cV31.01\82c9399f-6c00-412e-9964-05c27db8ea3a.dll, , [d01f32cb494031051c9af575eb1807f9],
PUP.Optional.Cinema.A, C:\Program Files (x86)\CinemaP-1.4cV31.01\beddc3a5-14c1-4be6-a132-5174f13a7c15.xpi, , [d01f32cb494031051c9af575eb1807f9],
PUP.Optional.Cinema.A, C:\Program Files (x86)\CinemaP-1.4cV31.01\bgNova.html, , [d01f32cb494031051c9af575eb1807f9],
PUP.Optional.Cinema.A, C:\Program Files (x86)\CinemaP-1.4cV31.01\Uninstall.exe, , [d01f32cb494031051c9af575eb1807f9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome.manifest, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\install.rdf, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\2e61c5641c8960992cac249b9b2a775e.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\50ea661ae9290662f6564923954b96ab.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\616be79461c0e7c1d48182dc89f201f2.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\ae634e438d7bac46cd21b8e1f17ce6af.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\background.html, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\browser.xul, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\dialog.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\f3c1760896b07877c2af41f802fb4aee.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\fee971c3fc89ff3400341f3a4b241986.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\ffCoreFilesIndex.txt, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\options.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\options.xul, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\search_dialog.xul, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\api\04ce4e1ef9bb25cd63266a6ca905235c.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\api\43a5950d1e3613f07f5dd5fe36f8570b.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\api\78429c54e9c0684702c52ce546b6037e.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\api\7cb88cd91ffacc2af6ad7e7fa2b6dbf0.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\api\87db14bf8e24836a744aa32291a9cdc6.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\api\92c4c7f063acaef6ad59abb3865c8df8.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\api\a566648a5650506eb184f9e3735bd15e.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\api\a7fe69fb7e0f086f472bd1d0579920da.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\api\aa847fd3c0cb935d27495f920de5c433.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\api\b6822480e3620b3595cbd46f4b27846c.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\api\c832aef2d201aea4ce618e265330470b.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\api\d06a86fc0ec0c1497e9a181b9bef24d7.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\api\d427c3fb160b39ea25f9ec887a81df16.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\api\ebec8321f0057985bda58b9660bd8b35.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\api\fd905910a9b10071b6acf93266cb1c03.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\api\fef45a9ea40d9e561f9daf52f04361d6.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\0d8c18a3f2a7774a42fd042e0acb82d8.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\19d0162e0b8eebd41a6158f7a93d9406.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\1a68024078ec576428d1b7a6a6a82645.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\35909570179b4fbae5b97c3512c49fec.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\371583a974de66c957a9fb5254a7ed49.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\387082cc174d0f7c93c66f9a3751e734.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\422d734c5a304576d8e885e84c9ccc43.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\4aa32452694c627b3c024681ef07d1c3.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\58feb168c3ad27060cef39467aac4241.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\62b27b370a65d23e9444b45ae9afa3fb.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\8ab848c3b12580f045111939fd82fc5e.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\8c9e6a4f91e47a877bdc3ca17c717a4e.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\92016c70ea98b3cadd2e83fe8f2bfb88.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\94d426e62c0d2ea8166a01e67e66d8a1.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\9ae60443a18a7acb458e9b5e5b1cab18.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\a286fe02feada72a753ae85e280096fc.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\c3fd1aaadbf94beb6e849d6cd47dae91.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\c98d9699d61d0880119d220b2352a981.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\dfbab2bc7049047fbc7564eb9cc080e1.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\fc064e3b4a5e6afa4e3c584ce640597b.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\chrome\content\core\installer.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\defaults\preferences\prefs.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\manifest.xml, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins.json, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\1.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\102.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\104.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\13.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\14.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\16.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\17.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\177.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\180.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\182.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\183.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\184.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\195.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\200.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\207.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\21.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\22.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\220.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\223.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\242.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\246.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\253.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\263.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\28.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\286.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\288.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\301.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\345.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\354.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\4.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\47.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\64.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\7.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\72.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\78.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\9.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\91.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\plugins\98.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\userCode\background.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\extensionData\userCode\extension.js, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\locale\en-US\translations.dtd, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\skin\button1.png, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\skin\button2.png, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\skin\button3.png, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\skin\button4.png, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\skin\button5.png, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\skin\crossrider_statusbar.png, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\skin\icon128.png, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\skin\icon16.png, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\skin\icon24.png, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\skin\icon48.png, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\skin\panelarrow-up.png, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\skin\popup.html, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\skin\skin.css, , [658aa25baadf181e9a0b82fbba4937c9],
PUP.Optional.CrossRider.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com\skin\update.css, , [658aa25baadf181e9a0b82fbba4937c9],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
Neues Protokoll:

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 05.02.2015
Suchlauf-Zeit: 20:53:28
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.05.08
Rootkit Datenbank: v2015.02.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: XXXX XXXX

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 453044
Verstrichene Zeit: 35 Min, 13 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 2
PUP.Optional.iWebar.A, HKLM\SOFTWARE\WOW6432NODE\iWebar-nv-ie, In Quarantäne, [b725df3b05856accb1ea33517d8601ff],
PUP.Optional.iWebar.A, HKU\S-1-5-21-1242904208-471078349-2963378918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\iWebar-nv-ie, Löschen bei Neustart, [f5e71dfd4a40bb7b336994f058abf10f],

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 2
PUP.Optional.SmootherWeb.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\jetpack\jid1-U7omKQ6kQfxMaQ@jetpack, In Quarantäne, [e1fb71a97f0bc17589634534c142bd43],
PUP.Optional.SmootherWeb.A, C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\jetpack\jid1-U7omKQ6kQfxMaQ@jetpack\simple-storage, In Quarantäne, [e1fb71a97f0bc17589634534c142bd43],

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

Immer noch, neue Tabs werden automatisch geöffnet.
Werbe-Pupups und kleine Werbe-Pupups laden

Bootsektor 06.02.2015 00:21
Hallo,

in welchem Browser denn?

Reiche bitte die Resulte aus den ausstehenden Schritten nach.

magigstar 06.02.2015 19:22
Hier der ESET Log,
der Rest kommt noch

Ich benutze den Firefox

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=58449cc18ee8504882955fd4081431d5
# engine=19554
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-07 11:14:15
# local_time=2014-08-08 01:14:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 14959 151952429 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 42233 159083105 0 0
# scanned=265
# found=1
# cleaned=0
# scan_time=55
sh=C84182A0079B88D923BF936CC788C5B4B46AF482 ft=1 fh=ce39f3e3774c393e vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1242904208-471078349-2963378918-1000\$R7TUY4P.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=58449cc18ee8504882955fd4081431d5
# engine=19835
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-26 05:27:21
# local_time=2014-08-26 07:27:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 49001 153530015 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 37433 160660691 0 0
# scanned=265829
# found=11
# cleaned=0
# scan_time=31318
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=F90B3223684DEAAE59E0D371CCA318834695FEBE ft=1 fh=e2bb850c8e277c01 vn="Variante von Win32/RemoteAdmin.RemoteExec.AA potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\SIW\siw.exe"
sh=B896DEDCC410A84E9D794EB28ADB30E4CE0FC1C7 ft=1 fh=0d280081a7b58c5c vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\XXXXX XXXXX\.frostwire5\updates\frostwire-5.6.2.windows.exe"
sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXX XXXXX\Desktop\aufräumen, was geht\Ordner\Neuer Ordner (3)\Neuer Ordner1\alte Dateien\Tresor alter Computer\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll"
sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXX XXXXX\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_neueDateien\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-203.dll"
sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXX XXXXX\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_neueDateien\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll"
sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXX XXXXX\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_Sicherung_2\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-203.dll"
sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXX XXXXX\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_Sicherung_2\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll"
sh=E2C028A886AA7352539DEE32CBB38770C529A76E ft=1 fh=d2aeb2930bcba9f7 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXX XXXXX\Downloads\PDFCreator-1_7_3_setup(1).exe"
sh=E2C028A886AA7352539DEE32CBB38770C529A76E ft=1 fh=d2aeb2930bcba9f7 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXX XXXXX\Downloads\PDFCreator-1_7_3_setup.exe"
sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXX\Downloads\cbsidlm-tr1_13-Free_Audio_Cutter-ORG-75444480.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=58449cc18ee8504882955fd4081431d5
# engine=21329
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-11-30 10:05:21
# local_time=2014-11-30 11:05:21 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 68538 161841095 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 137883 168971771 0 0
# scanned=201326
# found=11
# cleaned=0
# scan_time=41366
sh=BD2752141740654CD9FA4FC44BC5874D57B3642E ft=1 fh=5cdb06fd3465f210 vn="Variante von Win32/InstallCore.RA evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1242904208-471078349-2963378918-1000\$RIJ9WQK.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=F90B3223684DEAAE59E0D371CCA318834695FEBE ft=1 fh=e2bb850c8e277c01 vn="Variante von Win32/RemoteAdmin.RemoteExec.AA potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\SIW\siw.exe"
sh=B896DEDCC410A84E9D794EB28ADB30E4CE0FC1C7 ft=1 fh=0d280081a7b58c5c vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\XXXXX XXXXX\.frostwire5\updates\frostwire-5.6.2.windows.exe"
sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXX XXXXX\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Neuer Ordner (3)\Neuer Ordner1\alte Dateien\Tresor alter Computer\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll"
sh=D3950C59BE2BD5572C4BD63ACED4443CC7E41579 ft=0 fh=0000000000000000 vn="Variante von WMA/TrojanDownloader.GetCodec.gen Trojaner" ac=I fn="C:\Users\XXXXX XXXXX\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\USB Stick\usb\Neuer Ordner\Dance\The Prodigy - One Love.mp3"
sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXX XXXXX\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_neueDateien\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-203.dll"
sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXX XXXXX\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_neueDateien\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll"
sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXX XXXXX\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_Sicherung_2\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-203.dll"
sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXX XXXXX\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_Sicherung_2\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll"
sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXX\Downloads\cbsidlm-tr1_13-Free_Audio_Cutter-ORG-75444480.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=58449cc18ee8504882955fd4081431d5
# engine=22329
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-02-06 12:14:42
# local_time=2015-02-06 01:14:42 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 20269 167680856 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 20163 174811532 0 0
# scanned=309128
# found=58
# cleaned=0
# scan_time=12586
sh=1B9445EF3BD4D79AF91C32CB60F5BE9161F8B2EB ft=1 fh=2be33240f1c467c0 vn="Variante von Win32/AdWare.EoRezo.AU Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mbot_de_481\mybestofferstoday_widget.exe.vir"
sh=816B192DE1364CFFC89107738057FF671D635B9C ft=1 fh=4adc5297c803b826 vn="Variante von Win32/Conduit.SearchProtect.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=378B85C2B314BE9C44F853F3F5988F6835984B74 ft=1 fh=ce49ebd9eb2bc48e vn="Variante von Win32/Conduit.SearchProtect.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll.vir"
sh=3A409A328F4652D94BEE9D043E81DACF196E7DBD ft=1 fh=237d68fa70f7d8fc vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"
sh=DC9B213AE23010EEFE29B3C18C11248334CCDA1F ft=1 fh=bdea575b52a6fe95 vn="Variante von Win32/Conduit.SearchProtect.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=1153CC7084A7DD1DDC36CAEDB8C586498BA88E4B ft=1 fh=2ead2e1a342ba75e vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\RN32.dll.vir"
sh=CCB85D18513F5ACCFEDA574B270B482829C64F2C ft=1 fh=e2e2ab3683b2c444 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe.vir"
sh=2B924EF9E9738396D8FEFFD7F393FDC1926ACB8E ft=1 fh=4db8efae5a044c81 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32.dll.vir"
sh=09C3C95516BF1A320F48BDCBB3579762F997721A ft=1 fh=89cf0c8724a77af8 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll.vir"
sh=4E9900A77AF999BEF32D6B304219ACDB149978F8 ft=1 fh=8fdbb58d928290a9 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64.dll.vir"
sh=1BB5AC385EB6B2BF403790D191E80B35387404DD ft=1 fh=5b1c558bf768d504 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll.vir"
sh=2C8C3D72943E9F8EBF7FCF0E0D70D66F823B8F49 ft=1 fh=ad3082de8668fb4a vn="Variante von Win32/Conduit.SearchProtect.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=7C58FA8408975F221BF93238F67AD1B96859EE9C ft=1 fh=8ed56cb492085512 vn="Variante von Win64/Adware.MultiPlug.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\unissales\9vFbOLvEX4RE1d.x64.dll.vir"
sh=7C58FA8408975F221BF93238F67AD1B96859EE9C ft=1 fh=8ed56cb492085512 vn="Variante von Win64/Adware.MultiPlug.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\youtubeadblocker\2vSp3hYxFkuiwN.x64.dll.vir"
sh=45007D7AB67E22EE003593B44A645083DC6E2EC6 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\hakphkngdipbpbhaokjpjfdbiipknffb\content.js.vir"
sh=ADA9FE6B3255D8E5CC8ABC05094FE8F3C5CEC2E5 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\hakphkngdipbpbhaokjpjfdbiipknffb\Z.js.vir"
sh=DFB26192F2AC7F0D034024989839F63542D4F40A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\23fb8bb3-ac21-4230-bbfa-49b94968bc63@gmail.com\extensionData\plugins\91.js.vir"
sh=DFB26192F2AC7F0D034024989839F63542D4F40A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\91.js.vir"
sh=C76B47C2CB45A525A1E2719CDDB762A3E7BCF4A5 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\wq@P.net\content\bg.js.vir"
sh=95EA88F56230BC4ABC15D3710649133932317B34 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\Za7@Ky.edu\content\bg.js.vir"
sh=5C2AF274C2BB1CC81F0D36C71F94C7004D46FEB2 ft=0 fh=0000000000000000 vn="JS/ShopperPro.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}\content\overlay.js.vir"
sh=F2251A7A386675FE43902ADC0525D33672C8BB84 ft=1 fh=e069b17bc5bd2e6a vn="Win32/VOPackage.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\XXXXX XXXXX\AppData\Roaming\VOPackage\VOPackage.exe.vir"
sh=D3D71D4E9157031CF4E36D72F0DFB2170530223A ft=1 fh=3aa89bd270bdbd1e vn="Variante von Win32/SBWatchman.D evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\PROGRAM Files\COMMON files\System\SysMenu.dll.xBAD"
sh=ECA75C940566A51E196EFE3E5918EC4615385372 ft=1 fh=a9cf670d970984a3 vn="Variante von Win32/Adware.MultiPlug.EP Anwendung" ac=I fn="C:\FRST\Quarantine\C\ProgramData\{06467b43-d78a-a739-0646-67b43d78ed0f}\KMS Activator Ultimate 2014 v2.3 is Here ! [LATEST].exe"
sh=3C4DBE5B2797E189DB67FE266CE84BE90B3AEB58 ft=1 fh=c24890e54943dc65 vn="Variante von Win32/SBWatchman.D evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\XXXXX XXXXX\AppData\Local\Installer\Install_24189\DCytdieamo_amodc_setup.exe.xBAD"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\XXXXX XXXXX\AppData\Roaming\FMLW.xBAD"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\XXXXX XXXXX\AppData\Roaming\MLSC.xBAD"
sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\XXXXX XXXXX\AppData\Roaming\NWAUR.xBAD"
sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\XXXXX XXXXX\AppData\Roaming\UHTQPK.xBAD"
sh=5A4C8C7391C5F7A7D85C1C86AD9A9DFDC1B5994C ft=1 fh=461d9be2f02a5bb1 vn="Variante von Win32/SBWatchman.D evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Common Files\System\SysMenu64.dll"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=F90B3223684DEAAE59E0D371CCA318834695FEBE ft=1 fh=e2bb850c8e277c01 vn="Variante von Win32/RemoteAdmin.RemoteExec.AA potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\SIW\siw.exe"
sh=A8B41A00A882E5DF634641E3513CF5B7456918B8 ft=1 fh=3b340c1a45bfd8b7 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\38307773-d954-48f2-8127-93df0ea63e4a\3e7d90a7-d362-46a9-a145-3ee08200dffd.dll.vir"
sh=4E043603B90EE544A5B36BE8E8B04CB84313F624 ft=1 fh=de082fb1cb22794f vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\878e2246-8f7a-48fe-89f9-845dc6abbab7\74ac0708-eebd-4d53-83f6-7f4779f2f294.dll.vir"
sh=4E043603B90EE544A5B36BE8E8B04CB84313F624 ft=1 fh=de082fb1cb22794f vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\878e2246-8f7a-48fe-89f9-845dc6abbab7\878e2246-8f7a-48fe-89f9-845dc6abbab7.dll.vir"
sh=A8B41A00A882E5DF634641E3513CF5B7456918B8 ft=1 fh=3b340c1a45bfd8b7 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Acer\38307773-d954-48f2-8127-93df0ea63e4a.dll.vir"
sh=126D4F1D231AB4D5906103610A520ADD20CCAB75 ft=1 fh=2c9d015a54b3c263 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Acer\ed55547d-8d98-4039-96d9-00407eb30671.dll.vir"
sh=126D4F1D231AB4D5906103610A520ADD20CCAB75 ft=1 fh=2c9d015a54b3c263 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\ed55547d-8d98-4039-96d9-00407eb30671\ca846dc2-84dd-4e20-94fa-902a5cafe3c0.dll.vir"
sh=45007D7AB67E22EE003593B44A645083DC6E2EC6 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\extensions\obdejhodejngcbmkiddfjkieejekbfil\242\content.js.vir"
sh=2BD44CFD0C6A2225FCF4370A79C3DA169BAAC900 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\extensions\obdejhodejngcbmkiddfjkieejekbfil\242\GuJbTt1.js.vir"
sh=C76B47C2CB45A525A1E2719CDDB762A3E7BCF4A5 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ilhln8u2.default\extensions\staged\wq@P.net\content\bg.js.vir"
sh=95EA88F56230BC4ABC15D3710649133932317B34 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ilhln8u2.default\extensions\staged\Za7@Ky.edu\content\bg.js.vir"
sh=C76B47C2CB45A525A1E2719CDDB762A3E7BCF4A5 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\r7teyr0l.default-1417873282698\extensions\staged\wq@P.net\content\bg.js.vir"
sh=95EA88F56230BC4ABC15D3710649133932317B34 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\r7teyr0l.default-1417873282698\extensions\staged\Za7@Ky.edu\content\bg.js.vir"
sh=B896DEDCC410A84E9D794EB28ADB30E4CE0FC1C7 ft=1 fh=0d280081a7b58c5c vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\XXXXX XXXXX\.frostwire5\updates\frostwire-5.6.2.windows.exe"
sh=705EBCEF56D051A6D6D6356F237201A8448026E0 ft=0 fh=0000000000000000 vn="JS/Kryptik.I Trojaner" ac=I fn="C:\Users\XXXXX XXXXX\AppData\Local\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\cache2\entries\96D59457AFA822A33B5B5ED391A55E16768E6472"
sh=37AEC73BCA6A4AD82D0DA871ECD72CD8B8A73904 ft=0 fh=0000000000000000 vn="JS/Kryptik.I Trojaner" ac=I fn="C:\Users\XXXXX XXXXX\AppData\Local\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\cache2\entries\BB425C587980B0FCFA063FF796BB36E3D76613A4"
sh=D6092490B8B905B9058227DF77C38386F2E22BAA ft=0 fh=0000000000000000 vn="Win32/SmootherWeb.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXX XXXXX\AppData\Roaming\Booster-Web\jid1-U7omKQ6kQfxMaQ@jetpack.zip"
sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXX XXXXX\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Neuer Ordner (3)\Neuer Ordner1\alte Dateien\Tresor alter Computer\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll"
sh=D3950C59BE2BD5572C4BD63ACED4443CC7E41579 ft=0 fh=0000000000000000 vn="Variante von WMA/TrojanDownloader.GetCodec.gen Trojaner" ac=I fn="C:\Users\XXXXX XXXXX\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\USB Stick\usb\Neuer Ordner\Dance\The Prodigy - One Love.mp3"
sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXX XXXXX\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_neueDateien\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-203.dll"
sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXX XXXXX\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_neueDateien\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll"
sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXX XXXXX\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_Sicherung_2\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-203.dll"
sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXX XXXXX\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_Sicherung_2\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll"
sh=EE170263EA037C877EE979B8863D2EBA5D86D318 ft=1 fh=7109b40decc7c204 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXX XXXXX\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe"
sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXX\Downloads\cbsidlm-tr1_13-Free_Audio_Cutter-ORG-75444480.exe"
sh=A8BF6CBF1947DF4A1E73B0A6670CBBCB4BD87E21 ft=1 fh=215be700359ffcb7 vn="Variante von Win32/Adware.PicColor.C Anwendung" ac=I fn="C:\Windows\System32\ColorMedia.dll"
sh=A8BF6CBF1947DF4A1E73B0A6670CBBCB4BD87E21 ft=1 fh=215be700359ffcb7 vn="Variante von Win32/Adware.PicColor.C Anwendung" ac=I fn="C:\Windows\SysWOW64\ColorMedia.dll"
FRST:


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015
Ran by XXXX XXXX (administrator) on ARBEITSCOMPUTER on 06-02-2015 05:24:52
Running from C:\Users\XXXX XXXX\Desktop
Loaded Profiles: XXXX XXXX & Versuch (Available profiles: XXXX XXXX & XXXX & Versuch)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Common Files\AAV\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Windows\snuvcdsm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\PLFSetI.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(RescueTime, Inc.) C:\Program Files (x86)\RescueTime\RescueTime.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SNUVCDSM] => C:\Windows\snuvcdsm.exe [30080 2011-01-13] ()
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-29] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetL] => C:\Windows\PLFSetL.exe [99712 2011-01-13] (Sonix Technology Co., Ltd.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2011-11-13] ()
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-11] (Egis Technology Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-07-22] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-02] (Dritek System Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-23] (BillP Studios)
HKU\S-1-5-21-1242904208-471078349-2963378918-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-1242904208-471078349-2963378918-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
Startup: C:\Users\XXXX XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk
ShortcutTarget: RescueTime.lnk -> C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1242904208-471078349-2963378918-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.de/
HKU\S-1-5-21-1242904208-471078349-2963378918-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27361111d106l0498z1j5t4471e496
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1242904208-471078349-2963378918-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1242904208-471078349-2963378918-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1242904208-471078349-2963378918-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE457
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: unissales -> {7e0aaab3-ba7d-4a2d-b1e6-4289ce4d1b1e} -> C:\Program Files (x86)\unissales\9vFbOLvEX4RE1d.x64.dll No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1242904208-471078349-2963378918-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: Zoom It - C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{1b4f9242-444a-5952-286c-6b1886ee5374} [2015-02-05]
FF Extension: LeechBlock - C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2014-12-07]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7F3C43B3-690F-4276-959F-1C74A797CA2A&SearchSource=55&CUI=&UM=8&UP=SP9050A32E-D786-4A42-9E49-5663C4588ECE&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7F3C43B3-690F-4276-959F-1C74A797CA2A&SearchSource=55&CUI=&UM=8&UP=SP9050A32E-D786-4A42-9E49-5663C4588ECE&SSPV="
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSuggestURL: Default -> hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\XXXX XXXX\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (Google Präsentationen) - C:\Users\XXXX XXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-01]
CHR Extension: (Google Docs) - C:\Users\XXXX XXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-25]
CHR Extension: (Google Drive) - C:\Users\XXXX XXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\XXXX XXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-26]
CHR Extension: (YouTube) - C:\Users\XXXX XXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-25]
CHR Extension: (Google-Suche) - C:\Users\XXXX XXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-25]
CHR Extension: (Google Tabellen) - C:\Users\XXXX XXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-01]
CHR Extension: (Avira Browserschutz) - C:\Users\XXXX XXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-26]
CHR Extension: (Google Wallet) - C:\Users\XXXX XXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-26]
CHR Extension: (Google Mail) - C:\Users\XXXX XXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-25]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Common Files\AAV\aavus.exe [122880 2007-10-04] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
S4 BotkindSyncService; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [182784 2013-10-10] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S4 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241704 2014-03-25] (Foxit Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-11] (Egis Technology Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 NoIPDUCService4; C:\Program Files (x86)\No-IP\ducservice.exe [11264 2013-01-24] () [File not signed]
S4 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3051848 2011-01-25] (O&O Software GmbH)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] () [File not signed]
S4 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S4 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) [File not signed]
S4 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe [72344 2008-05-19] (SiSoftware) [File not signed]
S4 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [247152 2010-04-27] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 EkaProt6; C:\Windows\System32\DRIVERS\ekaprot6.sys [27288 2012-03-23] (Ekahau Inc.)
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [109144 2014-01-30] (Softwareentwicklung Remus - ArchiCrypt - )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806592 2011-01-13] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-06 05:24 - 2015-02-06 05:25 - 00021810 _____ () C:\Users\XXXX XXXX\Desktop\FRST.txt
2015-02-05 21:40 - 2015-02-05 21:40 - 02347384 _____ (ESET) C:\Users\XXXX XXXX\Downloads\esetsmartinstaller_deu.exe
2015-02-05 21:29 - 2015-02-05 21:36 - 00001900 _____ () C:\Users\XXXX XXXX\Desktop\mbam.txt
2015-02-01 23:11 - 2015-02-01 23:11 - 00000250 _____ () C:\Users\XXXX XXXX\Desktop\YouTube.URL
2015-02-01 23:10 - 2015-02-01 23:10 - 00000244 _____ () C:\Users\XXXX XXXX\Desktop\Link.URL
2015-02-01 21:45 - 2015-02-01 21:45 - 01156136 _____ (Ruiware) C:\Users\XXXX XXXX\Downloads\wpsetup(1).exe
2015-02-01 08:55 - 2015-02-01 08:55 - 00039830 _____ () C:\ComboFix.txt
2015-02-01 01:01 - 2015-02-01 00:56 - 05611408 ____R (Swearware) C:\Users\XXXX XXXX\Desktop\ComboFix.exe
2015-02-01 00:56 - 2015-02-01 00:56 - 05611408 ____R (Swearware) C:\Users\XXXX XXXX\Downloads\ComboFix.exe
2015-02-01 00:46 - 2015-02-01 00:46 - 00000249 _____ () C:\Users\XXXX XXXX\Desktop\Link1.URL
2015-01-31 23:47 - 2015-01-31 23:51 - 00002169 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2015.lnk
2015-01-31 20:29 - 2015-01-31 20:29 - 00000269 _____ () C:\Users\XXXX XXXX\Desktop\FREELETICS.URL
2015-01-31 17:50 - 2015-02-06 05:24 - 00000000 ____D () C:\Users\XXXX XXXX\Desktop\FRST-OlderVersion
2015-01-31 17:48 - 2015-01-31 17:48 - 00000337 _____ () C:\Users\XXXX XXXX\Desktop\Android-Hilfe.de.URL
2015-01-31 17:00 - 2015-01-31 17:01 - 00001671 _____ () C:\Users\XXXX XXXX\Desktop\JRT.txt
2015-01-31 15:22 - 2015-01-31 15:22 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-31 15:03 - 2015-01-31 15:03 - 02194432 _____ () C:\Users\XXXX XXXX\Desktop\AdwCleaner_4.109.exe
2015-01-31 15:03 - 2015-01-31 15:03 - 01707939 _____ (Thisisu) C:\Users\XXXX XXXX\Desktop\JRT.exe
2015-01-31 11:33 - 2015-01-31 11:33 - 00000000 ____D () C:\Users\XXXX XXXX\Documents\TokensBackup
2015-01-31 10:12 - 2015-02-06 05:24 - 02131968 _____ (Farbar) C:\Users\XXXX XXXX\Desktop\FRST64.exe
2015-01-31 10:10 - 2015-01-31 10:10 - 00001101 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-31 09:43 - 2015-01-31 09:46 - 00000000 ____D () C:\Users\XXXX XXXX\Desktop\Ordnung
2015-01-31 09:35 - 2015-01-31 09:35 - 00000000 ____D () C:\Users\XXXX XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Booster-Web
2015-01-31 09:34 - 2015-01-31 10:01 - 00000000 ____D () C:\Users\XXXX XXXX\AppData\Roaming\Booster-Web
2015-01-31 09:32 - 2015-01-31 09:32 - 00001117 _____ () C:\Users\XXXX XXXX\Desktop\Continue installation .lnk
2015-01-31 09:31 - 2015-01-31 09:31 - 00000000 ____D () C:\ProgramData\SearchModulePlus
2015-01-31 09:06 - 2015-01-31 17:44 - 00000000 ____D () C:\Program Files (x86)\Hearthstone Stream Browser
2015-01-31 09:06 - 2015-01-31 09:06 - 00000000 ____D () C:\Windows\SysWOW64\AMD64
2015-01-31 08:57 - 2015-01-31 08:57 - 01191200 _____ () C:\Users\XXXX XXXX\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2015-01-31 08:52 - 2014-12-14 10:53 - 00378640 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll
2015-01-31 08:52 - 2014-12-14 10:53 - 00332568 _____ (CartCrunch Israel Ltd.) C:\Windows\SysWOW64\ColorMedia.dll
2015-01-30 20:51 - 2015-01-30 20:51 - 00000600 _____ () C:\Users\XXXX XXXX\AppData\Roaming\winscp.rnd
2015-01-30 20:08 - 2015-01-30 20:08 - 00000000 ____D () C:\Users\Versuch\AppData\Roaming\PDF Architect
2015-01-30 20:08 - 2015-01-30 20:08 - 00000000 ____D () C:\Users\Versuch\AppData\Local\IsolatedStorage
2015-01-30 19:16 - 2015-01-30 19:17 - 00000000 ____D () C:\Users\Versuch\AppData\OICE_15_974FA576_32C1D314_2072
2015-01-27 21:08 - 2015-02-06 02:15 - 00005192 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Arbeitscomputer-XXXX XXXX Arbeitscomputer
2015-01-20 06:34 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-20 06:34 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-20 06:34 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-20 06:34 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-20 06:34 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-20 06:34 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-20 06:34 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 08:06 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:06 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:06 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 08:06 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:06 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 08:06 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 05:55 - 2015-01-13 05:55 - 00009429 _____ () C:\Users\XXXX XXXX\AppData\Local\recently-used.xbel

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-06 05:25 - 2014-08-21 20:10 - 00000000 ____D () C:\FRST
2015-02-06 05:05 - 2012-08-14 18:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-06 04:09 - 2011-11-13 21:43 - 01490369 _____ () C:\Windows\WindowsUpdate.log
2015-02-05 21:38 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-05 21:38 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-05 21:35 - 2014-08-05 14:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-05 21:32 - 2014-06-20 13:07 - 00113066 _____ () C:\Windows\PFRO.log
2015-02-05 21:32 - 2014-06-18 08:20 - 00028077 _____ () C:\Windows\setupact.log
2015-02-05 21:32 - 2012-09-20 04:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-05 21:32 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-05 21:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PLA
2015-02-01 21:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-02-01 11:54 - 2012-03-25 11:40 - 00000000 ____D () C:\Users\XXXX XXXX\Documents\Steuerfälle
2015-02-01 08:55 - 2014-08-24 12:03 - 00000000 ____D () C:\Qoobox
2015-02-01 08:50 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-01 08:40 - 2013-10-13 19:47 - 00000000 ____D () C:\Windows\erdnt
2015-02-01 08:40 - 2009-07-14 03:34 - 24379392 _____ () C:\Windows\system32\config\system.bak
2015-02-01 08:40 - 2009-07-14 03:34 - 113508352 _____ () C:\Windows\system32\config\software.bak
2015-02-01 08:40 - 2009-07-14 03:34 - 05505024 _____ () C:\Windows\system32\config\default.bak
2015-02-01 08:40 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-02-01 08:40 - 2009-07-14 03:34 - 00032768 _____ () C:\Windows\system32\config\security.bak
2015-02-01 08:39 - 2009-11-05 01:49 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-01-31 23:47 - 2012-03-25 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps
2015-01-31 23:47 - 2012-03-25 11:26 - 00000000 ____D () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft
2015-01-31 17:39 - 2013-09-19 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-31 17:39 - 2012-03-11 02:08 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-31 17:19 - 2011-11-14 06:15 - 00000000 ____D () C:\Windows\Lan
2015-01-31 15:22 - 2014-08-05 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-31 15:22 - 2014-08-05 14:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-31 15:08 - 2014-11-16 12:18 - 00001025 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-31 15:08 - 2014-11-16 12:18 - 00001013 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-31 15:08 - 2014-10-25 07:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-31 15:08 - 2014-08-24 18:36 - 00000000 ____D () C:\AdwCleaner
2015-01-31 15:08 - 2011-11-20 15:41 - 00001021 _____ () C:\Users\XXXX XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-31 10:10 - 2014-08-06 10:55 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-31 10:10 - 2013-02-24 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-31 10:09 - 2013-02-24 19:39 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-31 09:44 - 2014-08-07 20:56 - 02931200 ___SH () C:\Users\XXXX XXXX\Desktop\Thumbs.db
2015-01-31 07:56 - 2014-08-15 15:44 - 00000000 ____D () C:\Users\XXXX XXXX\AppData\Local\Adobe
2015-01-31 07:56 - 2012-04-02 19:28 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-31 07:56 - 2012-04-02 19:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-31 07:56 - 2011-11-15 21:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-30 19:03 - 2014-09-10 06:10 - 00000000 ____D () C:\Users\Versuch\AppData\Roaming\SimpleScreenshot
2015-01-27 20:12 - 2014-11-10 20:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 06:18 - 2014-11-16 12:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 07:21 - 2012-06-10 14:07 - 00000000 ____D () C:\Users\XXXX XXXX\Documents\Bewerbungen
2015-01-25 17:19 - 2011-11-14 06:34 - 00702664 _____ () C:\Windows\system32\perfh007.dat
2015-01-25 17:19 - 2011-11-14 06:34 - 00151424 _____ () C:\Windows\system32\perfc007.dat
2015-01-25 17:19 - 2009-07-14 06:13 - 01629998 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-23 21:11 - 2013-11-02 09:43 - 00000000 ____D () C:\Users\XXXX XXXX\AppData\Roaming\Skype
2015-01-20 14:50 - 2014-09-10 06:09 - 00000000 ____D () C:\Users\Versuch
2015-01-20 14:50 - 2013-05-22 21:33 - 00000000 ____D () C:\Users\XXXX XXXX\AppData\Local\RescueTime.com
2015-01-20 14:50 - 2012-03-30 17:57 - 00000000 ____D () C:\Users\XXXX
2015-01-20 14:50 - 2011-12-01 21:23 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-01-20 14:50 - 2011-11-20 16:01 - 00000000 ____D () C:\Users\XXXX XXXX\AppData\Roaming\SimpleScreenshot
2015-01-20 14:50 - 2009-11-05 01:26 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-20 14:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-20 06:21 - 2011-11-13 22:46 - 00000000 ____D () C:\Users\XXXX XXXX
2015-01-18 20:07 - 2012-04-07 11:49 - 00000000 ____D () C:\Users\XXXX XXXX\Documents\Finanzen
2015-01-15 18:59 - 2013-07-13 08:36 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 18:46 - 2011-11-18 19:58 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 05:55 - 2014-06-15 19:34 - 00000000 ____D () C:\Users\XXXX XXXX\AppData\Local\gtk-2.0
2015-01-13 05:55 - 2012-08-29 10:11 - 00000000 ____D () C:\Users\XXXX XXXX\.gimp-2.8
2015-01-08 09:55 - 2011-11-15 21:40 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2014-06-28 07:10 - 2014-07-23 21:30 - 14159872 _____ () C:\Users\XXXX XXXX\AppData\Roaming\Sandra.mdb
2015-01-30 20:51 - 2015-01-30 20:51 - 0000600 _____ () C:\Users\XXXX XXXX\AppData\Roaming\winscp.rnd
2012-04-20 18:28 - 2014-07-07 01:20 - 0006656 _____ () C:\Users\XXXX XXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-22 21:07 - 2014-09-22 21:07 - 0001482 _____ () C:\Users\XXXX XXXX\AppData\Local\RecConfig.xml
2015-01-13 05:55 - 2015-01-13 05:55 - 0009429 _____ () C:\Users\XXXX XXXX\AppData\Local\recently-used.xbel
2013-08-12 21:15 - 2013-08-12 21:15 - 0007603 _____ () C:\Users\XXXX XXXX\AppData\Local\Resmon.ResmonCfg
2012-03-31 10:26 - 2012-03-31 10:26 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-11-13 22:53 - 2011-11-13 22:57 - 0008282 _____ () C:\ProgramData\ArcadeDeluxe3.log
2014-09-22 19:19 - 2014-10-06 19:45 - 0008737 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\XXXX XXXX\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-06 01:48

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

Addition:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2015
Ran by XXXX XXXX at 2015-02-06 05:26:03
Running from C:\Users\XXXX XXXX\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.7112 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.0.7112 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.29 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.124.1120 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.124.1120 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3004 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.2009.1217 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3000 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.103 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}) (Version: 1.4.17.35005 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.4.17.35005 - Alcor Micro Corp.) Hidden
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
Alle meine Passworte 4.13 (HKLM\...\AllemeinePassworte) (Version:  - Mirko Böer)
Allway Sync version 12.16.9 (HKLM-x32\...\Allway Sync_is1) (Version:  - Botkind Inc)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1105 - Alps Electric)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{11F38253-8940-FFDA-D131-B14120C357E4}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avi2Dvd 0.6.4 (HKLM-x32\...\Avi2Dvd) (Version: 0.6.4 - TrustFm)
Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Backup Manager Basic (x32 Version: 2.0.0.29 - NewTech Infosystems) Hidden
BatteryCare 0.9.10.0 (HKLM-x32\...\{C6A6036D-FBD0-4324-BEAA-C0845257160C}_is1) (Version: 0.9.10.0 - Filipe Lourenço)
BitTorrent (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\BitTorrent) (Version: 7.9.2.31638 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Booster-Web (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Booster-Web) (Version: 4 - ${CompanyName})
Broadcom Gigabit NetLink Controller (HKLM\...\{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}) (Version: 12.33.03 - Broadcom Corporation)
Canon MP160 Benutzerregistrierung (HKLM-x32\...\Canon MP160 Benutzerregistrierung) (Version:  - )
ccc-core-static (x32 Version: 2009.1209.2335.42329 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP)
Chandler 1.0.3 (HKLM-x32\...\Chandler) (Version: 1.0.3 - Open Source Applications Foundation)
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)
CoreAAC Audio Decoder (remove only) (HKLM-x32\...\CoreAAC Audio Decoder) (Version:  - )
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
EinsteinBrainTrainer (remove only) (HKLM-x32\...\EinsteinBrainTrainer) (Version:  - )
Ekahau HeatMapper (HKLM\...\Heatmapper-1.1.4.39795) (Version: 1.1.4.39795 - Ekahau Inc.)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
ffdshow [rev 3299] [2010-03-03] (HKLM-x32\...\ffdshow_is1) (Version: 1.0.0.3299 - )
Fiat eco:Drive (HKLM-x32\...\com.fiat.convergence.385E4263E7379A5D22A7076E99B02868EFF10711.1) (Version: 2.0.2 - Fiat Group Automobiles)
Fiat eco:Drive (x32 Version: 2.0.2 - Fiat Group Automobiles) Hidden
First Class Flurry (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}) (Version:  - Oberon Media)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.105.325 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.3.321 - Foxit Corporation)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free DVD Video Burner version 3.0.4.426 (HKLM-x32\...\Free DVD Video Burner_is1) (Version:  - DVDVideoSoft Limited.)
Free System Utilities (HKLM-x32\...\{ad2818b3-1616-4ec8-855d-be6936103e5a}) (Version: 1.1.0.70 - Covus Freemium GmbH)
Free SystemUtilities (x32 Version: 1.1.0.70 - Covus Freemium GmbH) Hidden
Free YouTube Download version 3.1.37.918 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.37.918 - DVDVideoSoft Ltd.)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0_RC_10 - )
FRITZ!Box-Fernzugang einrichten (HKLM-x32\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
FrostWire 5.3.5 (HKLM-x32\...\FrostWire 5) (Version: 5.3.5.0 - FrostWire Team)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photosmart 5520 series - Grundlegende Software für das Gerät (HKLM\...\{4F396B08-301D-4E53-A372-95A7E93ABD04}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.007 - HTC Corporation)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Join Air (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - ZTE Corporation)
Kassenbuch (HKLM-x32\...\{29531C6B-7B64-4C53-B54A-6C8AB5DE2159}) (Version: 1.0.0 - Office Consult GmbH)
K-Lite Codec Pack 9.2.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.2.0 - )
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.05 - Acer Inc.)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MediaHuman YouTube to MP3 Converter Version 3.3 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.3 - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 (KB971118) (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971118)) (Version:  - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 Language Pack - DEU (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 Language Pack - DEU) (Version:  - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1242904208-471078349-2963378918-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\SkyDriveSetup.exe) (Version: 16.4.6010.0727 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MPC-HC 1.7.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.0.1 - Vitalwerks Internet Solutions LLC)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6623 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6623 - NewTech Infosystems) Hidden
O&O Defrag Free Edition (HKLM\...\{C10CAF82-9D36-4D9A-9DC0-C4549F06B519}) (Version: 14.1.431 - O&O Software GmbH)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF24 Creator 6.8.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
pomodairo (HKLM-x32\...\{EEBEA077-AB92-5083-ECB1-C15BD842D00B}) (Version: 1.9 - UNKNOWN)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Random Dresser (HKLM-x32\...\RandomDresser) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
RescueTime 2.2.1 (HKLM-x32\...\{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1) (Version:  - RescueTime.com)
Restorer2000 3.3 (HKLM-x32\...\Restorer2000_is1) (Version: 3.3 - Bitmart Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shutdown Manager (HKLM-x32\...\{C457BA5F-35F9-480C-90F8-5C91DB443A15}_is1) (Version: 2.0.7 - Daniel Höllig)
SimpleScreenshot 1.40 (HKLM-x32\...\SimpleScreenshot) (Version:  - )
SiSoftware Sandra Lite 2014.SP2a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 20.35.2014.6 - SiSoftware)
SIW version 2011.10.29 (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.10.29 - Topala Software Solutions)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Steganos Safe 14 (HKLM-x32\...\{13B7FBFB-622E-4002-8570-594798E6167D}) (Version: 14.2.2 - Steganos Software GmbH)
Steuer-Spar-Erklärung 2008 (HKLM-x32\...\{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}) (Version: 13.02.0000 - Akademische Arbeitsgemeinschaft)
Steuer-Spar-Erklärung 2009 (HKLM-x32\...\{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}) (Version: 14.01.0000 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2010 (HKLM-x32\...\{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}) (Version: 15.15 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2011 (HKLM-x32\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.18 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.14 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.12.92 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.25.123 - Akademische Arbeitsgemeinschaft)
Streamripper (Remove only) (HKLM-x32\...\Streamripper) (Version:  - )
Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten (HKLM\...\{CAD7B6DD-9C82-4D17-BAE8-3E9AE4971B90}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
Time Stamp (HKLM-x32\...\Time Stamp_is1) (Version:  - 3.23.2010-0313)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.0.0 - TP-LINK)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
Tunatic (HKLM-x32\...\Tunatic) (Version:  - )
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinPatrol (HKLM\...\{6E575124-6D34-4E65-9375-7D69468A6089}) (Version: 30.9 - BillP Studios)
WinRAR 5.10 Beta 4 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Zuzahlungsrechner (HKLM-x32\...\{B2C69E77-F209-4B63-8676-4F32B27E162B}) (Version: 3.6.0 - sfr-software-fuers-heim)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1242904208-471078349-2963378918-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\XXXX XXXX\AppData\Roaming\moters\supna.dll No File <==== ATTENTION

==================== Restore Points  =========================

05-02-2015 20:37:27 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-02-01 08:39 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0CAEEB6B-A216-4E04-9EA6-AC310639FD8D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {23CEA58C-8E99-49B6-96E0-E0033F148659} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {26DA7882-781D-4FC9-B1A5-5F5B1F7227FE} - System32\Tasks\{6A246FB0-E753-4188-9543-22389AB30F4E} => pcalua.exe -a "C:\Users\XXXX XXXX\Downloads\Chandler_win_1.0.3.exe" -d "C:\Users\XXXX XXXX\Downloads"
Task: {38C51694-B081-4739-8E17-069D4A49D4D4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {47C46238-A6C4-4C4B-BE85-E6E1425608CB} - System32\Tasks\{144D2C4F-2583-452B-AC74-C64839CF03CC} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller" -c -hunter
Task: {5A42985A-DC32-4FE1-8210-CA09F67316FC} - System32\Tasks\HPCustPartic.exe_{96420065-3C4E-4B3E-96DB-DB0760F51DDD} => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {5B5D6CC7-9FA7-4441-9A09-8A3C4EA669FD} - System32\Tasks\{9B880EC1-DC3B-45D7-A7BB-4E131A7A884F} => pcalua.exe -a "C:\Users\XXXX XXXX\Downloads\esetsmartinstaller_enu.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {5E1E681C-C0F1-4E87-8C95-38A011634E9C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {658A7160-D5FE-40D6-8358-5AC71CDD5600} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Arbeitscomputer-XXXX XXXX Arbeitscomputer => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: {739C86AB-D488-4894-A94A-E1C873D935C4} - System32\Tasks\{239C0599-E784-4910-B228-5D5AB8D346A6} => pcalua.exe -a "C:\Users\XXXX XXXX\Downloads\HiJackThis204.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {792B72B2-C51B-4379-B2AA-007529DB50F0} - System32\Tasks\{8D77E667-A31C-4EB4-B209-1E559B732CBC} => pcalua.exe -a "C:\Program Files (x86)\Canon\IJEREG\MP160\UNINST.EXE"
Task: {7AEAE564-35D2-434E-8BC2-12BF5BC672DE} - System32\Tasks\HPCustParticipation HP Deskjet 3070 B611 series => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {7EED0456-B087-4708-8496-6474B917CECB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {92533B9B-37E7-4E54-B7DE-F8B0B255CFEE} - System32\Tasks\{4781B96F-C3F4-45CF-AB6F-C64C9AD3E88D} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{319D91C6-3D44-436C-9F79-36C0D22372DC}\setup.exe" -d "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK" -c -runfromtemp -removeonly
Task: {9C395D30-C0E5-4B3A-A232-E38DA71A3827} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A1D835EF-9220-45A2-811E-2CA5B38166BF} - System32\Tasks\hpUrlLauncher.exe_{4AF7A75F-FDE8-41B8-80D9-5C3EBC32D019} => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\utils\hpUrlLauncher.exe
Task: {B7A342C6-6ABF-492E-9250-2C92CB583846} - System32\Tasks\{A2A68590-5CAE-4C98-8B98-D18CC5E4C073} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{3DB0448D-AD82-4923-B305-D001E521A964}\setup.exe" -c -runfromtemp -l0x407 -removeonly
Task: {BBBF9E37-C1CD-4CF0-A783-CE021D6D2928} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {CE5325CF-BB63-4751-AB56-BD427BEAA0D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-31] (Adobe Systems Incorporated)
Task: {E36CA599-B047-467B-99AF-5E380AFECE05} - System32\Tasks\{AC797CD7-B058-4AC8-84B2-B2307D6AFF9B} => C:\Program Files (x86)\Chandler1.0.3\chandler.exe
Task: {E85DBE85-E344-4E48-A05A-ACF97445121F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {F30712C0-5F79-4616-BFEE-8D27E1822469} - System32\Tasks\{581487AC-8AAF-40E1-A997-6B8519F0C5EC} => C:\Program Files (x86)\Chandler1.0.3\chandler.exe
Task: {FC0397BA-8222-41E7-836D-453BA55E74DB} - System32\Tasks\{2E665153-C229-4C02-9699-2F4EF08B1807} => pcalua.exe -a C:\Users\DANIEL~1\AppData\Local\Temp\InstallFlashPlayer.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2007-10-04 14:32 - 2007-10-04 14:32 - 00122880 _____ () C:\Program Files (x86)\Common Files\AAV\aavus.exe
2011-01-13 09:04 - 2011-01-13 09:04 - 00030080 _____ () C:\Windows\snuvcdsm.exe
2011-11-13 22:52 - 2011-11-13 22:51 - 00200704 _____ () C:\Windows\PLFSetI.exe
2009-07-29 13:10 - 2009-07-29 13:10 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-11-13 21:44 - 2011-11-13 21:44 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-12-28 14:38 - 2014-04-22 19:39 - 00645592 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1242904208-471078349-2963378918-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\XXXX XXXX\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1242904208-471078349-2963378918-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1242904208-471078349-2963378918-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Versuch\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BotkindSyncService => 2
MSCONFIG\Services: FoxitCloudUpdateService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NoIPDUCService4 => 2
MSCONFIG\Services: NTI IScheduleSvc => 2
MSCONFIG\Services: NTIBackupSvc => 3
MSCONFIG\Services: NTISchedulerSvc => 2
MSCONFIG\Services: OODefragAgent => 2
MSCONFIG\Services: PassThru Service => 2
MSCONFIG\Services: PDF Architect Helper Service => 2
MSCONFIG\Services: PDF Architect Service => 2
MSCONFIG\Services: SandraAgentSrv => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\Services: TomTomHOMEService => 2
MSCONFIG\Services: Updater Service => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart

==================== Accounts: =============================

Administrator (S-1-5-21-1242904208-471078349-2963378918-500 - Administrator - Disabled)
XXXX XXXX (S-1-5-21-1242904208-471078349-2963378918-1000 - Administrator - Enabled) => C:\Users\XXXX XXXX
XXXX (S-1-5-21-1242904208-471078349-2963378918-1003 - Limited - Enabled) => C:\Users\XXXX
Gast (S-1-5-21-1242904208-471078349-2963378918-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1242904208-471078349-2963378918-1002 - Limited - Enabled)
Versuch (S-1-5-21-1242904208-471078349-2963378918-1004 - Administrator - Enabled) => C:\Users\Versuch

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/06/2015 05:20:26 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/06/2015 01:48:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/06/2015 01:48:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/06/2015 01:48:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/06/2015 01:48:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/05/2015 09:40:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/05/2015 09:40:19 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/01/2015 09:09:18 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
  bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
  bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (01/31/2015 05:20:22 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
  bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
  bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)


System errors:
=============
Error: (02/05/2015 09:34:00 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070420

Error: (02/01/2015 09:17:29 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (02/01/2015 08:40:11 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (02/01/2015 08:39:59 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (02/01/2015 08:39:15 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (02/01/2015 08:39:14 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (02/01/2015 08:35:41 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (02/01/2015 08:02:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SPDRIVER_1361.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (01/31/2015 11:28:38 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (01/31/2015 11:28:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.


Microsoft Office Sessions:
=========================
Error: (02/06/2015 05:20:26 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (02/06/2015 01:48:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe

Error: (02/06/2015 01:48:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe

Error: (02/06/2015 01:48:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe

Error: (02/06/2015 01:48:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe

Error: (02/05/2015 09:40:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\XXXX XXXX\Downloads\esetsmartinstaller_deu.exe

Error: (02/05/2015 09:40:19 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\XXXX XXXX\Downloads\esetsmartinstaller_deu.exe

Error: (02/01/2015 09:09:18 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
  bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
  bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (01/31/2015 05:20:22 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
  bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
  bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)


CodeIntegrity Errors:
===================================
  Date: 2015-02-01 08:39:15.425
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-01 08:39:15.175
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-01 08:39:14.941
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-01 08:39:14.692
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.971
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.769
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.550
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.332
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:01.069
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\DANIEL~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:00.711
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\DANIEL~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 42%
Total physical RAM: 3956.5 MB
Available physical RAM: 2271.94 MB
Total Pagefile: 7911.18 MB
Available Pagefile: 5844.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:290.05 GB) (Free:110.74 GB) NTFS
Drive d: (DATA) (Fixed) (Total:290.4 GB) (Free:285.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 6D48B855)
Partition 1: (Not Active) - (Size=15.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=290.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=290.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Soll ich die Einträge, die ESET endeckt hat, löschen?
Zumindest die meisten davon, weil einige empfinde ich selber als nicht gefährlich.
Und ich weiss auch, dass ESET sehr "empfindlich" reagiert.

Bootsektor 07.02.2015 23:30
Hallo,

Wie schauts denn hiernach aus?
Zitat:
Soll ich die Einträge, die ESET endeckt hat, löschen?
Nein, wir löschen die grad.
Du musst für diesen Fix vorübergehend Avira deaktivieren.

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
FF Extension: Zoom It - C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{1b4f9242-444a-5952-286c-6b1886ee5374} [2015-02-05]
C:\$RECYCLE.BIN\S-1-5-21-1242904208-471078349-2963378918-1000\$R7TUY4P.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe
C:\Users\XXXXX XXXXX\Desktop\aufräumen, was geht\Ordner\Neuer Ordner (3)\Neuer Ordner1\alte Dateien\Tresor alter Computer\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll
C:\Users\XXXXX XXXXX\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_neueDateien\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-203.dll
C:\Users\XXXXX XXXXX\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_neueDateien\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll
C:\Users\XXXXX XXXXX\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_Sicherung_2\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-203.dll
C:\Users\XXXXX XXXXX\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_Sicherung_2\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll
C:\Users\XXXXX XXXXX\Downloads\PDFCreator-1_7_3_setup(1).exe
C:\Users\XXXXX XXXXX\Downloads\PDFCreator-1_7_3_setup.exe
C:\Users\XXXXX\Downloads\cbsidlm-tr1_13-Free_Audio_Cutter-ORG-75444480.exe
C:\$RECYCLE.BIN\S-1-5-21-1242904208-471078349-2963378918-1000\$RIJ9WQK.exe
C:\Users\XXXXX XXXXX\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Neuer Ordner (3)\Neuer Ordner1\alte Dateien\Tresor alter Computer\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll
C:\Users\XXXXX XXXXX\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\USB Stick\usb\Neuer Ordner\Dance\The Prodigy - One Love.mp3
C:\Program Files\Common Files\System\SysMenu64.dll
C:\Users\XXXXX XXXXX\AppData\Local\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\cache2\entries\96D59457AFA822A33B5B5ED391A55E16768E6472
C:\Users\XXXXX XXXXX\AppData\Local\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\cache2\entries\BB425C587980B0FCFA063FF796BB36E3D76613A4
C:\Users\XXXXX XXXXX\AppData\Roaming\Booster-Web\jid1-U7omKQ6kQfxMaQ@jetpack.zip
C:\Users\XXXXX XXXXX\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
C:\Windows\System32\ColorMedia.dll
C:\Windows\SysWOW64\ColorMedia.dll

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Schritt 2
Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

magigstar 08.02.2015 10:02
Ok, scheint nicht alles so geklappt zu haben, wie wir es möchten.

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-02-2015
Ran by XXXX YYYY at 2015-02-08 09:34:01 Run:3
Running from C:\Users\XXXX YYYY\Desktop
Loaded Profiles: XXXX YYYY (Available profiles: XXXX YYYY & ZZZZ & Versuch)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
FF Extension: Zoom It - C:\Users\XXXX YYYY\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{1b4f9242-444a-5952-286c-6b1886ee5374} [2015-02-05]
C:\$RECYCLE.BIN\S-1-5-21-1242904208-471078349-2963378918-1000\$R7TUY4P.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe
C:\Users\XXXXX YYYY\Desktop\aufräumen, was geht\Ordner\Neuer Ordner (3)\Neuer Ordner1\alte Dateien\Tresor alter Computer\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll
C:\Users\XXXXX YYYY\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_neueDateien\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-203.dll
C:\Users\XXXXX YYYY\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_neueDateien\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll
C:\Users\XXXXX YYYY\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_Sicherung_2\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-203.dll
C:\Users\XXXXX YYYY\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_Sicherung_2\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll
C:\Users\XXXXX YYYY\Downloads\PDFCreator-1_7_3_setup(1).exe
C:\Users\XXXXX YYYY\Downloads\PDFCreator-1_7_3_setup.exe
C:\Users\XXXXX\Downloads\cbsidlm-tr1_13-Free_Audio_Cutter-ORG-75444480.exe
C:\$RECYCLE.BIN\S-1-5-21-1242904208-471078349-2963378918-1000\$RIJ9WQK.exe
C:\Users\XXXXX XXXXX\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Neuer Ordner (3)\Neuer Ordner1\alte Dateien\Tresor alter Computer\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll
C:\Users\XXXXX XXXXX\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\USB Stick\usb\Neuer Ordner\Dance\The Prodigy - One Love.mp3
C:\Program Files\Common Files\System\SysMenu64.dll
C:\Users\XXXXX YYYY\AppData\Local\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\cache2\entries\96D59457AFA822A33B5B5ED391A55E16768E6472
C:\Users\XXXXX YYYY\AppData\Local\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\cache2\entries\BB425C587980B0FCFA063FF796BB36E3D76613A4
C:\Users\XXXXX YYYY\AppData\Roaming\Booster-Web\jid1-U7omKQ6kQfxMaQ@jetpack.zip
C:\Users\XXXXX YYYY\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
C:\Windows\System32\ColorMedia.dll
C:\Windows\SysWOW64\ColorMedia.dll
       
*****************

C:\Users\XXXX YYYY\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{1b4f9242-444a-5952-286c-6b1886ee5374} not found.
"C:\$RECYCLE.BIN\S-1-5-21-1242904208-471078349-2963378918-1000\$R7TUY4P.exe" => File/Directory not found.
Could not move "C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe" => Scheduled to move on reboot.
"C:\Users\XXXXX YYYY\Desktop\aufräumen, was geht\Ordner\Neuer Ordner (3)\Neuer Ordner1\alte Dateien\Tresor alter Computer\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll" => File/Directory not found.
"C:\Users\XXXXX YYYY\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_neueDateien\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-203.dll" => File/Directory not found.
"C:\Users\XXXXX YYYY\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_neueDateien\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll" => File/Directory not found.
"C:\Users\XXXXX YYYY\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_Sicherung_2\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-203.dll" => File/Directory not found.
"C:\Users\XXXXX YYYY\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_Sicherung_2\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll" => File/Directory not found.
"C:\Users\XXXXX YYYY\Downloads\PDFCreator-1_7_3_setup(1).exe" => File/Directory not found.
"C:\Users\XXXXX YYYY\Downloads\PDFCreator-1_7_3_setup.exe" => File/Directory not found.
"C:\Users\XXXXX\Downloads\cbsidlm-tr1_13-Free_Audio_Cutter-ORG-75444480.exe" => File/Directory not found.
"C:\$RECYCLE.BIN\S-1-5-21-1242904208-471078349-2963378918-1000\$RIJ9WQK.exe" => File/Directory not found.
"C:\Users\XXXXX XXXXX\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Neuer Ordner (3)\Neuer Ordner1\alte Dateien\Tresor alter Computer\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll" => File/Directory not found.
"C:\Users\XXXXX XXXXX\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\USB Stick\usb\Neuer Ordner\Dance\The Prodigy - One Love.mp3" => File/Directory not found.
C:\Program Files\Common Files\System\SysMenu64.dll => Moved successfully.
"C:\Users\XXXXX YYYY\AppData\Local\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\cache2\entries\96D59457AFA822A33B5B5ED391A55E16768E6472" => File/Directory not found.
"C:\Users\XXXXX YYYY\AppData\Local\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\cache2\entries\BB425C587980B0FCFA063FF796BB36E3D76613A4" => File/Directory not found.
"C:\Users\XXXXX YYYY\AppData\Roaming\Booster-Web\jid1-U7omKQ6kQfxMaQ@jetpack.zip" => File/Directory not found.
"C:\Users\XXXXX YYYY\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe" => File/Directory not found.
"C:\Windows\System32\ColorMedia.dll" => File/Directory not found.
C:\Windows\SysWOW64\ColorMedia.dll => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-02-08 09:36:23)<=

"C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe" => File could not move.

==== End of Fixlog 09:36:23 ====
Ok,
beim zweiten Versuch wurden die, welche schon erfoglreich gelöscht worden sind, erneut gelöscht.
Dennoch gibt es einige, die immer noch nicht gefunden wurden.

Blöde Zwischenfrage: Warum kann man das nicht einfach mit ESET machen.


Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-02-2015
Ran by XXXX YYYY at 2015-02-08 09:43:47 Run:4
Running from C:\Users\XXXX YYYY\Desktop
Loaded Profiles: XXXX YYYY (Available profiles: XXXX YYYY & ZZZZ & Versuch)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
FF Extension: Zoom It - C:\Users\XXXX YYYY\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{1b4f9242-444a-5952-286c-6b1886ee5374} [2015-02-05]
C:\$RECYCLE.BIN\S-1-5-21-1242904208-471078349-2963378918-1000\$R7TUY4P.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe
C:\Users\XXXX YYYY\Desktop\aufräumen, was geht\Ordner\Neuer Ordner (3)\Neuer Ordner1\alte Dateien\Tresor alter Computer\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll
C:\Users\XXXX YYYY\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_neueDateien\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-203.dll
C:\Users\XXXX YYYY\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_neueDateien\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll
C:\Users\XXXX YYYY\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_Sicherung_2\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-203.dll
C:\Users\XXXX YYYY\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_Sicherung_2\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll
C:\Users\XXXX YYYY\Downloads\PDFCreator-1_7_3_setup(1).exe
C:\Users\XXXX YYYY\Downloads\PDFCreator-1_7_3_setup.exe
C:\Users\ZZZZ\Downloads\cbsidlm-tr1_13-Free_Audio_Cutter-ORG-75444480.exe
C:\$RECYCLE.BIN\S-1-5-21-1242904208-471078349-2963378918-1000\$RIJ9WQK.exe
C:\Users\XXXX YYYY\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Neuer Ordner (3)\Neuer Ordner1\alte Dateien\Tresor alter Computer\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll
C:\Users\XXXX YYYY\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\USB Stick\usb\Neuer Ordner\Dance\The Prodigy - One Love.mp3
C:\Program Files\Common Files\System\SysMenu64.dll
C:\Users\XXXX YYYY\AppData\Local\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\cache2\entries\96D59457AFA822A33B5B5ED391A55E16768E6472
C:\Users\XXXX YYYY\AppData\Local\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\cache2\entries\BB425C587980B0FCFA063FF796BB36E3D76613A4
C:\Users\XXXX YYYY\AppData\Roaming\Booster-Web\jid1-U7omKQ6kQfxMaQ@jetpack.zip
C:\Users\XXXX YYYY\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
C:\Windows\System32\ColorMedia.dll
C:\Windows\SysWOW64\ColorMedia.dll
       
*****************

C:\Users\XXXX YYYY\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{1b4f9242-444a-5952-286c-6b1886ee5374} not found.
"C:\$RECYCLE.BIN\S-1-5-21-1242904208-471078349-2963378918-1000\$R7TUY4P.exe" => File/Directory not found.
C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe => Moved successfully.
"C:\Users\XXXX YYYY\Desktop\aufräumen, was geht\Ordner\Neuer Ordner (3)\Neuer Ordner1\alte Dateien\Tresor alter Computer\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll" => File/Directory not found.
C:\Users\XXXX YYYY\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_neueDateien\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-203.dll => Moved successfully.
C:\Users\XXXX YYYY\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_neueDateien\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll => Moved successfully.
C:\Users\XXXX YYYY\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_Sicherung_2\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-203.dll => Moved successfully.
C:\Users\XXXX YYYY\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_Sicherung_2\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll => Moved successfully.
"C:\Users\XXXX YYYY\Downloads\PDFCreator-1_7_3_setup(1).exe" => File/Directory not found.
"C:\Users\XXXX YYYY\Downloads\PDFCreator-1_7_3_setup.exe" => File/Directory not found.
C:\Users\ZZZZ\Downloads\cbsidlm-tr1_13-Free_Audio_Cutter-ORG-75444480.exe => Moved successfully.
"C:\$RECYCLE.BIN\S-1-5-21-1242904208-471078349-2963378918-1000\$RIJ9WQK.exe" => File/Directory not found.
C:\Users\XXXX YYYY\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Neuer Ordner (3)\Neuer Ordner1\alte Dateien\Tresor alter Computer\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll => Moved successfully.
C:\Users\XXXX YYYY\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\USB Stick\usb\Neuer Ordner\Dance\The Prodigy - One Love.mp3 => Moved successfully.
"C:\Program Files\Common Files\System\SysMenu64.dll" => File/Directory not found.
"C:\Users\XXXX YYYY\AppData\Local\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\cache2\entries\96D59457AFA822A33B5B5ED391A55E16768E6472" => File/Directory not found.
C:\Users\XXXX YYYY\AppData\Local\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\cache2\entries\BB425C587980B0FCFA063FF796BB36E3D76613A4 => Moved successfully.
C:\Users\XXXX YYYY\AppData\Roaming\Booster-Web\jid1-U7omKQ6kQfxMaQ@jetpack.zip => Moved successfully.
C:\Users\XXXX YYYY\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe => Moved successfully.
"C:\Windows\System32\ColorMedia.dll" => File/Directory not found.
"C:\Windows\SysWOW64\ColorMedia.dll" => File/Directory not found.

==== End of Fixlog 09:43:48 ====

Echt seltsam...
weil die Dateien sind ja da...

FRST Report:


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015
Ran by XXXX YYYY (administrator) on ARBEITSCOMPUTER on 08-02-2015 09:50:37
Running from C:\Users\XXXX YYYY\Desktop
Loaded Profiles: XXXX YYYY (Available profiles: XXXX YYYY & ZZZZ & Versuch)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Common Files\AAV\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
() C:\Windows\snuvcdsm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\PLFSetI.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(RescueTime, Inc.) C:\Program Files (x86)\RescueTime\RescueTime.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
Failed to access process -> firefox.exe
Failed to access process -> plugin-container.exe
Failed to access process -> FlashPlayerPlugin_16_0_0_296.exe
Failed to access process -> FlashPlayerPlugin_16_0_0_296.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SNUVCDSM] => C:\Windows\snuvcdsm.exe [30080 2011-01-13] ()
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-29] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetL] => C:\Windows\PLFSetL.exe [99712 2011-01-13] (Sonix Technology Co., Ltd.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2011-11-13] ()
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-11] (Egis Technology Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-07-22] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-02] (Dritek System Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-23] (BillP Studios)
Startup: C:\Users\XXXX YYYY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk
ShortcutTarget: RescueTime.lnk -> C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1242904208-471078349-2963378918-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: unissales -> {7e0aaab3-ba7d-4a2d-b1e6-4289ce4d1b1e} -> C:\Program Files (x86)\unissales\9vFbOLvEX4RE1d.x64.dll No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\XXXX YYYY\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: Zoom It - C:\Users\XXXX YYYY\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{83426100-55b5-596b-9845-359f8d903424} [2015-02-07]
FF Extension: LeechBlock - C:\Users\XXXX YYYY\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2014-12-07]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7F3C43B3-690F-4276-959F-1C74A797CA2A&SearchSource=55&CUI=&UM=8&UP=SP9050A32E-D786-4A42-9E49-5663C4588ECE&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7F3C43B3-690F-4276-959F-1C74A797CA2A&SearchSource=55&CUI=&UM=8&UP=SP9050A32E-D786-4A42-9E49-5663C4588ECE&SSPV="
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\XXXX YYYY\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (Google Präsentationen) - C:\Users\XXXX YYYY\AppData\Local\Google\Chrome\User Data\default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-01]
CHR Extension: (Google Docs) - C:\Users\XXXX YYYY\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-25]
CHR Extension: (Google Drive) - C:\Users\XXXX YYYY\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\XXXX YYYY\AppData\Local\Google\Chrome\User Data\default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-26]
CHR Extension: (YouTube) - C:\Users\XXXX YYYY\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-25]
CHR Extension: (Google-Suche) - C:\Users\XXXX YYYY\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-25]
CHR Extension: (Google Tabellen) - C:\Users\XXXX YYYY\AppData\Local\Google\Chrome\User Data\default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-01]
CHR Extension: (Avira Browserschutz) - C:\Users\XXXX YYYY\AppData\Local\Google\Chrome\User Data\default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-26]
CHR Extension: (Google Wallet) - C:\Users\XXXX YYYY\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-26]
CHR Extension: (Google Mail) - C:\Users\XXXX YYYY\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-25]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Common Files\AAV\aavus.exe [122880 2007-10-04] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
S4 BotkindSyncService; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [182784 2013-10-10] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S4 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241704 2014-03-25] (Foxit Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-11] (Egis Technology Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 NoIPDUCService4; C:\Program Files (x86)\No-IP\ducservice.exe [11264 2013-01-24] () [File not signed]
S4 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3051848 2011-01-25] (O&O Software GmbH)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] () [File not signed]
S4 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S4 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) [File not signed]
S4 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe [72344 2008-05-19] (SiSoftware) [File not signed]
S4 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [247152 2010-04-27] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 EkaProt6; C:\Windows\System32\DRIVERS\ekaprot6.sys [27288 2012-03-23] (Ekahau Inc.)
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [109144 2014-01-30] (Softwareentwicklung Remus - ArchiCrypt - )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806592 2011-01-13] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 09:50 - 2015-02-08 09:51 - 00020652 _____ () C:\Users\XXXX YYYY\Desktop\FRST.txt
2015-02-05 21:40 - 2015-02-05 21:40 - 02347384 _____ (ESET) C:\Users\XXXX YYYY\Downloads\esetsmartinstaller_deu.exe
2015-02-01 23:11 - 2015-02-01 23:11 - 00000250 _____ () C:\Users\XXXX YYYY\Desktop\YouTube.URL
2015-02-01 23:10 - 2015-02-01 23:10 - 00000244 _____ () C:\Users\XXXX YYYY\Desktop\Zeitmanagement.URL
2015-02-01 21:45 - 2015-02-01 21:45 - 01156136 _____ (Ruiware) C:\Users\XXXX YYYY\Downloads\wpsetup(1).exe
2015-02-01 08:55 - 2015-02-01 08:55 - 00039830 _____ () C:\ComboFix.txt
2015-02-01 01:01 - 2015-02-01 00:56 - 05611408 ____R (Swearware) C:\Users\XXXX YYYY\Desktop\ComboFix.exe
2015-02-01 00:56 - 2015-02-01 00:56 - 05611408 ____R (Swearware) C:\Users\XXXX YYYY\Downloads\ComboFix.exe
2015-02-01 00:46 - 2015-02-01 00:46 - 00000249 _____ () C:\Users\XXXX YYYY\Desktop\Link.URL
2015-01-31 23:47 - 2015-01-31 23:51 - 00002169 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2015.lnk
2015-01-31 20:29 - 2015-01-31 20:29 - 00000269 _____ () C:\Users\XXXX YYYY\Desktop\FREELETICS.URL
2015-01-31 17:50 - 2015-02-08 09:33 - 00000000 ____D () C:\Users\XXXX YYYY\Desktop\FRST-OlderVersion
2015-01-31 17:48 - 2015-01-31 17:48 - 00000337 _____ () C:\Users\XXXX YYYY\Desktop\Samsung Tab - kein Speicherplatz - Android-Hilfe.de.URL
2015-01-31 17:00 - 2015-01-31 17:01 - 00001671 _____ () C:\Users\XXXX YYYY\Desktop\JRT.txt
2015-01-31 15:22 - 2015-01-31 15:22 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-31 15:03 - 2015-01-31 15:03 - 02194432 _____ () C:\Users\XXXX YYYY\Desktop\AdwCleaner_4.109.exe
2015-01-31 15:03 - 2015-01-31 15:03 - 01707939 _____ (Thisisu) C:\Users\XXXX YYYY\Desktop\JRT.exe
2015-01-31 11:33 - 2015-01-31 11:33 - 00000000 ____D () C:\Users\XXXX YYYY\Documents\TokensBackup
2015-01-31 10:12 - 2015-02-08 09:33 - 02132992 _____ (Farbar) C:\Users\XXXX YYYY\Desktop\FRST64.exe
2015-01-31 10:10 - 2015-01-31 10:10 - 00001101 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-31 09:43 - 2015-01-31 09:46 - 00000000 ____D () C:\Users\XXXX YYYY\Desktop\Ordnung
2015-01-31 09:35 - 2015-01-31 09:35 - 00000000 ____D () C:\Users\XXXX YYYY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Booster-Web
2015-01-31 09:34 - 2015-02-08 09:43 - 00000000 ____D () C:\Users\XXXX YYYY\AppData\Roaming\Booster-Web
2015-01-31 09:32 - 2015-01-31 09:32 - 00001117 _____ () C:\Users\XXXX YYYY\Desktop\Continue installation .lnk
2015-01-31 09:31 - 2015-01-31 09:31 - 00000000 ____D () C:\ProgramData\SearchModulePlus
2015-01-31 09:06 - 2015-01-31 17:44 - 00000000 ____D () C:\Program Files (x86)\Hearthstone Stream Browser
2015-01-31 09:06 - 2015-01-31 09:06 - 00000000 ____D () C:\Windows\SysWOW64\AMD64
2015-01-31 08:52 - 2014-12-14 10:53 - 00378640 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll
2015-01-30 20:51 - 2015-01-30 20:51 - 00000600 _____ () C:\Users\XXXX YYYY\AppData\Roaming\winscp.rnd
2015-01-30 20:08 - 2015-01-30 20:08 - 00000000 ____D () C:\Users\Versuch\AppData\Roaming\PDF Architect
2015-01-30 20:08 - 2015-01-30 20:08 - 00000000 ____D () C:\Users\Versuch\AppData\Local\IsolatedStorage
2015-01-30 19:16 - 2015-01-30 19:17 - 00000000 ____D () C:\Users\Versuch\AppData\OICE_15_974FA576_32C1D314_2072
2015-01-27 21:08 - 2015-02-08 09:36 - 00005192 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Arbeitscomputer-XXXX YYYY Arbeitscomputer
2015-01-20 06:34 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-20 06:34 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-20 06:34 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-20 06:34 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-20 06:34 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-20 06:34 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-20 06:34 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 08:06 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:06 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:06 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 08:06 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:06 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 08:06 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 05:55 - 2015-01-13 05:55 - 00009429 _____ () C:\Users\XXXX YYYY\AppData\Local\recently-used.xbel

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 09:50 - 2014-08-21 20:10 - 00000000 ____D () C:\FRST
2015-02-08 09:41 - 2011-11-13 21:43 - 01613206 _____ () C:\Windows\WindowsUpdate.log
2015-02-08 09:41 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-08 09:41 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-08 09:35 - 2014-06-18 08:20 - 00028301 _____ () C:\Windows\setupact.log
2015-02-08 09:35 - 2012-09-20 04:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-08 09:35 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-08 09:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-02-08 01:05 - 2012-08-14 18:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-08 00:23 - 2012-09-20 04:21 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-07 21:26 - 2012-03-25 11:40 - 00000000 ____D () C:\Users\XXXX YYYY\Documents\Steuerfälle
2015-02-07 15:18 - 2011-11-13 23:22 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-07 15:18 - 2011-11-13 23:22 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-06 22:51 - 2014-08-07 20:56 - 03035136 ___SH () C:\Users\XXXX YYYY\Desktop\Thumbs.db
2015-02-06 19:17 - 2014-06-20 13:07 - 00113416 _____ () C:\Windows\PFRO.log
2015-02-05 21:35 - 2014-08-05 14:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-05 21:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PLA
2015-02-01 08:55 - 2014-08-24 12:03 - 00000000 ____D () C:\Qoobox
2015-02-01 08:50 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-01 08:40 - 2013-10-13 19:47 - 00000000 ____D () C:\Windows\erdnt
2015-02-01 08:40 - 2009-07-14 03:34 - 24379392 _____ () C:\Windows\system32\config\system.bak
2015-02-01 08:40 - 2009-07-14 03:34 - 113508352 _____ () C:\Windows\system32\config\software.bak
2015-02-01 08:40 - 2009-07-14 03:34 - 05505024 _____ () C:\Windows\system32\config\default.bak
2015-02-01 08:40 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-02-01 08:40 - 2009-07-14 03:34 - 00032768 _____ () C:\Windows\system32\config\security.bak
2015-02-01 08:39 - 2009-11-05 01:49 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-01-31 23:47 - 2012-03-25 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps
2015-01-31 23:47 - 2012-03-25 11:26 - 00000000 ____D () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft
2015-01-31 17:39 - 2013-09-19 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-31 17:39 - 2012-03-11 02:08 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-31 17:19 - 2011-11-14 06:15 - 00000000 ____D () C:\Windows\Lan
2015-01-31 15:22 - 2014-08-05 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-31 15:22 - 2014-08-05 14:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-31 15:08 - 2014-11-16 12:18 - 00001025 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-31 15:08 - 2014-11-16 12:18 - 00001013 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-31 15:08 - 2014-10-25 07:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-31 15:08 - 2014-08-24 18:36 - 00000000 ____D () C:\AdwCleaner
2015-01-31 15:08 - 2011-11-20 15:41 - 00001021 _____ () C:\Users\XXXX YYYY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-31 10:10 - 2014-08-06 10:55 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-31 10:10 - 2013-02-24 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-31 10:09 - 2013-02-24 19:39 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-31 07:56 - 2014-08-15 15:44 - 00000000 ____D () C:\Users\XXXX YYYY\AppData\Local\Adobe
2015-01-31 07:56 - 2012-04-02 19:28 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-31 07:56 - 2012-04-02 19:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-31 07:56 - 2011-11-15 21:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-30 19:03 - 2014-09-10 06:10 - 00000000 ____D () C:\Users\Versuch\AppData\Roaming\SimpleScreenshot
2015-01-27 20:12 - 2014-11-10 20:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 06:18 - 2014-11-16 12:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 07:21 - 2012-06-10 14:07 - 00000000 ____D () C:\Users\XXXX YYYY\Documents\Bewerbungen
2015-01-25 17:19 - 2011-11-14 06:34 - 00702664 _____ () C:\Windows\system32\perfh007.dat
2015-01-25 17:19 - 2011-11-14 06:34 - 00151424 _____ () C:\Windows\system32\perfc007.dat
2015-01-25 17:19 - 2009-07-14 06:13 - 01629998 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-23 21:11 - 2013-11-02 09:43 - 00000000 ____D () C:\Users\XXXX YYYY\AppData\Roaming\Skype
2015-01-20 14:50 - 2014-09-10 06:09 - 00000000 ____D () C:\Users\Versuch
2015-01-20 14:50 - 2013-05-22 21:33 - 00000000 ____D () C:\Users\XXXX YYYY\AppData\Local\RescueTime.com
2015-01-20 14:50 - 2012-03-30 17:57 - 00000000 ____D () C:\Users\ZZZZ
2015-01-20 14:50 - 2011-12-01 21:23 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-01-20 14:50 - 2011-11-20 16:01 - 00000000 ____D () C:\Users\XXXX YYYY\AppData\Roaming\SimpleScreenshot
2015-01-20 14:50 - 2009-11-05 01:26 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-20 14:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-20 06:21 - 2011-11-13 22:46 - 00000000 ____D () C:\Users\XXXX YYYY
2015-01-18 20:07 - 2012-04-07 11:49 - 00000000 ____D () C:\Users\XXXX YYYY\Documents\Finanzen
2015-01-15 18:59 - 2013-07-13 08:36 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 18:46 - 2011-11-18 19:58 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 05:55 - 2014-06-15 19:34 - 00000000 ____D () C:\Users\XXXX YYYY\AppData\Local\gtk-2.0
2015-01-13 05:55 - 2012-08-29 10:11 - 00000000 ____D () C:\Users\XXXX YYYY\.gimp-2.8

==================== Files in the root of some directories =======

2014-06-28 07:10 - 2014-07-23 21:30 - 14159872 _____ () C:\Users\XXXX YYYY\AppData\Roaming\Sandra.mdb
2015-01-30 20:51 - 2015-01-30 20:51 - 0000600 _____ () C:\Users\XXXX YYYY\AppData\Roaming\winscp.rnd
2012-04-20 18:28 - 2014-07-07 01:20 - 0006656 _____ () C:\Users\XXXX YYYY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-22 21:07 - 2014-09-22 21:07 - 0001482 _____ () C:\Users\XXXX YYYY\AppData\Local\RecConfig.xml
2015-01-13 05:55 - 2015-01-13 05:55 - 0009429 _____ () C:\Users\XXXX YYYY\AppData\Local\recently-used.xbel
2013-08-12 21:15 - 2013-08-12 21:15 - 0007603 _____ () C:\Users\XXXX YYYY\AppData\Local\Resmon.ResmonCfg
2012-03-31 10:26 - 2012-03-31 10:26 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-11-13 22:53 - 2011-11-13 22:57 - 0008282 _____ () C:\ProgramData\ArcadeDeluxe3.log
2014-09-22 19:19 - 2014-10-06 19:45 - 0008737 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\XXXX YYYY\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-06 01:48

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Additon Report:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-02-2015
Ran by DDDD CCCCC at 2015-02-08 09:52:41
Running from C:\Users\DDDD CCCCC\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.7112 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.0.7112 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.29 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.124.1120 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.124.1120 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3004 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.2009.1217 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3000 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.103 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}) (Version: 1.4.17.35005 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.4.17.35005 - Alcor Micro Corp.) Hidden
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
Alle meine Passworte 4.13 (HKLM\...\AllemeinePassworte) (Version:  - Mirko Böer)
Allway Sync version 12.16.9 (HKLM-x32\...\Allway Sync_is1) (Version:  - Botkind Inc)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1105 - Alps Electric)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{11F38253-8940-FFDA-D131-B14120C357E4}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avi2Dvd 0.6.4 (HKLM-x32\...\Avi2Dvd) (Version: 0.6.4 - TrustFm)
Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Backup Manager Basic (x32 Version: 2.0.0.29 - NewTech Infosystems) Hidden
BatteryCare 0.9.10.0 (HKLM-x32\...\{C6A6036D-FBD0-4324-BEAA-C0845257160C}_is1) (Version: 0.9.10.0 - Filipe Lourenço)
BitTorrent (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\BitTorrent) (Version: 7.9.2.31638 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Booster-Web (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Booster-Web) (Version: 4 - ${CompanyName})
Broadcom Gigabit NetLink Controller (HKLM\...\{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}) (Version: 12.33.03 - Broadcom Corporation)
Canon MP160 Benutzerregistrierung (HKLM-x32\...\Canon MP160 Benutzerregistrierung) (Version:  - )
ccc-core-static (x32 Version: 2009.1209.2335.42329 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP)
Chandler 1.0.3 (HKLM-x32\...\Chandler) (Version: 1.0.3 - Open Source Applications Foundation)
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)
CoreAAC Audio Decoder (remove only) (HKLM-x32\...\CoreAAC Audio Decoder) (Version:  - )
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
EinsteinBrainTrainer (remove only) (HKLM-x32\...\EinsteinBrainTrainer) (Version:  - )
Ekahau HeatMapper (HKLM\...\Heatmapper-1.1.4.39795) (Version: 1.1.4.39795 - Ekahau Inc.)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
ffdshow [rev 3299] [2010-03-03] (HKLM-x32\...\ffdshow_is1) (Version: 1.0.0.3299 - )
Fiat eco:Drive (HKLM-x32\...\com.fiat.convergence.385E4263E7379A5D22A7076E99B02868EFF10711.1) (Version: 2.0.2 - Fiat Group Automobiles)
Fiat eco:Drive (x32 Version: 2.0.2 - Fiat Group Automobiles) Hidden
First Class Flurry (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}) (Version:  - Oberon Media)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.105.325 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.3.321 - Foxit Corporation)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free DVD Video Burner version 3.0.4.426 (HKLM-x32\...\Free DVD Video Burner_is1) (Version:  - DVDVideoSoft Limited.)
Free System Utilities (HKLM-x32\...\{ad2818b3-1616-4ec8-855d-be6936103e5a}) (Version: 1.1.0.70 - Covus Freemium GmbH)
Free SystemUtilities (x32 Version: 1.1.0.70 - Covus Freemium GmbH) Hidden
Free YouTube Download version 3.1.37.918 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.37.918 - DVDVideoSoft Ltd.)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0_RC_10 - )
FRITZ!Box-Fernzugang einrichten (HKLM-x32\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
FrostWire 5.3.5 (HKLM-x32\...\FrostWire 5) (Version: 5.3.5.0 - FrostWire Team)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photosmart 5520 series - Grundlegende Software für das Gerät (HKLM\...\{4F396B08-301D-4E53-A372-95A7E93ABD04}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.007 - HTC Corporation)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Join Air (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - ZTE Corporation)
Kassenbuch (HKLM-x32\...\{29531C6B-7B64-4C53-B54A-6C8AB5DE2159}) (Version: 1.0.0 - Office Consult GmbH)
K-Lite Codec Pack 9.2.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.2.0 - )
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.05 - Acer Inc.)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MediaHuman YouTube to MP3 Converter Version 3.3 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.3 - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 (KB971118) (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971118)) (Version:  - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 Language Pack - DEU (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 Language Pack - DEU) (Version:  - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MPC-HC 1.7.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.0.1 - Vitalwerks Internet Solutions LLC)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6623 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6623 - NewTech Infosystems) Hidden
O&O Defrag Free Edition (HKLM\...\{C10CAF82-9D36-4D9A-9DC0-C4549F06B519}) (Version: 14.1.431 - O&O Software GmbH)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF24 Creator 6.8.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
pomodairo (HKLM-x32\...\{EEBEA077-AB92-5083-ECB1-C15BD842D00B}) (Version: 1.9 - UNKNOWN)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Random Dresser (HKLM-x32\...\RandomDresser) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
RescueTime 2.2.1 (HKLM-x32\...\{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1) (Version:  - RescueTime.com)
Restorer2000 3.3 (HKLM-x32\...\Restorer2000_is1) (Version: 3.3 - Bitmart Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shutdown Manager (HKLM-x32\...\{C457BA5F-35F9-480C-90F8-5C91DB443A15}_is1) (Version: 2.0.7 - Daniel Höllig)
SimpleScreenshot 1.40 (HKLM-x32\...\SimpleScreenshot) (Version:  - )
SiSoftware Sandra Lite 2014.SP2a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 20.35.2014.6 - SiSoftware)
SIW version 2011.10.29 (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.10.29 - Topala Software Solutions)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Steganos Safe 14 (HKLM-x32\...\{13B7FBFB-622E-4002-8570-594798E6167D}) (Version: 14.2.2 - Steganos Software GmbH)
Steuer-Spar-Erklärung 2008 (HKLM-x32\...\{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}) (Version: 13.02.0000 - Akademische Arbeitsgemeinschaft)
Steuer-Spar-Erklärung 2009 (HKLM-x32\...\{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}) (Version: 14.01.0000 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2010 (HKLM-x32\...\{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}) (Version: 15.15 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2011 (HKLM-x32\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.18 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.14 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.12.92 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.25.123 - Akademische Arbeitsgemeinschaft)
Streamripper (Remove only) (HKLM-x32\...\Streamripper) (Version:  - )
Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten (HKLM\...\{CAD7B6DD-9C82-4D17-BAE8-3E9AE4971B90}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
Time Stamp (HKLM-x32\...\Time Stamp_is1) (Version:  - 3.23.2010-0313)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.0.0 - TP-LINK)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
Tunatic (HKLM-x32\...\Tunatic) (Version:  - )
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinPatrol (HKLM\...\{6E575124-6D34-4E65-9375-7D69468A6089}) (Version: 30.9 - BillP Studios)
WinRAR 5.10 Beta 4 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Zuzahlungsrechner (HKLM-x32\...\{B2C69E77-F209-4B63-8676-4F32B27E162B}) (Version: 3.6.0 - sfr-software-fuers-heim)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1242904208-471078349-2963378918-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\DDDD CCCCC\AppData\Roaming\moters\supna.dll No File <==== ATTENTION

==================== Restore Points  =========================

05-02-2015 20:37:27 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-02-01 08:39 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0CAEEB6B-A216-4E04-9EA6-AC310639FD8D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {23CEA58C-8E99-49B6-96E0-E0033F148659} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {26DA7882-781D-4FC9-B1A5-5F5B1F7227FE} - System32\Tasks\{6A246FB0-E753-4188-9543-22389AB30F4E} => pcalua.exe -a "C:\Users\DDDD CCCCC\Downloads\Chandler_win_1.0.3.exe" -d "C:\Users\DDDD CCCCC\Downloads"
Task: {38C51694-B081-4739-8E17-069D4A49D4D4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {47C46238-A6C4-4C4B-BE85-E6E1425608CB} - System32\Tasks\{144D2C4F-2583-452B-AC74-C64839CF03CC} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller" -c -hunter
Task: {5A42985A-DC32-4FE1-8210-CA09F67316FC} - System32\Tasks\HPCustPartic.exe_{96420065-3C4E-4B3E-96DB-DB0760F51DDD} => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {5B5D6CC7-9FA7-4441-9A09-8A3C4EA669FD} - System32\Tasks\{9B880EC1-DC3B-45D7-A7BB-4E131A7A884F} => pcalua.exe -a "C:\Users\DDDD CCCCC\Downloads\esetsmartinstaller_enu.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {5E1E681C-C0F1-4E87-8C95-38A011634E9C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {658A7160-D5FE-40D6-8358-5AC71CDD5600} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Arbeitscomputer-DDDD CCCCC Arbeitscomputer => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: {739C86AB-D488-4894-A94A-E1C873D935C4} - System32\Tasks\{239C0599-E784-4910-B228-5D5AB8D346A6} => pcalua.exe -a "C:\Users\DDDD CCCCC\Downloads\HiJackThis204.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {792B72B2-C51B-4379-B2AA-007529DB50F0} - System32\Tasks\{8D77E667-A31C-4EB4-B209-1E559B732CBC} => pcalua.exe -a "C:\Program Files (x86)\Canon\IJEREG\MP160\UNINST.EXE"
Task: {7AEAE564-35D2-434E-8BC2-12BF5BC672DE} - System32\Tasks\HPCustParticipation HP Deskjet 3070 B611 series => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {7EED0456-B087-4708-8496-6474B917CECB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {92533B9B-37E7-4E54-B7DE-F8B0B255CFEE} - System32\Tasks\{4781B96F-C3F4-45CF-AB6F-C64C9AD3E88D} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{319D91C6-3D44-436C-9F79-36C0D22372DC}\setup.exe" -d "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK" -c -runfromtemp -removeonly
Task: {9C395D30-C0E5-4B3A-A232-E38DA71A3827} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A1D835EF-9220-45A2-811E-2CA5B38166BF} - System32\Tasks\hpUrlLauncher.exe_{4AF7A75F-FDE8-41B8-80D9-5C3EBC32D019} => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\utils\hpUrlLauncher.exe
Task: {B7A342C6-6ABF-492E-9250-2C92CB583846} - System32\Tasks\{A2A68590-5CAE-4C98-8B98-D18CC5E4C073} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{3DB0448D-AD82-4923-B305-D001E521A964}\setup.exe" -c -runfromtemp -l0x407 -removeonly
Task: {BBBF9E37-C1CD-4CF0-A783-CE021D6D2928} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {CE5325CF-BB63-4751-AB56-BD427BEAA0D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-31] (Adobe Systems Incorporated)
Task: {E36CA599-B047-467B-99AF-5E380AFECE05} - System32\Tasks\{AC797CD7-B058-4AC8-84B2-B2307D6AFF9B} => C:\Program Files (x86)\Chandler1.0.3\chandler.exe
Task: {E85DBE85-E344-4E48-A05A-ACF97445121F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {F30712C0-5F79-4616-BFEE-8D27E1822469} - System32\Tasks\{581487AC-8AAF-40E1-A997-6B8519F0C5EC} => C:\Program Files (x86)\Chandler1.0.3\chandler.exe
Task: {FC0397BA-8222-41E7-836D-453BA55E74DB} - System32\Tasks\{2E665153-C229-4C02-9699-2F4EF08B1807} => pcalua.exe -a C:\Users\DANIEL~1\AppData\Local\Temp\InstallFlashPlayer.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2007-10-04 14:32 - 2007-10-04 14:32 - 00122880 _____ () C:\Program Files (x86)\Common Files\AAV\aavus.exe
2011-01-13 09:04 - 2011-01-13 09:04 - 00030080 _____ () C:\Windows\snuvcdsm.exe
2011-11-13 22:52 - 2011-11-13 22:51 - 00200704 _____ () C:\Windows\PLFSetI.exe
2009-07-29 13:10 - 2009-07-29 13:10 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-11-13 21:44 - 2011-11-13 21:44 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-12-28 14:38 - 2014-04-22 19:39 - 00645592 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1242904208-471078349-2963378918-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\DDDD CCCCC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BotkindSyncService => 2
MSCONFIG\Services: FoxitCloudUpdateService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NoIPDUCService4 => 2
MSCONFIG\Services: NTI IScheduleSvc => 2
MSCONFIG\Services: NTIBackupSvc => 3
MSCONFIG\Services: NTISchedulerSvc => 2
MSCONFIG\Services: OODefragAgent => 2
MSCONFIG\Services: PassThru Service => 2
MSCONFIG\Services: PDF Architect Helper Service => 2
MSCONFIG\Services: PDF Architect Service => 2
MSCONFIG\Services: SandraAgentSrv => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\Services: TomTomHOMEService => 2
MSCONFIG\Services: Updater Service => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart

==================== Accounts: =============================

Administrator (S-1-5-21-1242904208-471078349-2963378918-500 - Administrator - Disabled)
DDDD CCCCC (S-1-5-21-1242904208-471078349-2963378918-1000 - Administrator - Enabled) => C:\Users\DDDD CCCCC
EEEE (S-1-5-21-1242904208-471078349-2963378918-1003 - Limited - Enabled) => C:\Users\EEEE
Gast (S-1-5-21-1242904208-471078349-2963378918-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1242904208-471078349-2963378918-1002 - Limited - Enabled)
Versuch (S-1-5-21-1242904208-471078349-2963378918-1004 - Administrator - Enabled) => C:\Users\Versuch

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/08/2015 00:46:59 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/08/2015 00:46:59 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/08/2015 00:46:59 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/08/2015 00:46:58 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/07/2015 00:33:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/07/2015 00:33:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/07/2015 00:33:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/07/2015 00:33:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/06/2015 05:20:26 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/06/2015 01:48:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (02/08/2015 09:27:35 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (02/07/2015 10:19:09 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070420

Error: (02/05/2015 09:34:00 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070420

Error: (02/01/2015 09:17:29 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (02/01/2015 08:40:11 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (02/01/2015 08:39:59 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (02/01/2015 08:39:15 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (02/01/2015 08:39:14 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (02/01/2015 08:35:41 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (02/01/2015 08:02:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SPDRIVER_1361.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3


Microsoft Office Sessions:
=========================
Error: (02/08/2015 00:46:59 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe

Error: (02/08/2015 00:46:59 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe

Error: (02/08/2015 00:46:59 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe

Error: (02/08/2015 00:46:58 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe

Error: (02/07/2015 00:33:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe

Error: (02/07/2015 00:33:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe

Error: (02/07/2015 00:33:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe

Error: (02/07/2015 00:33:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe

Error: (02/06/2015 05:20:26 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (02/06/2015 01:48:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe


CodeIntegrity Errors:
===================================
  Date: 2015-02-01 08:39:15.425
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-01 08:39:15.175
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-01 08:39:14.941
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-01 08:39:14.692
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.971
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.769
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.550
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.332
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:01.069
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\DANIEL~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:00.711
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\DANIEL~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 32%
Total physical RAM: 3956.5 MB
Available physical RAM: 2658.36 MB
Total Pagefile: 7911.18 MB
Available Pagefile: 6017.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:290.05 GB) (Free:110.45 GB) NTFS
Drive d: (DATA) (Fixed) (Total:290.4 GB) (Free:285.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 6D48B855)
Partition 1: (Not Active) - (Size=15.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=290.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=290.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Wirkliche Verbesserung sehe ich nicht.

Einige Wörter im FF werden als Links für Werbung gekennzeichnet.
Wenn ich jetzt auf den "Antwort"-Button geklickt habe, kam eine Website mit "Windows Reparieren" statt dieses Textfeld hier...

Der FF läuft extrem langsam und immer wieder tauchen kleine Werbeflächen auf...
So schlimm war es irgendwie noch nie...

Bootsektor 09.02.2015 01:39
Hallo,

es sieht so aus, als hättest du die Namen nicht ersetzt, kann das sein?

magigstar 09.02.2015 06:16
Ja, allerdings nur beim ersten Durchgang. Dann ist mir der Fehler auch aufgefallen.

Bootsektor 09.02.2015 23:18
Ok,

lösch mal bitte FRST, lade dir eine frische Version herunter und dann nochmal die Fixlist mit ersetzten Namen ausführen.

magigstar 10.02.2015 19:18
Teilweise erfolgreich...

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015
Ran by DDDD CCCCC at 2015-02-10 19:15:32 Run:5
Running from C:\Users\DDDD CCCCC\Desktop
Loaded Profiles: DDDD CCCCC & EEEEEE & Versuch (Available profiles: DDDD CCCCC & EEEEEE & Versuch)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
FF Extension: Zoom It - C:\Users\DDDD CCCCC\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{1b4f9242-444a-5952-286c-6b1886ee5374} [2015-02-05]
C:\$RECYCLE.BIN\S-1-5-21-1242904208-471078349-2963378918-1000\$R7TUY4P.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe
C:\Users\DDDD CCCCC\Desktop\aufräumen, was geht\Ordner\Neuer Ordner (3)\Neuer Ordner1\alte Dateien\Tresor alter Computer\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll
C:\Users\DDDD CCCCC\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_neueDateien\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-203.dll
C:\Users\DDDD CCCCC\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_neueDateien\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll
C:\Users\DDDD CCCCC\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_Sicherung_2\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-203.dll
C:\Users\DDDD CCCCC\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_Sicherung_2\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll
C:\Users\DDDD CCCCC\Downloads\PDFCreator-1_7_3_setup(1).exe
C:\Users\DDDD CCCCC\Downloads\PDFCreator-1_7_3_setup.exe
C:\Users\EEEEEE\Downloads\cbsidlm-tr1_13-Free_Audio_Cutter-ORG-75444480.exe
C:\$RECYCLE.BIN\S-1-5-21-1242904208-471078349-2963378918-1000\$RIJ9WQK.exe
C:\Users\DDDD CCCCC\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Neuer Ordner (3)\Neuer Ordner1\alte Dateien\Tresor alter Computer\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll
C:\Users\DDDD CCCCC\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\USB Stick\usb\Neuer Ordner\Dance\The Prodigy - One Love.mp3
C:\Program Files\Common Files\System\SysMenu64.dll
C:\Users\DDDD CCCCC\AppData\Local\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\cache2\entries\96D59457AFA822A33B5B5ED391A55E16768E6472
C:\Users\DDDD CCCCC\AppData\Local\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\cache2\entries\BB425C587980B0FCFA063FF796BB36E3D76613A4
C:\Users\DDDD CCCCC\AppData\Roaming\Booster-Web\jid1-U7omKQ6kQfxMaQ@jetpack.zip
C:\Users\DDDD CCCCC\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
C:\Windows\System32\ColorMedia.dll
C:\Windows\SysWOW64\ColorMedia.dll
       
*****************

C:\Users\DDDD CCCCC\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{1b4f9242-444a-5952-286c-6b1886ee5374} not found.
"C:\$RECYCLE.BIN\S-1-5-21-1242904208-471078349-2963378918-1000\$R7TUY4P.exe" => File/Directory not found.
"C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe" => File/Directory not found.
"C:\Users\DDDD CCCCC\Desktop\aufräumen, was geht\Ordner\Neuer Ordner (3)\Neuer Ordner1\alte Dateien\Tresor alter Computer\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll" => File/Directory not found.
"C:\Users\DDDD CCCCC\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_neueDateien\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-203.dll" => File/Directory not found.
"C:\Users\DDDD CCCCC\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_neueDateien\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll" => File/Directory not found.
"C:\Users\DDDD CCCCC\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_Sicherung_2\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-203.dll" => File/Directory not found.
"C:\Users\DDDD CCCCC\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_Sicherung_2\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll" => File/Directory not found.
"C:\Users\DDDD CCCCC\Downloads\PDFCreator-1_7_3_setup(1).exe" => File/Directory not found.
"C:\Users\DDDD CCCCC\Downloads\PDFCreator-1_7_3_setup.exe" => File/Directory not found.
"C:\Users\EEEEEE\Downloads\cbsidlm-tr1_13-Free_Audio_Cutter-ORG-75444480.exe" => File/Directory not found.
"C:\$RECYCLE.BIN\S-1-5-21-1242904208-471078349-2963378918-1000\$RIJ9WQK.exe" => File/Directory not found.
"C:\Users\DDDD CCCCC\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Neuer Ordner (3)\Neuer Ordner1\alte Dateien\Tresor alter Computer\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll" => File/Directory not found.
"C:\Users\DDDD CCCCC\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\USB Stick\usb\Neuer Ordner\Dance\The Prodigy - One Love.mp3" => File/Directory not found.
"C:\Program Files\Common Files\System\SysMenu64.dll" => File/Directory not found.
"C:\Users\DDDD CCCCC\AppData\Local\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\cache2\entries\96D59457AFA822A33B5B5ED391A55E16768E6472" => File/Directory not found.
C:\Users\DDDD CCCCC\AppData\Local\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\cache2\entries\BB425C587980B0FCFA063FF796BB36E3D76613A4 => Moved successfully.
"C:\Users\DDDD CCCCC\AppData\Roaming\Booster-Web\jid1-U7omKQ6kQfxMaQ@jetpack.zip" => File/Directory not found.
"C:\Users\DDDD CCCCC\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe" => File/Directory not found.
"C:\Windows\System32\ColorMedia.dll" => File/Directory not found.
"C:\Windows\SysWOW64\ColorMedia.dll" => File/Directory not found.

==== End of Fixlog 19:15:33 ====

Bootsektor 11.02.2015 21:52
Hmm,

merkwürdig... was macht denn die Werbung?

Mach nochmal

Schritt 1
Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

magigstar 11.02.2015 22:25
Die Werbung nervt und geht mir auf den S....

Der FF ist lahm wie nie zuvor.
Werbeeinblendungen kommen von der Seite.
Ich klicke eine Website an, z. B. Trojaner-Board um zu beantworten, und es öffnet sich eine ganz andere Website, manchmal zusätzlich eine Website.
Mal auch ein Pop-Up.

Aber komischerweise beim FF mehr als beim Chrome.

Ich habe die Fixlist erneut versucht zu fixen, aber auch wieder die selbe Meldung...

frisches FRST bekommst... gleich...

FRST:


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02
Ran by DDDDD CCCCC (administrator) on ARBEITSCOMPUTER on 11-02-2015 22:17:04
Running from C:\Users\DDDDD CCCCC\Desktop
Loaded Profiles: DDDDD CCCCC & EEEEE & Versuch (Available profiles: DDDDD CCCCC & EEEEE & Versuch)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Common Files\AAV\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Windows\snuvcdsm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\PLFSetI.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(RescueTime, Inc.) C:\Program Files (x86)\RescueTime\RescueTime.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
(Mirko Böer) C:\Program Files (x86)\SSS\SimpleScreenshot.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SNUVCDSM] => C:\Windows\snuvcdsm.exe [30080 2011-01-13] ()
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-29] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetL] => C:\Windows\PLFSetL.exe [99712 2011-01-13] (Sonix Technology Co., Ltd.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2011-11-13] ()
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-11] (Egis Technology Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-07-22] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-02] (Dritek System Inc.)
HKLM-x32\...\Run: [SimpleScreenshot] => C:\Program Files (x86)\SSS\SIMPLESCREENSHOT.EXE [2254848 2008-01-28] (Mirko Böer)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-23] (BillP Studios)
HKU\S-1-5-21-1242904208-471078349-2963378918-1003\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-1242904208-471078349-2963378918-1003\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
Startup: C:\Users\DDDDD CCCCC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk
ShortcutTarget: RescueTime.lnk -> C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1242904208-471078349-2963378918-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.de/
HKU\S-1-5-21-1242904208-471078349-2963378918-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27361111d106l0498z1j5t4471e496
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1242904208-471078349-2963378918-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1242904208-471078349-2963378918-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1242904208-471078349-2963378918-1003 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE457
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: unissales -> {7e0aaab3-ba7d-4a2d-b1e6-4289ce4d1b1e} -> C:\Program Files (x86)\unissales\9vFbOLvEX4RE1d.x64.dll No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1242904208-471078349-2963378918-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\DDDDD CCCCC\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: Zoom It - C:\Users\DDDDD CCCCC\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{afdad878-e9ec-921a-f7c0-7115160176c4} [2015-02-11]
FF Extension: LeechBlock - C:\Users\DDDDD CCCCC\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2014-12-07]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7F3C43B3-690F-4276-959F-1C74A797CA2A&SearchSource=55&CUI=&UM=8&UP=SP9050A32E-D786-4A42-9E49-5663C4588ECE&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7F3C43B3-690F-4276-959F-1C74A797CA2A&SearchSource=55&CUI=&UM=8&UP=SP9050A32E-D786-4A42-9E49-5663C4588ECE&SSPV="
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSuggestURL: Default -> hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\DDDDD CCCCC\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (Google Präsentationen) - C:\Users\DDDDD CCCCC\AppData\Local\Google\Chrome\User Data\default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-01]
CHR Extension: (Google Docs) - C:\Users\DDDDD CCCCC\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-25]
CHR Extension: (Google Drive) - C:\Users\DDDDD CCCCC\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\DDDDD CCCCC\AppData\Local\Google\Chrome\User Data\default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-26]
CHR Extension: (YouTube) - C:\Users\DDDDD CCCCC\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-25]
CHR Extension: (Google-Suche) - C:\Users\DDDDD CCCCC\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-25]
CHR Extension: (Google Tabellen) - C:\Users\DDDDD CCCCC\AppData\Local\Google\Chrome\User Data\default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-01]
CHR Extension: (Avira Browserschutz) - C:\Users\DDDDD CCCCC\AppData\Local\Google\Chrome\User Data\default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-26]
CHR Extension: (Google Wallet) - C:\Users\DDDDD CCCCC\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-26]
CHR Extension: (Google Mail) - C:\Users\DDDDD CCCCC\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-25]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Common Files\AAV\aavus.exe [122880 2007-10-04] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
S4 BotkindSyncService; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [182784 2013-10-10] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S4 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241704 2014-03-25] (Foxit Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-11] (Egis Technology Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 NoIPDUCService4; C:\Program Files (x86)\No-IP\ducservice.exe [11264 2013-01-24] () [File not signed]
S4 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3051848 2011-01-25] (O&O Software GmbH)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] () [File not signed]
S4 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S4 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) [File not signed]
S4 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe [72344 2008-05-19] (SiSoftware) [File not signed]
S4 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [247152 2010-04-27] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 EkaProt6; C:\Windows\System32\DRIVERS\ekaprot6.sys [27288 2012-03-23] (Ekahau Inc.)
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [109144 2014-01-30] (Softwareentwicklung Remus - ArchiCrypt - )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806592 2011-01-13] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 22:17 - 2015-02-11 22:18 - 00021824 _____ () C:\Users\DDDDD CCCCC\Desktop\FRST.txt
2015-02-10 18:48 - 2015-02-11 20:38 - 02134016 _____ (Farbar) C:\Users\DDDDD CCCCC\Desktop\FRST64.exe
2015-02-08 22:42 - 2015-02-08 22:42 - 00000250 _____ () C:\Users\DDDDD CCCCC\Desktop\▶ Motivationsvortrag Die Kunst, Dein Ding zu machen - YouTube.URL
2015-02-08 17:15 - 2015-02-08 17:15 - 00003016 _____ () C:\Users\DDDDD CCCCC\AppData\Local\recently-used.xbel
2015-02-08 16:40 - 2015-02-08 16:40 - 00001350 ____R () C:\Windows\SimpleScreenshot5_Uninstall.in
2015-02-08 16:40 - 2015-02-08 16:40 - 00000000 ____D () C:\Program Files (x86)\SSS
2015-02-08 16:40 - 2008-01-28 14:51 - 00330336 _____ (Mirko Böer) C:\Windows\SSSUn5.exe
2015-02-08 16:39 - 2015-02-08 16:40 - 01225878 _____ () C:\Users\DDDDD CCCCC\Downloads\ssshot.zip
2015-02-05 21:40 - 2015-02-05 21:40 - 02347384 _____ (ESET) C:\Users\DDDDD CCCCC\Downloads\esetsmartinstaller_deu.exe
2015-02-01 23:11 - 2015-02-01 23:11 - 00000250 _____ () C:\Users\DDDDD CCCCC\Desktop\ouTube.URL
2015-02-01 23:10 - 2015-02-01 23:10 - 00000244 _____ () C:\Users\DDDDD CCCCC\Desktop\Zeitmanagement.URL
2015-02-01 21:45 - 2015-02-01 21:45 - 01156136 _____ (Ruiware) C:\Users\DDDDD CCCCC\Downloads\wpsetup(1).exe
2015-02-01 08:55 - 2015-02-01 08:55 - 00039830 _____ () C:\ComboFix.txt
2015-02-01 01:01 - 2015-02-01 00:56 - 05611408 ____R (Swearware) C:\Users\DDDDD CCCCC\Desktop\ComboFix.exe
2015-02-01 00:56 - 2015-02-01 00:56 - 05611408 ____R (Swearware) C:\Users\DDDDD CCCCC\Downloads\ComboFix.exe
2015-02-01 00:46 - 2015-02-01 00:46 - 00000249 _____ () C:\Users\DDDDD CCCCC\Desktop\Link.URL
2015-01-31 23:47 - 2015-01-31 23:51 - 00002169 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2015.lnk
2015-01-31 20:29 - 2015-01-31 20:29 - 00000269 _____ () C:\Users\DDDDD CCCCC\Desktop\REELETICS.URL
2015-01-31 17:50 - 2015-02-11 20:38 - 00000000 ____D () C:\Users\DDDDD CCCCC\Desktop\FRST-OlderVersion
2015-01-31 17:48 - 2015-01-31 17:48 - 00000337 _____ () C:\Users\DDDDD CCCCC\Desktop\Samsung Tab - kein Speicherplatz - Android-Hilfe.de.URL
2015-01-31 17:00 - 2015-01-31 17:01 - 00001671 _____ () C:\Users\DDDDD CCCCC\Desktop\JRT.txt
2015-01-31 15:22 - 2015-01-31 15:22 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-31 15:03 - 2015-01-31 15:03 - 02194432 _____ () C:\Users\DDDDD CCCCC\Desktop\AdwCleaner_4.109.exe
2015-01-31 15:03 - 2015-01-31 15:03 - 01707939 _____ (Thisisu) C:\Users\DDDDD CCCCC\Desktop\JRT.exe
2015-01-31 11:33 - 2015-01-31 11:33 - 00000000 ____D () C:\Users\DDDDD CCCCC\Documents\TokensBackup
2015-01-31 09:43 - 2015-01-31 09:46 - 00000000 ____D () C:\Users\DDDDD CCCCC\Desktop\Ordnung
2015-01-31 09:35 - 2015-01-31 09:35 - 00000000 ____D () C:\Users\DDDDD CCCCC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Booster-Web
2015-01-31 09:34 - 2015-02-08 09:43 - 00000000 ____D () C:\Users\DDDDD CCCCC\AppData\Roaming\Booster-Web
2015-01-31 09:32 - 2015-01-31 09:32 - 00001117 _____ () C:\Users\DDDDD CCCCC\Desktop\Continue installation .lnk
2015-01-31 09:31 - 2015-01-31 09:31 - 00000000 ____D () C:\ProgramData\SearchModulePlus
2015-01-31 09:06 - 2015-01-31 17:44 - 00000000 ____D () C:\Program Files (x86)\Hearthstone Stream Browser
2015-01-31 09:06 - 2015-01-31 09:06 - 00000000 ____D () C:\Windows\SysWOW64\AMD64
2015-01-31 08:52 - 2014-12-14 10:53 - 00378640 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll
2015-01-30 20:51 - 2015-01-30 20:51 - 00000600 _____ () C:\Users\DDDDD CCCCC\AppData\Roaming\winscp.rnd
2015-01-30 20:08 - 2015-01-30 20:08 - 00000000 ____D () C:\Users\Versuch\AppData\Roaming\PDF Architect
2015-01-30 20:08 - 2015-01-30 20:08 - 00000000 ____D () C:\Users\Versuch\AppData\Local\IsolatedStorage
2015-01-30 19:16 - 2015-01-30 19:17 - 00000000 ____D () C:\Users\Versuch\AppData\OICE_15_974FA576_32C1D314_2072
2015-01-27 21:08 - 2015-02-11 20:44 - 00005190 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Arbeitscomputer-DDDDD CCCCC Arbeitscomputer
2015-01-20 06:34 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-20 06:34 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-20 06:34 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-20 06:34 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-20 06:34 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-20 06:34 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-20 06:34 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 08:06 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:06 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:06 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 08:06 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:06 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 08:06 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 22:17 - 2014-08-21 20:10 - 00000000 ____D () C:\FRST
2015-02-11 22:05 - 2012-08-14 18:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-11 21:31 - 2011-11-13 21:43 - 01355394 _____ () C:\Windows\WindowsUpdate.log
2015-02-11 21:23 - 2012-09-20 04:21 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-11 20:26 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-11 20:26 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-11 20:22 - 2012-09-20 04:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-11 20:20 - 2014-06-18 08:20 - 00028413 _____ () C:\Windows\setupact.log
2015-02-11 20:20 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-10 18:51 - 2014-08-06 10:55 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-10 18:50 - 2013-02-24 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-10 18:50 - 2013-02-24 19:39 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-08 22:31 - 2014-11-29 10:02 - 00000000 ____D () C:\Users\DDDDD CCCCC\Desktop\Neuer Ordner (4)
2015-02-08 17:15 - 2014-06-15 19:34 - 00000000 ____D () C:\Users\DDDDD CCCCC\AppData\Local\gtk-2.0
2015-02-08 17:15 - 2012-08-29 10:11 - 00000000 ____D () C:\Users\DDDDD CCCCC\.gimp-2.8
2015-02-08 16:40 - 2011-11-20 16:01 - 00000946 _____ () C:\Users\DDDDD CCCCC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SimpleScreenshot.lnk
2015-02-08 09:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-02-07 21:26 - 2012-03-25 11:40 - 00000000 ____D () C:\Users\DDDDD CCCCC\Documents\Steuerfälle
2015-02-07 15:18 - 2011-11-13 23:22 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-07 15:18 - 2011-11-13 23:22 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-06 22:51 - 2014-08-07 20:56 - 03035136 ___SH () C:\Users\DDDDD CCCCC\Desktop\Thumbs.db
2015-02-06 19:17 - 2014-06-20 13:07 - 00113416 _____ () C:\Windows\PFRO.log
2015-02-05 21:35 - 2014-08-05 14:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-05 21:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PLA
2015-02-01 08:55 - 2014-08-24 12:03 - 00000000 ____D () C:\Qoobox
2015-02-01 08:50 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-01 08:40 - 2013-10-13 19:47 - 00000000 ____D () C:\Windows\erdnt
2015-02-01 08:40 - 2009-07-14 03:34 - 24379392 _____ () C:\Windows\system32\config\system.bak
2015-02-01 08:40 - 2009-07-14 03:34 - 113508352 _____ () C:\Windows\system32\config\software.bak
2015-02-01 08:40 - 2009-07-14 03:34 - 05505024 _____ () C:\Windows\system32\config\default.bak
2015-02-01 08:40 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-02-01 08:40 - 2009-07-14 03:34 - 00032768 _____ () C:\Windows\system32\config\security.bak
2015-02-01 08:39 - 2009-11-05 01:49 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-01-31 23:47 - 2012-03-25 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps
2015-01-31 23:47 - 2012-03-25 11:26 - 00000000 ____D () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft
2015-01-31 17:39 - 2013-09-19 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-31 17:39 - 2012-03-11 02:08 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-31 17:19 - 2011-11-14 06:15 - 00000000 ____D () C:\Windows\Lan
2015-01-31 15:22 - 2014-08-05 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-31 15:22 - 2014-08-05 14:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-31 15:08 - 2014-11-16 12:18 - 00001025 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-31 15:08 - 2014-11-16 12:18 - 00001013 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-31 15:08 - 2014-10-25 07:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-31 15:08 - 2014-08-24 18:36 - 00000000 ____D () C:\AdwCleaner
2015-01-31 15:08 - 2011-11-20 15:41 - 00001021 _____ () C:\Users\DDDDD CCCCC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-31 07:56 - 2014-08-15 15:44 - 00000000 ____D () C:\Users\DDDDD CCCCC\AppData\Local\Adobe
2015-01-31 07:56 - 2012-04-02 19:28 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-31 07:56 - 2012-04-02 19:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-31 07:56 - 2011-11-15 21:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-30 19:03 - 2014-09-10 06:10 - 00000000 ____D () C:\Users\Versuch\AppData\Roaming\SimpleScreenshot
2015-01-27 20:12 - 2014-11-10 20:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 06:18 - 2014-11-16 12:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 07:21 - 2012-06-10 14:07 - 00000000 ____D () C:\Users\DDDDD CCCCC\Documents\Bewerbungen
2015-01-25 17:19 - 2011-11-14 06:34 - 00702664 _____ () C:\Windows\system32\perfh007.dat
2015-01-25 17:19 - 2011-11-14 06:34 - 00151424 _____ () C:\Windows\system32\perfc007.dat
2015-01-25 17:19 - 2009-07-14 06:13 - 01629998 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-23 21:11 - 2013-11-02 09:43 - 00000000 ____D () C:\Users\DDDDD CCCCC\AppData\Roaming\Skype
2015-01-20 14:50 - 2014-09-10 06:09 - 00000000 ____D () C:\Users\Versuch
2015-01-20 14:50 - 2013-05-22 21:33 - 00000000 ____D () C:\Users\DDDDD CCCCC\AppData\Local\RescueTime.com
2015-01-20 14:50 - 2012-03-30 17:57 - 00000000 ____D () C:\Users\EEEEE
2015-01-20 14:50 - 2011-12-01 21:23 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-01-20 14:50 - 2011-11-20 16:01 - 00000000 ____D () C:\Users\DDDDD CCCCC\AppData\Roaming\SimpleScreenshot
2015-01-20 14:50 - 2009-11-05 01:26 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-20 14:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-20 06:21 - 2011-11-13 22:46 - 00000000 ____D () C:\Users\DDDDD CCCCC
2015-01-18 20:07 - 2012-04-07 11:49 - 00000000 ____D () C:\Users\DDDDD CCCCC\Documents\Finanzen
2015-01-15 18:59 - 2013-07-13 08:36 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 18:46 - 2011-11-18 19:58 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-06-28 07:10 - 2014-07-23 21:30 - 14159872 _____ () C:\Users\DDDDD CCCCC\AppData\Roaming\Sandra.mdb
2015-01-30 20:51 - 2015-01-30 20:51 - 0000600 _____ () C:\Users\DDDDD CCCCC\AppData\Roaming\winscp.rnd
2012-04-20 18:28 - 2014-07-07 01:20 - 0006656 _____ () C:\Users\DDDDD CCCCC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-22 21:07 - 2014-09-22 21:07 - 0001482 _____ () C:\Users\DDDDD CCCCC\AppData\Local\RecConfig.xml
2015-02-08 17:15 - 2015-02-08 17:15 - 0003016 _____ () C:\Users\DDDDD CCCCC\AppData\Local\recently-used.xbel
2013-08-12 21:15 - 2013-08-12 21:15 - 0007603 _____ () C:\Users\DDDDD CCCCC\AppData\Local\Resmon.ResmonCfg
2012-03-31 10:26 - 2012-03-31 10:26 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-11-13 22:53 - 2011-11-13 22:57 - 0008282 _____ () C:\ProgramData\ArcadeDeluxe3.log
2014-09-22 19:19 - 2014-10-06 19:45 - 0008737 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\DDDDD CCCCC\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-06 01:48

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Addition:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-02-2015 02
Ran by DDDDD CCCCCC at 2015-02-11 22:18:56
Running from C:\Users\DDDDD CCCCCC\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.7112 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.0.7112 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.29 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.124.1120 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.124.1120 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3004 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.2009.1217 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3000 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.103 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}) (Version: 1.4.17.35005 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.4.17.35005 - Alcor Micro Corp.) Hidden
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
Alle meine Passworte 4.13 (HKLM\...\AllemeinePassworte) (Version:  - Mirko Böer)
Allway Sync version 12.16.9 (HKLM-x32\...\Allway Sync_is1) (Version:  - Botkind Inc)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1105 - Alps Electric)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{11F38253-8940-FFDA-D131-B14120C357E4}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avi2Dvd 0.6.4 (HKLM-x32\...\Avi2Dvd) (Version: 0.6.4 - TrustFm)
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Backup Manager Basic (x32 Version: 2.0.0.29 - NewTech Infosystems) Hidden
BatteryCare 0.9.10.0 (HKLM-x32\...\{C6A6036D-FBD0-4324-BEAA-C0845257160C}_is1) (Version: 0.9.10.0 - Filipe Lourenço)
BitTorrent (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\BitTorrent) (Version: 7.9.2.31638 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Booster-Web (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Booster-Web) (Version: 4 - ${CompanyName})
Broadcom Gigabit NetLink Controller (HKLM\...\{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}) (Version: 12.33.03 - Broadcom Corporation)
Canon MP160 Benutzerregistrierung (HKLM-x32\...\Canon MP160 Benutzerregistrierung) (Version:  - )
ccc-core-static (x32 Version: 2009.1209.2335.42329 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP)
Chandler 1.0.3 (HKLM-x32\...\Chandler) (Version: 1.0.3 - Open Source Applications Foundation)
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)
CoreAAC Audio Decoder (remove only) (HKLM-x32\...\CoreAAC Audio Decoder) (Version:  - )
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
EinsteinBrainTrainer (remove only) (HKLM-x32\...\EinsteinBrainTrainer) (Version:  - )
Ekahau HeatMapper (HKLM\...\Heatmapper-1.1.4.39795) (Version: 1.1.4.39795 - Ekahau Inc.)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
ffdshow [rev 3299] [2010-03-03] (HKLM-x32\...\ffdshow_is1) (Version: 1.0.0.3299 - )
Fiat eco:Drive (HKLM-x32\...\com.fiat.convergence.385E4263E7379A5D22A7076E99B02868EFF10711.1) (Version: 2.0.2 - Fiat Group Automobiles)
Fiat eco:Drive (x32 Version: 2.0.2 - Fiat Group Automobiles) Hidden
First Class Flurry (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}) (Version:  - Oberon Media)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.105.325 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.3.321 - Foxit Corporation)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free DVD Video Burner version 3.0.4.426 (HKLM-x32\...\Free DVD Video Burner_is1) (Version:  - DVDVideoSoft Limited.)
Free System Utilities (HKLM-x32\...\{ad2818b3-1616-4ec8-855d-be6936103e5a}) (Version: 1.1.0.70 - Covus Freemium GmbH)
Free SystemUtilities (x32 Version: 1.1.0.70 - Covus Freemium GmbH) Hidden
Free YouTube Download version 3.1.37.918 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.37.918 - DVDVideoSoft Ltd.)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0_RC_10 - )
FRITZ!Box-Fernzugang einrichten (HKLM-x32\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
FrostWire 5.3.5 (HKLM-x32\...\FrostWire 5) (Version: 5.3.5.0 - FrostWire Team)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photosmart 5520 series - Grundlegende Software für das Gerät (HKLM\...\{4F396B08-301D-4E53-A372-95A7E93ABD04}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.007 - HTC Corporation)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Join Air (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - ZTE Corporation)
Kassenbuch (HKLM-x32\...\{29531C6B-7B64-4C53-B54A-6C8AB5DE2159}) (Version: 1.0.0 - Office Consult GmbH)
K-Lite Codec Pack 9.2.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.2.0 - )
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.05 - Acer Inc.)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MediaHuman YouTube to MP3 Converter Version 3.3 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.3 - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 (KB971118) (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971118)) (Version:  - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 Language Pack - DEU (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 Language Pack - DEU) (Version:  - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1242904208-471078349-2963378918-1003\...\SkyDriveSetup.exe) (Version: 16.4.6010.0727 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MPC-HC 1.7.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.0.1 - Vitalwerks Internet Solutions LLC)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6623 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6623 - NewTech Infosystems) Hidden
O&O Defrag Free Edition (HKLM\...\{C10CAF82-9D36-4D9A-9DC0-C4549F06B519}) (Version: 14.1.431 - O&O Software GmbH)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF24 Creator 6.8.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
pomodairo (HKLM-x32\...\{EEBEA077-AB92-5083-ECB1-C15BD842D00B}) (Version: 1.9 - UNKNOWN)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Random Dresser (HKLM-x32\...\RandomDresser) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
RescueTime 2.2.1 (HKLM-x32\...\{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1) (Version:  - RescueTime.com)
Restorer2000 3.3 (HKLM-x32\...\Restorer2000_is1) (Version: 3.3 - Bitmart Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shutdown Manager (HKLM-x32\...\{C457BA5F-35F9-480C-90F8-5C91DB443A15}_is1) (Version: 2.0.7 - Daniel Höllig)
SimpleScreenshot 1.40 (HKLM-x32\...\SimpleScreenshot) (Version:  - )
SiSoftware Sandra Lite 2014.SP2a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 20.35.2014.6 - SiSoftware)
SIW version 2011.10.29 (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.10.29 - Topala Software Solutions)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Steganos Safe 14 (HKLM-x32\...\{13B7FBFB-622E-4002-8570-594798E6167D}) (Version: 14.2.2 - Steganos Software GmbH)
Steuer-Spar-Erklärung 2008 (HKLM-x32\...\{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}) (Version: 13.02.0000 - Akademische Arbeitsgemeinschaft)
Steuer-Spar-Erklärung 2009 (HKLM-x32\...\{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}) (Version: 14.01.0000 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2010 (HKLM-x32\...\{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}) (Version: 15.15 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2011 (HKLM-x32\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.18 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.14 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.12.92 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.25.123 - Akademische Arbeitsgemeinschaft)
Streamripper (Remove only) (HKLM-x32\...\Streamripper) (Version:  - )
Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten (HKLM\...\{CAD7B6DD-9C82-4D17-BAE8-3E9AE4971B90}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
Time Stamp (HKLM-x32\...\Time Stamp_is1) (Version:  - 3.23.2010-0313)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.0.0 - TP-LINK)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
Tunatic (HKLM-x32\...\Tunatic) (Version:  - )
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinPatrol (HKLM\...\{6E575124-6D34-4E65-9375-7D69468A6089}) (Version: 30.9 - BillP Studios)
WinRAR 5.10 Beta 4 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Zuzahlungsrechner (HKLM-x32\...\{B2C69E77-F209-4B63-8676-4F32B27E162B}) (Version: 3.6.0 - sfr-software-fuers-heim)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1242904208-471078349-2963378918-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\DDDDD CCCCCC\AppData\Roaming\moters\supna.dll No File <==== ATTENTION

==================== Restore Points  =========================

05-02-2015 20:37:27 Windows Update
11-02-2015 20:25:53 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-02-01 08:39 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0CAEEB6B-A216-4E04-9EA6-AC310639FD8D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {23CEA58C-8E99-49B6-96E0-E0033F148659} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {26DA7882-781D-4FC9-B1A5-5F5B1F7227FE} - System32\Tasks\{6A246FB0-E753-4188-9543-22389AB30F4E} => pcalua.exe -a "C:\Users\DDDDD CCCCCC\Downloads\Chandler_win_1.0.3.exe" -d "C:\Users\DDDDD CCCCCC\Downloads"
Task: {38C51694-B081-4739-8E17-069D4A49D4D4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {47C46238-A6C4-4C4B-BE85-E6E1425608CB} - System32\Tasks\{144D2C4F-2583-452B-AC74-C64839CF03CC} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller" -c -hunter
Task: {5A42985A-DC32-4FE1-8210-CA09F67316FC} - System32\Tasks\HPCustPartic.exe_{96420065-3C4E-4B3E-96DB-DB0760F51DDD} => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {5B5D6CC7-9FA7-4441-9A09-8A3C4EA669FD} - System32\Tasks\{9B880EC1-DC3B-45D7-A7BB-4E131A7A884F} => pcalua.exe -a "C:\Users\DDDDD CCCCCC\Downloads\esetsmartinstaller_enu.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {5E1E681C-C0F1-4E87-8C95-38A011634E9C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {658A7160-D5FE-40D6-8358-5AC71CDD5600} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Arbeitscomputer-DDDDD CCCCCC Arbeitscomputer => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: {739C86AB-D488-4894-A94A-E1C873D935C4} - System32\Tasks\{239C0599-E784-4910-B228-5D5AB8D346A6} => pcalua.exe -a "C:\Users\DDDDD CCCCCC\Downloads\HiJackThis204.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {792B72B2-C51B-4379-B2AA-007529DB50F0} - System32\Tasks\{8D77E667-A31C-4EB4-B209-1E559B732CBC} => pcalua.exe -a "C:\Program Files (x86)\Canon\IJEREG\MP160\UNINST.EXE"
Task: {7AEAE564-35D2-434E-8BC2-12BF5BC672DE} - System32\Tasks\HPCustParticipation HP Deskjet 3070 B611 series => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {7EED0456-B087-4708-8496-6474B917CECB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {92533B9B-37E7-4E54-B7DE-F8B0B255CFEE} - System32\Tasks\{4781B96F-C3F4-45CF-AB6F-C64C9AD3E88D} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{319D91C6-3D44-436C-9F79-36C0D22372DC}\setup.exe" -d "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK" -c -runfromtemp -removeonly
Task: {9C395D30-C0E5-4B3A-A232-E38DA71A3827} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A1D835EF-9220-45A2-811E-2CA5B38166BF} - System32\Tasks\hpUrlLauncher.exe_{4AF7A75F-FDE8-41B8-80D9-5C3EBC32D019} => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\utils\hpUrlLauncher.exe
Task: {B7A342C6-6ABF-492E-9250-2C92CB583846} - System32\Tasks\{A2A68590-5CAE-4C98-8B98-D18CC5E4C073} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{3DB0448D-AD82-4923-B305-D001E521A964}\setup.exe" -c -runfromtemp -l0x407 -removeonly
Task: {BBBF9E37-C1CD-4CF0-A783-CE021D6D2928} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {CE5325CF-BB63-4751-AB56-BD427BEAA0D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-31] (Adobe Systems Incorporated)
Task: {E36CA599-B047-467B-99AF-5E380AFECE05} - System32\Tasks\{AC797CD7-B058-4AC8-84B2-B2307D6AFF9B} => C:\Program Files (x86)\Chandler1.0.3\chandler.exe
Task: {E85DBE85-E344-4E48-A05A-ACF97445121F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {F30712C0-5F79-4616-BFEE-8D27E1822469} - System32\Tasks\{581487AC-8AAF-40E1-A997-6B8519F0C5EC} => C:\Program Files (x86)\Chandler1.0.3\chandler.exe
Task: {FC0397BA-8222-41E7-836D-453BA55E74DB} - System32\Tasks\{2E665153-C229-4C02-9699-2F4EF08B1807} => pcalua.exe -a C:\Users\DANIEL~1\AppData\Local\Temp\InstallFlashPlayer.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2007-10-04 14:32 - 2007-10-04 14:32 - 00122880 _____ () C:\Program Files (x86)\Common Files\AAV\aavus.exe
2011-01-13 09:04 - 2011-01-13 09:04 - 00030080 _____ () C:\Windows\snuvcdsm.exe
2011-11-13 22:52 - 2011-11-13 22:51 - 00200704 _____ () C:\Windows\PLFSetI.exe
2009-07-29 13:10 - 2009-07-29 13:10 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-11-13 21:44 - 2011-11-13 21:44 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-12-28 14:38 - 2014-04-22 19:39 - 00645592 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1242904208-471078349-2963378918-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\DDDDD CCCCCC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1242904208-471078349-2963378918-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\EEEEEE\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1242904208-471078349-2963378918-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Versuch\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BotkindSyncService => 2
MSCONFIG\Services: FoxitCloudUpdateService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NoIPDUCService4 => 2
MSCONFIG\Services: NTI IScheduleSvc => 2
MSCONFIG\Services: NTIBackupSvc => 3
MSCONFIG\Services: NTISchedulerSvc => 2
MSCONFIG\Services: OODefragAgent => 2
MSCONFIG\Services: PassThru Service => 2
MSCONFIG\Services: PDF Architect Helper Service => 2
MSCONFIG\Services: PDF Architect Service => 2
MSCONFIG\Services: SandraAgentSrv => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\Services: TomTomHOMEService => 2
MSCONFIG\Services: Updater Service => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart

==================== Accounts: =============================

Administrator (S-1-5-21-1242904208-471078349-2963378918-500 - Administrator - Disabled)
DDDDD CCCCCC (S-1-5-21-1242904208-471078349-2963378918-1000 - Administrator - Enabled) => C:\Users\DDDDD CCCCCC
EEEEEE (S-1-5-21-1242904208-471078349-2963378918-1003 - Limited - Enabled) => C:\Users\EEEEEE
Gast (S-1-5-21-1242904208-471078349-2963378918-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1242904208-471078349-2963378918-1002 - Limited - Enabled)
Versuch (S-1-5-21-1242904208-471078349-2963378918-1004 - Administrator - Enabled) => C:\Users\Versuch

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/10/2015 07:15:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/10/2015 06:42:54 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
  bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
  bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (02/08/2015 00:46:59 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/08/2015 00:46:59 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/08/2015 00:46:59 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/08/2015 00:46:58 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/07/2015 00:33:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/07/2015 00:33:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/07/2015 00:33:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/07/2015 00:33:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (02/11/2015 08:21:01 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.28
registriert werden. Der Computer mit IP-Adresse 192.168.178.1 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (02/08/2015 09:27:35 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (02/07/2015 10:19:09 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070420

Error: (02/05/2015 09:34:00 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070420

Error: (02/01/2015 09:17:29 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (02/01/2015 08:40:11 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (02/01/2015 08:39:59 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (02/01/2015 08:39:15 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (02/01/2015 08:39:14 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (02/01/2015 08:35:41 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.


Microsoft Office Sessions:
=========================
Error: (02/10/2015 07:15:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\DDDDD CCCCCC\Downloads\esetsmartinstaller_deu.exe

Error: (02/10/2015 06:42:54 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
  bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
  bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (02/08/2015 00:46:59 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe

Error: (02/08/2015 00:46:59 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe

Error: (02/08/2015 00:46:59 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe

Error: (02/08/2015 00:46:58 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe

Error: (02/07/2015 00:33:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe

Error: (02/07/2015 00:33:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe

Error: (02/07/2015 00:33:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe

Error: (02/07/2015 00:33:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe


CodeIntegrity Errors:
===================================
  Date: 2015-02-01 08:39:15.425
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-01 08:39:15.175
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-01 08:39:14.941
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-01 08:39:14.692
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.971
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.769
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.550
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.332
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:01.069
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\DANIEL~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:00.711
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\DANIEL~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 45%
Total physical RAM: 3956.5 MB
Available physical RAM: 2161.49 MB
Total Pagefile: 7911.18 MB
Available Pagefile: 5719.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:290.05 GB) (Free:108.45 GB) NTFS
Drive d: (DATA) (Fixed) (Total:290.4 GB) (Free:285.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 6D48B855)
Partition 1: (Not Active) - (Size=15.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=290.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=290.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Bootsektor 11.02.2015 22:47
Hallo,

ja das blöde Teil ist ja auch immer noch da.

Jetzt geh mal im FF auf die horizontalen Linien rechts oben, dann auf AddOns, dann auf Erweiterungen und lösch da mal ZoomIT.

magigstar 11.02.2015 22:53
Ok,
ist nun nicht mehr in den Add-Ons

Bootsektor 11.02.2015 23:32
Hallo,

Zitat:
Ok,
ist nun nicht mehr in den Add-Ons
bemerkst du denn nun irgendwelche Veränderungen?

magigstar 12.02.2015 21:15
"Man, ich ärgere mich gar nicht mehr, wenn ich am Computer bin." stelle ich gerade fest...

Jetzt läuft er wirklich stabiler.. kann doch nicht wirklich sein, dass es nur daran lag..

Bootsektor 13.02.2015 00:46
Was ist mit Chrome? Schau da bitte auch mal in die Einstellungen. Lösche alles unter Startseite und Neuer Tab was trovi heisst und poste mir dann bitte nochmal, damit ich sehen kann, ob nun auch wirklich alles weg ist noch ein neues FRST.

magigstar 13.02.2015 05:33
Habe versucht die Startseite zu ändern, trotzdem startet Chrome mit trovi.com

Bootsektor 15.02.2015 00:33
Dann setz den bitte einfach mal zurück:

Schritt 1
Öffne Google Chrome.
und dann nochmal:

Schritt 2
Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

magigstar 15.02.2015 17:32
Schritt 1 erledigt

Schritt 2

FRST Bericht:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-02-2015
Ran by DDDDD CCCCC (administrator) on ARBEITSCOMPUTER on 15-02-2015 17:23:47
Running from C:\Users\DDDDD CCCCC\Desktop
Loaded Profiles: DDDDD CCCCC & EEEEE & Versuch (Available profiles: DDDDD CCCCC & EEEEE & Versuch)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Common Files\AAV\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Windows\snuvcdsm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\PLFSetI.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(RescueTime, Inc.) C:\Program Files (x86)\RescueTime\RescueTime.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mirko Böer) C:\Program Files\AmP\AmP.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SNUVCDSM] => C:\Windows\snuvcdsm.exe [30080 2011-01-13] ()
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-29] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetL] => C:\Windows\PLFSetL.exe [99712 2011-01-13] (Sonix Technology Co., Ltd.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2011-11-13] ()
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-11] (Egis Technology Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-07-22] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-02] (Dritek System Inc.)
HKLM-x32\...\Run: [SimpleScreenshot] => C:\Program Files (x86)\SSS\SIMPLESCREENSHOT.EXE [2254848 2008-01-28] (Mirko Böer)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-23] (BillP Studios)
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [SimpleScreenshot] => C:\Program Files (x86)\SSS\SIMPLESCREENSHOT.EXE [2254848 2008-01-28] (Mirko Böer)
HKU\S-1-5-21-1242904208-471078349-2963378918-1003\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-1242904208-471078349-2963378918-1003\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
Startup: C:\Users\DDDDD CCCCC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk
ShortcutTarget: RescueTime.lnk -> C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1242904208-471078349-2963378918-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.de/
HKU\S-1-5-21-1242904208-471078349-2963378918-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27361111d106l0498z1j5t4471e496
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1242904208-471078349-2963378918-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1242904208-471078349-2963378918-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1242904208-471078349-2963378918-1003 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE457
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: unissales -> {7e0aaab3-ba7d-4a2d-b1e6-4289ce4d1b1e} -> C:\Program Files (x86)\unissales\9vFbOLvEX4RE1d.x64.dll No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1242904208-471078349-2963378918-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\DDDDD CCCCC\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: LeechBlock - C:\Users\DDDDD CCCCC\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2014-12-07]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7F3C43B3-690F-4276-959F-1C74A797CA2A&SearchSource=55&CUI=&UM=8&UP=SP9050A32E-D786-4A42-9E49-5663C4588ECE&SSPV="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\DDDDD CCCCC\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (Google Präsentationen) - C:\Users\DDDDD CCCCC\AppData\Local\Google\Chrome\User Data\default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-01]
CHR Extension: (Google Docs) - C:\Users\DDDDD CCCCC\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-25]
CHR Extension: (Google Drive) - C:\Users\DDDDD CCCCC\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\DDDDD CCCCC\AppData\Local\Google\Chrome\User Data\default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-26]
CHR Extension: (YouTube) - C:\Users\DDDDD CCCCC\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-25]
CHR Extension: (Google-Suche) - C:\Users\DDDDD CCCCC\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-25]
CHR Extension: (Google Tabellen) - C:\Users\DDDDD CCCCC\AppData\Local\Google\Chrome\User Data\default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-01]
CHR Extension: (Avira Browserschutz) - C:\Users\DDDDD CCCCC\AppData\Local\Google\Chrome\User Data\default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-26]
CHR Extension: (Google Wallet) - C:\Users\DDDDD CCCCC\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-26]
CHR Extension: (Google Mail) - C:\Users\DDDDD CCCCC\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-25]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Common Files\AAV\aavus.exe [122880 2007-10-04] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
S4 BotkindSyncService; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [182784 2013-10-10] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S4 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241704 2014-03-25] (Foxit Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-11] (Egis Technology Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 NoIPDUCService4; C:\Program Files (x86)\No-IP\ducservice.exe [11264 2013-01-24] () [File not signed]
S4 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3051848 2011-01-25] (O&O Software GmbH)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] () [File not signed]
S4 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S4 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) [File not signed]
S4 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe [72344 2008-05-19] (SiSoftware) [File not signed]
S4 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [247152 2010-04-27] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 EkaProt6; C:\Windows\System32\DRIVERS\ekaprot6.sys [27288 2012-03-23] (Ekahau Inc.)
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [109144 2014-01-30] (Softwareentwicklung Remus - ArchiCrypt - )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806592 2011-01-13] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 17:23 - 2015-02-15 17:24 - 00022466 _____ () C:\Users\DDDDD CCCCC\Desktop\FRST.txt
2015-02-15 15:14 - 2015-02-15 15:14 - 00000266 _____ () C:\Users\DDDDD CCCCC\Desktop\Habe Mist gebaut... - Seite 4 - Trojaner-Board.URL
2015-02-15 14:29 - 2015-02-15 14:29 - 00000315 _____ () C:\Users\DDDDD CCCCC\Desktop\Spieltheroie.URL
2015-02-15 14:28 - 2015-02-15 14:28 - 00000309 _____ () C:\Users\DDDDD CCCCC\Desktop\Guardia di Finanza - Appuntato specializzato antiterrorismo pronto impiego.URL
2015-02-15 14:05 - 2015-02-15 14:05 - 00000326 _____ () C:\Users\DDDDD CCCCC\Desktop\Publik-Forum Sho.URL
2015-02-15 13:54 - 2015-02-15 13:54 - 00000249 _____ () C:\Users\DDDDD CCCCC\Desktop\Den Arbeitsplatz wechseln – ja oder nein » arbeits-abc.de.URL
2015-02-14 23:17 - 2015-02-14 23:17 - 00000309 _____ () C:\Users\DDDDD CCCCC\Desktop\Persönlichkeitsgerechte Karriere - Bin ich hier richtig.URL
2015-02-14 13:21 - 2015-02-14 13:21 - 00000301 _____ () C:\Users\DDDDD CCCCC\Desktop\Wirtschaftswoche.URL
2015-02-14 07:51 - 2015-02-14 07:51 - 00000286 _____ () C:\Users\DDDDD CCCCC\Desktop\Wie sind Steuern ethisch zu bewerten.URL
2015-02-14 07:09 - 2015-02-14 07:09 - 00000236 _____ () C:\Users\DDDDD CCCCC\Desktop\Bewerbung, Karriere, Personalentwicklung HesseSchrader.URL
2015-02-13 22:31 - 2015-02-13 22:31 - 00000295 _____ () C:\Users\DDDDD CCCCC\Desktop\034450 Ansässigkeitsbescheinigung nach DBA - 034450.pdf.URL
2015-02-13 22:31 - 2015-02-13 22:31 - 00000264 _____ () C:\Users\DDDDD CCCCC\Desktop\S2_76.WIN - Formular-Einkommensteuer-S2-76.pdf.URL
2015-02-13 22:23 - 2015-02-13 22:23 - 00000272 _____ () C:\Users\DDDDD CCCCC\Desktop\Anerkennungs- Anerkennungs-Finder - Start.URL
2015-02-12 22:53 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-12 22:53 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-12 22:53 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-12 22:53 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-12 21:32 - 2015-02-12 21:32 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-02-12 21:02 - 2015-02-12 21:02 - 00003588 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - aa75a83ba0e54f469f9229056b3523d0eb35faeb3e174ec898b456f50bbc2c60
2015-02-12 20:48 - 2015-02-12 20:48 - 00001474 ____R () C:\Windows\SimpleScreenshot6_Uninstall.in
2015-02-12 20:48 - 2008-01-28 14:51 - 00330336 _____ (Mirko Böer) C:\Windows\SSSUn6.exe
2015-02-12 20:15 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 20:15 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 20:15 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 20:15 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 21:31 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 21:31 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 21:31 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 21:31 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 21:31 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 21:31 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 21:31 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 21:31 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 21:31 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 21:31 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 21:31 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 21:31 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 21:31 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 21:31 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 21:31 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 21:31 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 21:31 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 21:31 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 21:31 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 21:31 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 21:31 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 21:31 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 21:30 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 21:30 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 21:30 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 21:30 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 21:30 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 21:30 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 21:30 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 21:30 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 21:30 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 21:30 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 21:30 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 21:30 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 21:30 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 21:30 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 21:30 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 21:30 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 21:30 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 21:30 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 21:30 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 21:30 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 21:30 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 21:30 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 21:30 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 21:30 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 21:30 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 21:30 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 21:30 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 21:30 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 21:30 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 21:30 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 21:30 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 21:30 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 21:30 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 21:30 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 21:30 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 21:30 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 21:30 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 21:30 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 21:30 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 21:30 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 21:30 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 21:30 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 21:30 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 21:30 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 21:30 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 21:30 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 21:30 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 21:30 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 21:30 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 21:30 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 21:30 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 21:30 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 21:29 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 21:29 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 21:29 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 21:29 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 21:29 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 21:29 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 21:29 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 21:29 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 21:29 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 21:29 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 21:29 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 21:29 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 21:29 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 21:29 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 21:29 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 21:29 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 21:29 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 21:29 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 21:29 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 21:29 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 21:28 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 21:28 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 21:28 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 21:28 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 21:28 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 21:28 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 21:28 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 21:28 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 21:20 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 21:20 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 21:19 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 21:18 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 21:18 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 21:18 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 21:18 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 21:18 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 21:18 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 21:18 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 18:48 - 2015-02-15 17:23 - 02134528 _____ (Farbar) C:\Users\DDDDD CCCCC\Desktop\FRST64.exe
2015-02-08 22:42 - 2015-02-08 22:42 - 00000250 _____ () C:\Users\DDDDD CCCCC\Desktop\▶ Motivationsvortrag Die Kunst, Dein Ding zu machen - YouTube.URL
2015-02-08 17:15 - 2015-02-08 17:15 - 00003016 _____ () C:\Users\DDDDD CCCCC\AppData\Local\recently-used.xbel
2015-02-08 16:40 - 2015-02-12 20:48 - 00000000 ____D () C:\Program Files (x86)\SSS
2015-02-08 16:40 - 2015-02-08 16:40 - 00001350 ____R () C:\Windows\SimpleScreenshot5_Uninstall.in
2015-02-08 16:40 - 2008-01-28 14:51 - 00330336 _____ (Mirko Böer) C:\Windows\SSSUn5.exe
2015-02-01 23:11 - 2015-02-01 23:11 - 00000250 _____ () C:\Users\DDDDD CCCCC\Desktop\YouTube.URL
2015-02-01 23:10 - 2015-02-01 23:10 - 00000244 _____ () C:\Users\DDDDD CCCCC\Desktop\Zeitmanagement.URL
2015-02-01 08:55 - 2015-02-01 08:55 - 00039830 _____ () C:\ComboFix.txt
2015-02-01 01:01 - 2015-02-01 00:56 - 05611408 ____R (Swearware) C:\Users\DDDDD CCCCC\Desktop\ComboFix.exe
2015-02-01 00:46 - 2015-02-01 00:46 - 00000249 _____ () C:\Users\DDDDD CCCCC\Desktop\Link.URL
2015-01-31 23:47 - 2015-02-12 19:47 - 00002169 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2015.lnk
2015-01-31 20:29 - 2015-01-31 20:29 - 00000269 _____ () C:\Users\DDDDD CCCCC\Desktop\Online Fitness mit Trainingsplänen - FREELETICS.URL
2015-01-31 17:50 - 2015-02-15 17:23 - 00000000 ____D () C:\Users\DDDDD CCCCC\Desktop\FRST-OlderVersion
2015-01-31 17:48 - 2015-01-31 17:48 - 00000337 _____ () C:\Users\DDDDD CCCCC\Desktop\Samsung Tab - kein Speicherplatz - Android-Hilfe.de.URL
2015-01-31 17:00 - 2015-01-31 17:01 - 00001671 _____ () C:\Users\DDDDD CCCCC\Desktop\JRT.txt
2015-01-31 15:22 - 2015-01-31 15:22 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-31 15:03 - 2015-01-31 15:03 - 02194432 _____ () C:\Users\DDDDD CCCCC\Desktop\AdwCleaner_4.109.exe
2015-01-31 15:03 - 2015-01-31 15:03 - 01707939 _____ (Thisisu) C:\Users\DDDDD CCCCC\Desktop\JRT.exe
2015-01-31 11:33 - 2015-01-31 11:33 - 00000000 ____D () C:\Users\DDDDD CCCCC\Documents\TokensBackup
2015-01-31 09:43 - 2015-01-31 09:46 - 00000000 ____D () C:\Users\DDDDD CCCCC\Desktop\Ordnung
2015-01-31 09:35 - 2015-01-31 09:35 - 00000000 ____D () C:\Users\DDDDD CCCCC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Booster-Web
2015-01-31 09:34 - 2015-02-08 09:43 - 00000000 ____D () C:\Users\DDDDD CCCCC\AppData\Roaming\Booster-Web
2015-01-31 09:32 - 2015-01-31 09:32 - 00001117 _____ () C:\Users\DDDDD CCCCC\Desktop\Continue installation .lnk
2015-01-31 09:31 - 2015-01-31 09:31 - 00000000 ____D () C:\ProgramData\SearchModulePlus
2015-01-31 09:06 - 2015-01-31 17:44 - 00000000 ____D () C:\Program Files (x86)\Hearthstone Stream Browser
2015-01-31 09:06 - 2015-01-31 09:06 - 00000000 ____D () C:\Windows\SysWOW64\AMD64
2015-01-31 08:52 - 2014-12-14 10:53 - 00378640 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll
2015-01-30 20:51 - 2015-01-30 20:51 - 00000600 _____ () C:\Users\DDDDD CCCCC\AppData\Roaming\winscp.rnd
2015-01-30 20:08 - 2015-01-30 20:08 - 00000000 ____D () C:\Users\Versuch\AppData\Roaming\PDF Architect
2015-01-30 20:08 - 2015-01-30 20:08 - 00000000 ____D () C:\Users\Versuch\AppData\Local\IsolatedStorage
2015-01-30 19:16 - 2015-01-30 19:17 - 00000000 ____D () C:\Users\Versuch\AppData\OICE_15_974FA576_32C1D314_2072
2015-01-27 21:08 - 2015-02-15 16:39 - 00005190 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Arbeitscomputer-DDDDD CCCCC Arbeitscomputer

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 17:23 - 2014-08-21 20:10 - 00000000 ____D () C:\FRST
2015-02-15 17:23 - 2012-09-20 04:21 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-15 17:05 - 2012-08-14 18:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-15 16:51 - 2011-11-13 21:43 - 01883931 _____ () C:\Windows\WindowsUpdate.log
2015-02-15 15:39 - 2012-03-25 11:40 - 00000000 ____D () C:\Users\DDDDD CCCCC\Documents\Steuerfälle
2015-02-15 15:23 - 2012-09-20 04:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-15 13:22 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-15 13:22 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-15 13:15 - 2014-06-18 08:20 - 00028637 _____ () C:\Windows\setupact.log
2015-02-15 13:15 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-13 22:23 - 2014-11-02 21:54 - 00000000 ____D () C:\Users\EEEEE\Desktop\div. Briefe
2015-02-13 16:38 - 2012-04-10 14:54 - 00007536 _____ () C:\Users\DDDDD CCCCC\Documents\OuProxy.log
2015-02-13 04:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-13 03:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-12 23:17 - 2013-10-05 08:28 - 01604278 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-12 23:17 - 2011-11-14 06:34 - 00702664 _____ () C:\Windows\system32\perfh007.dat
2015-02-12 23:17 - 2011-11-14 06:34 - 00151424 _____ () C:\Windows\system32\perfc007.dat
2015-02-12 23:16 - 2009-07-14 06:13 - 01604278 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-12 23:09 - 2009-11-05 04:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-12 23:08 - 2014-03-28 22:09 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-12 20:48 - 2011-11-20 16:01 - 00000946 _____ () C:\Users\DDDDD CCCCC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SimpleScreenshot.lnk
2015-02-12 19:32 - 2009-07-14 05:45 - 00458328 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 19:30 - 2014-12-12 20:57 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 19:30 - 2014-05-03 07:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 23:20 - 2009-07-14 03:34 - 00000648 _____ () C:\Windows\win.ini
2015-02-11 23:11 - 2013-07-13 08:36 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 23:01 - 2011-11-18 19:58 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 22:27 - 2014-08-07 20:56 - 03036672 ___SH () C:\Users\DDDDD CCCCC\Desktop\Thumbs.db
2015-02-10 18:51 - 2014-08-06 10:55 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-10 18:50 - 2013-02-24 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-10 18:50 - 2013-02-24 19:39 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-08 22:31 - 2014-11-29 10:02 - 00000000 ____D () C:\Users\DDDDD CCCCC\Desktop\Neuer Ordner (4)
2015-02-08 17:15 - 2014-06-15 19:34 - 00000000 ____D () C:\Users\DDDDD CCCCC\AppData\Local\gtk-2.0
2015-02-08 17:15 - 2012-08-29 10:11 - 00000000 ____D () C:\Users\DDDDD CCCCC\.gimp-2.8
2015-02-08 09:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-02-07 15:18 - 2011-11-13 23:22 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-07 15:18 - 2011-11-13 23:22 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-06 19:17 - 2014-06-20 13:07 - 00113416 _____ () C:\Windows\PFRO.log
2015-02-05 21:35 - 2014-08-05 14:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-05 21:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PLA
2015-02-01 08:55 - 2014-08-24 12:03 - 00000000 ____D () C:\Qoobox
2015-02-01 08:50 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-01 08:40 - 2013-10-13 19:47 - 00000000 ____D () C:\Windows\erdnt
2015-02-01 08:40 - 2009-07-14 03:34 - 24379392 _____ () C:\Windows\system32\config\system.bak
2015-02-01 08:40 - 2009-07-14 03:34 - 113508352 _____ () C:\Windows\system32\config\software.bak
2015-02-01 08:40 - 2009-07-14 03:34 - 05505024 _____ () C:\Windows\system32\config\default.bak
2015-02-01 08:40 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-02-01 08:40 - 2009-07-14 03:34 - 00032768 _____ () C:\Windows\system32\config\security.bak
2015-02-01 08:39 - 2009-11-05 01:49 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-01-31 23:47 - 2012-03-25 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps
2015-01-31 23:47 - 2012-03-25 11:26 - 00000000 ____D () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft
2015-01-31 17:39 - 2013-09-19 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-31 17:39 - 2012-03-11 02:08 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-31 17:19 - 2011-11-14 06:15 - 00000000 ____D () C:\Windows\Lan
2015-01-31 15:22 - 2014-08-05 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-31 15:22 - 2014-08-05 14:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-31 15:08 - 2014-11-16 12:18 - 00001025 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-31 15:08 - 2014-11-16 12:18 - 00001013 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-31 15:08 - 2014-10-25 07:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-31 15:08 - 2014-08-24 18:36 - 00000000 ____D () C:\AdwCleaner
2015-01-31 15:08 - 2011-11-20 15:41 - 00001021 _____ () C:\Users\DDDDD CCCCC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-31 07:56 - 2014-08-15 15:44 - 00000000 ____D () C:\Users\DDDDD CCCCC\AppData\Local\Adobe
2015-01-31 07:56 - 2012-04-02 19:28 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-31 07:56 - 2012-04-02 19:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-31 07:56 - 2011-11-15 21:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-30 19:03 - 2014-09-10 06:10 - 00000000 ____D () C:\Users\Versuch\AppData\Roaming\SimpleScreenshot
2015-01-27 20:12 - 2014-11-10 20:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 06:18 - 2014-11-16 12:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 07:21 - 2012-06-10 14:07 - 00000000 ____D () C:\Users\DDDDD CCCCC\Documents\Bewerbungen
2015-01-23 21:11 - 2013-11-02 09:43 - 00000000 ____D () C:\Users\DDDDD CCCCC\AppData\Roaming\Skype
2015-01-20 14:50 - 2014-09-10 06:09 - 00000000 ____D () C:\Users\Versuch
2015-01-20 14:50 - 2013-05-22 21:33 - 00000000 ____D () C:\Users\DDDDD CCCCC\AppData\Local\RescueTime.com
2015-01-20 14:50 - 2012-03-30 17:57 - 00000000 ____D () C:\Users\EEEEE
2015-01-20 14:50 - 2011-12-01 21:23 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-01-20 14:50 - 2011-11-20 16:01 - 00000000 ____D () C:\Users\DDDDD CCCCC\AppData\Roaming\SimpleScreenshot
2015-01-20 14:50 - 2009-11-05 01:26 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-20 14:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-20 06:21 - 2011-11-13 22:46 - 00000000 ____D () C:\Users\DDDDD CCCCC
2015-01-18 20:07 - 2012-04-07 11:49 - 00000000 ____D () C:\Users\DDDDD CCCCC\Documents\Finanzen

==================== Files in the root of some directories =======

2014-06-28 07:10 - 2014-07-23 21:30 - 14159872 _____ () C:\Users\DDDDD CCCCC\AppData\Roaming\Sandra.mdb
2015-01-30 20:51 - 2015-01-30 20:51 - 0000600 _____ () C:\Users\DDDDD CCCCC\AppData\Roaming\winscp.rnd
2012-04-20 18:28 - 2014-07-07 01:20 - 0006656 _____ () C:\Users\DDDDD CCCCC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-22 21:07 - 2014-09-22 21:07 - 0001482 _____ () C:\Users\DDDDD CCCCC\AppData\Local\RecConfig.xml
2015-02-08 17:15 - 2015-02-08 17:15 - 0003016 _____ () C:\Users\DDDDD CCCCC\AppData\Local\recently-used.xbel
2013-08-12 21:15 - 2013-08-12 21:15 - 0007603 _____ () C:\Users\DDDDD CCCCC\AppData\Local\Resmon.ResmonCfg
2012-03-31 10:26 - 2012-03-31 10:26 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-11-13 22:53 - 2011-11-13 22:57 - 0008282 _____ () C:\ProgramData\ArcadeDeluxe3.log
2014-09-22 19:19 - 2014-10-06 19:45 - 0008737 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\DDDDD CCCCC\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-13 00:24

==================== End Of Log ============================
--- --- ---

--- --- ---


Addition Bericht

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-02-2015
Ran by DDDDD CCCCC at 2015-02-15 17:25:43
Running from C:\Users\DDDDD CCCCC\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.7112 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.0.7112 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.29 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.124.1120 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.124.1120 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3004 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.2009.1217 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3000 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.103 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}) (Version: 1.4.17.35005 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.4.17.35005 - Alcor Micro Corp.) Hidden
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
Alle meine Passworte 4.13 (HKLM\...\AllemeinePassworte) (Version:  - Mirko Böer)
Allway Sync version 12.16.9 (HKLM-x32\...\Allway Sync_is1) (Version:  - Botkind Inc)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1105 - Alps Electric)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{11F38253-8940-FFDA-D131-B14120C357E4}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avi2Dvd 0.6.4 (HKLM-x32\...\Avi2Dvd) (Version: 0.6.4 - TrustFm)
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Backup Manager Basic (x32 Version: 2.0.0.29 - NewTech Infosystems) Hidden
BatteryCare 0.9.10.0 (HKLM-x32\...\{C6A6036D-FBD0-4324-BEAA-C0845257160C}_is1) (Version: 0.9.10.0 - Filipe Lourenço)
BitTorrent (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\BitTorrent) (Version: 7.9.2.31638 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Booster-Web (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Booster-Web) (Version: 4 - ${CompanyName})
Broadcom Gigabit NetLink Controller (HKLM\...\{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}) (Version: 12.33.03 - Broadcom Corporation)
Canon MP160 Benutzerregistrierung (HKLM-x32\...\Canon MP160 Benutzerregistrierung) (Version:  - )
ccc-core-static (x32 Version: 2009.1209.2335.42329 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP)
Chandler 1.0.3 (HKLM-x32\...\Chandler) (Version: 1.0.3 - Open Source Applications Foundation)
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)
CoreAAC Audio Decoder (remove only) (HKLM-x32\...\CoreAAC Audio Decoder) (Version:  - )
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
EinsteinBrainTrainer (remove only) (HKLM-x32\...\EinsteinBrainTrainer) (Version:  - )
Ekahau HeatMapper (HKLM\...\Heatmapper-1.1.4.39795) (Version: 1.1.4.39795 - Ekahau Inc.)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
ffdshow [rev 3299] [2010-03-03] (HKLM-x32\...\ffdshow_is1) (Version: 1.0.0.3299 - )
Fiat eco:Drive (HKLM-x32\...\com.fiat.convergence.385E4263E7379A5D22A7076E99B02868EFF10711.1) (Version: 2.0.2 - Fiat Group Automobiles)
Fiat eco:Drive (x32 Version: 2.0.2 - Fiat Group Automobiles) Hidden
First Class Flurry (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}) (Version:  - Oberon Media)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.105.325 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.3.321 - Foxit Corporation)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free DVD Video Burner version 3.0.4.426 (HKLM-x32\...\Free DVD Video Burner_is1) (Version:  - DVDVideoSoft Limited.)
Free System Utilities (HKLM-x32\...\{ad2818b3-1616-4ec8-855d-be6936103e5a}) (Version: 1.1.0.70 - Covus Freemium GmbH)
Free SystemUtilities (x32 Version: 1.1.0.70 - Covus Freemium GmbH) Hidden
Free YouTube Download version 3.1.37.918 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.37.918 - DVDVideoSoft Ltd.)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0_RC_10 - )
FRITZ!Box-Fernzugang einrichten (HKLM-x32\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
FrostWire 5.3.5 (HKLM-x32\...\FrostWire 5) (Version: 5.3.5.0 - FrostWire Team)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photosmart 5520 series - Grundlegende Software für das Gerät (HKLM\...\{4F396B08-301D-4E53-A372-95A7E93ABD04}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.007 - HTC Corporation)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Join Air (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - ZTE Corporation)
Kassenbuch (HKLM-x32\...\{29531C6B-7B64-4C53-B54A-6C8AB5DE2159}) (Version: 1.0.0 - Office Consult GmbH)
K-Lite Codec Pack 9.2.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.2.0 - )
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.05 - Acer Inc.)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MediaHuman YouTube to MP3 Converter Version 3.3 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.3 - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 (KB971118) (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971118)) (Version:  - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 Language Pack - DEU (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 Language Pack - DEU) (Version:  - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1242904208-471078349-2963378918-1003\...\SkyDriveSetup.exe) (Version: 16.4.6010.0727 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MPC-HC 1.7.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.0.1 - Vitalwerks Internet Solutions LLC)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6623 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6623 - NewTech Infosystems) Hidden
O&O Defrag Free Edition (HKLM\...\{C10CAF82-9D36-4D9A-9DC0-C4549F06B519}) (Version: 14.1.431 - O&O Software GmbH)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF24 Creator 6.8.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
pomodairo (HKLM-x32\...\{EEBEA077-AB92-5083-ECB1-C15BD842D00B}) (Version: 1.9 - UNKNOWN)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Random Dresser (HKLM-x32\...\RandomDresser) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
RescueTime 2.2.1 (HKLM-x32\...\{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1) (Version:  - RescueTime.com)
Restorer2000 3.3 (HKLM-x32\...\Restorer2000_is1) (Version: 3.3 - Bitmart Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shutdown Manager (HKLM-x32\...\{C457BA5F-35F9-480C-90F8-5C91DB443A15}_is1) (Version: 2.0.7 - Daniel Höllig)
SimpleScreenshot 1.40 (HKLM-x32\...\SimpleScreenshot) (Version:  - )
SiSoftware Sandra Lite 2014.SP2a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 20.35.2014.6 - SiSoftware)
SIW version 2011.10.29 (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.10.29 - Topala Software Solutions)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Steganos Safe 14 (HKLM-x32\...\{13B7FBFB-622E-4002-8570-594798E6167D}) (Version: 14.2.2 - Steganos Software GmbH)
Steuer-Spar-Erklärung 2008 (HKLM-x32\...\{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}) (Version: 13.02.0000 - Akademische Arbeitsgemeinschaft)
Steuer-Spar-Erklärung 2009 (HKLM-x32\...\{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}) (Version: 14.01.0000 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2010 (HKLM-x32\...\{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}) (Version: 15.15 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2011 (HKLM-x32\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.18 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.14 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.12.92 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.28.138 - Akademische Arbeitsgemeinschaft)
Streamripper (Remove only) (HKLM-x32\...\Streamripper) (Version:  - )
Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten (HKLM\...\{CAD7B6DD-9C82-4D17-BAE8-3E9AE4971B90}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
Time Stamp (HKLM-x32\...\Time Stamp_is1) (Version:  - 3.23.2010-0313)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.0.0 - TP-LINK)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
Tunatic (HKLM-x32\...\Tunatic) (Version:  - )
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinPatrol (HKLM\...\{6E575124-6D34-4E65-9375-7D69468A6089}) (Version: 30.9 - BillP Studios)
WinRAR 5.10 Beta 4 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Zuzahlungsrechner (HKLM-x32\...\{B2C69E77-F209-4B63-8676-4F32B27E162B}) (Version: 3.6.0 - sfr-software-fuers-heim)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1242904208-471078349-2963378918-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\DDDDD CCCCC\AppData\Roaming\moters\supna.dll No File <==== ATTENTION

==================== Restore Points  =========================

11-02-2015 20:25:53 Windows Update
11-02-2015 22:58:14 Windows Update
12-02-2015 21:31:39 Installed HP Support Solutions Framework
12-02-2015 23:06:20 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-02-01 08:39 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0CAEEB6B-A216-4E04-9EA6-AC310639FD8D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {23CEA58C-8E99-49B6-96E0-E0033F148659} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {26DA7882-781D-4FC9-B1A5-5F5B1F7227FE} - System32\Tasks\{6A246FB0-E753-4188-9543-22389AB30F4E} => pcalua.exe -a "C:\Users\DDDDD CCCCC\Downloads\Chandler_win_1.0.3.exe" -d "C:\Users\DDDDD CCCCC\Downloads"
Task: {38C51694-B081-4739-8E17-069D4A49D4D4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {47C46238-A6C4-4C4B-BE85-E6E1425608CB} - System32\Tasks\{144D2C4F-2583-452B-AC74-C64839CF03CC} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller" -c -hunter
Task: {5A42985A-DC32-4FE1-8210-CA09F67316FC} - System32\Tasks\HPCustPartic.exe_{96420065-3C4E-4B3E-96DB-DB0760F51DDD} => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {5B5D6CC7-9FA7-4441-9A09-8A3C4EA669FD} - System32\Tasks\{9B880EC1-DC3B-45D7-A7BB-4E131A7A884F} => pcalua.exe -a "C:\Users\DDDDD CCCCC\Downloads\esetsmartinstaller_enu.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {5E1E681C-C0F1-4E87-8C95-38A011634E9C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {658A7160-D5FE-40D6-8358-5AC71CDD5600} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Arbeitscomputer-DDDDD CCCCC Arbeitscomputer => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-01-21] (Microsoft Corporation)
Task: {739C86AB-D488-4894-A94A-E1C873D935C4} - System32\Tasks\{239C0599-E784-4910-B228-5D5AB8D346A6} => pcalua.exe -a "C:\Users\DDDDD CCCCC\Downloads\HiJackThis204.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {792B72B2-C51B-4379-B2AA-007529DB50F0} - System32\Tasks\{8D77E667-A31C-4EB4-B209-1E559B732CBC} => pcalua.exe -a "C:\Program Files (x86)\Canon\IJEREG\MP160\UNINST.EXE"
Task: {7AEAE564-35D2-434E-8BC2-12BF5BC672DE} - System32\Tasks\HPCustParticipation HP Deskjet 3070 B611 series => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {7EED0456-B087-4708-8496-6474B917CECB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {92533B9B-37E7-4E54-B7DE-F8B0B255CFEE} - System32\Tasks\{4781B96F-C3F4-45CF-AB6F-C64C9AD3E88D} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{319D91C6-3D44-436C-9F79-36C0D22372DC}\setup.exe" -d "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK" -c -runfromtemp -removeonly
Task: {9C395D30-C0E5-4B3A-A232-E38DA71A3827} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A1D835EF-9220-45A2-811E-2CA5B38166BF} - System32\Tasks\hpUrlLauncher.exe_{4AF7A75F-FDE8-41B8-80D9-5C3EBC32D019} => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\utils\hpUrlLauncher.exe
Task: {B7A342C6-6ABF-492E-9250-2C92CB583846} - System32\Tasks\{A2A68590-5CAE-4C98-8B98-D18CC5E4C073} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{3DB0448D-AD82-4923-B305-D001E521A964}\setup.exe" -c -runfromtemp -l0x407 -removeonly
Task: {BBBF9E37-C1CD-4CF0-A783-CE021D6D2928} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {CE5325CF-BB63-4751-AB56-BD427BEAA0D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-31] (Adobe Systems Incorporated)
Task: {E36CA599-B047-467B-99AF-5E380AFECE05} - System32\Tasks\{AC797CD7-B058-4AC8-84B2-B2307D6AFF9B} => C:\Program Files (x86)\Chandler1.0.3\chandler.exe
Task: {E85DBE85-E344-4E48-A05A-ACF97445121F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {F108FC97-F5B0-4510-9C8E-EB2E8F5AE0EA} - System32\Tasks\HP AR Program Upload - aa75a83ba0e54f469f9229056b3523d0eb35faeb3e174ec898b456f50bbc2c60 => C:\Program Files\HP\HP Photosmart 5520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {F30712C0-5F79-4616-BFEE-8D27E1822469} - System32\Tasks\{581487AC-8AAF-40E1-A997-6B8519F0C5EC} => C:\Program Files (x86)\Chandler1.0.3\chandler.exe
Task: {FC0397BA-8222-41E7-836D-453BA55E74DB} - System32\Tasks\{2E665153-C229-4C02-9699-2F4EF08B1807} => pcalua.exe -a C:\Users\DANIEL~1\AppData\Local\Temp\InstallFlashPlayer.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2007-10-04 14:32 - 2007-10-04 14:32 - 00122880 _____ () C:\Program Files (x86)\Common Files\AAV\aavus.exe
2011-01-13 09:04 - 2011-01-13 09:04 - 00030080 _____ () C:\Windows\snuvcdsm.exe
2011-11-13 22:52 - 2011-11-13 22:51 - 00200704 _____ () C:\Windows\PLFSetI.exe
2009-07-29 13:10 - 2009-07-29 13:10 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-11-13 21:44 - 2011-11-13 21:44 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-12-28 14:38 - 2014-04-22 19:39 - 00645592 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2014-11-16 12:20 - 2015-01-27 06:18 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1242904208-471078349-2963378918-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\DDDDD CCCCC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1242904208-471078349-2963378918-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\EEEEE\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1242904208-471078349-2963378918-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Versuch\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BotkindSyncService => 2
MSCONFIG\Services: FoxitCloudUpdateService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NoIPDUCService4 => 2
MSCONFIG\Services: NTI IScheduleSvc => 2
MSCONFIG\Services: NTIBackupSvc => 3
MSCONFIG\Services: NTISchedulerSvc => 2
MSCONFIG\Services: OODefragAgent => 2
MSCONFIG\Services: PassThru Service => 2
MSCONFIG\Services: PDF Architect Helper Service => 2
MSCONFIG\Services: PDF Architect Service => 2
MSCONFIG\Services: SandraAgentSrv => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\Services: TomTomHOMEService => 2
MSCONFIG\Services: Updater Service => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart

==================== Accounts: =============================

Administrator (S-1-5-21-1242904208-471078349-2963378918-500 - Administrator - Disabled)
DDDDD CCCCC (S-1-5-21-1242904208-471078349-2963378918-1000 - Administrator - Enabled) => C:\Users\DDDDD CCCCC
EEEEE (S-1-5-21-1242904208-471078349-2963378918-1003 - Limited - Enabled) => C:\Users\EEEEE
Gast (S-1-5-21-1242904208-471078349-2963378918-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1242904208-471078349-2963378918-1002 - Limited - Enabled)
Versuch (S-1-5-21-1242904208-471078349-2963378918-1004 - Administrator - Enabled) => C:\Users\Versuch

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/14/2015 04:04:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/14/2015 04:01:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/14/2015 04:01:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/14/2015 04:01:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/14/2015 04:01:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/13/2015 00:34:59 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/13/2015 00:34:18 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/13/2015 00:34:18 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/13/2015 00:34:18 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/13/2015 00:34:18 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (02/14/2015 06:50:37 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.

Error: (02/14/2015 06:50:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "HP Support Solutions Framework Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (02/14/2015 06:50:01 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst HP Support Solutions Framework Service erreicht.

Error: (02/11/2015 08:21:01 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.28
registriert werden. Der Computer mit IP-Adresse 192.168.178.1 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (02/08/2015 09:27:35 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (02/07/2015 10:19:09 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070420

Error: (02/05/2015 09:34:00 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070420

Error: (02/01/2015 09:17:29 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (02/01/2015 08:40:11 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (02/01/2015 08:39:59 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.


Microsoft Office Sessions:
=========================
Error: (02/14/2015 04:04:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (02/14/2015 04:01:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe

Error: (02/14/2015 04:01:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe

Error: (02/14/2015 04:01:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe

Error: (02/14/2015 04:01:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe

Error: (02/13/2015 00:34:59 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (02/13/2015 00:34:18 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe

Error: (02/13/2015 00:34:18 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe

Error: (02/13/2015 00:34:18 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe

Error: (02/13/2015 00:34:18 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe


CodeIntegrity Errors:
===================================
  Date: 2015-02-01 08:39:15.425
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-01 08:39:15.175
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-01 08:39:14.941
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-01 08:39:14.692
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.971
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.769
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.550
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.332
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:01.069
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\DANIEL~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:00.711
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\DANIEL~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 52%
Total physical RAM: 3956.5 MB
Available physical RAM: 1891.35 MB
Total Pagefile: 7911.19 MB
Available Pagefile: 5198.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:290.05 GB) (Free:108.81 GB) NTFS
Drive d: (DATA) (Fixed) (Total:290.4 GB) (Free:285.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 6D48B855)
Partition 1: (Not Active) - (Size=15.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=290.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=290.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Bootsektor 16.02.2015 23:35
Hallo,

ich müsste schon wissen, ob das zurücksetzen nun was gebracht hat. :)

magigstar 17.02.2015 05:08
Ah ja.. sorry...

Ja, das zurücksetzen hat was gebracht.
Chrome startet normal.

magigstar 27.02.2015 20:41
Aber allgemein läuft der FF immer etwas langsamer...

Bootsektor 01.03.2015 00:20
Hallo,

Zitat:
Aber allgemein läuft der FF immer etwas langsamer...
Kannst du das vll. etwas präzisieren? Langsamer als vorher, als Chrome, als der IE oder generell :)

Schritt 1
Arbeite dich mal durch diese Anleitung durch und berichte mir. :)

magigstar 01.03.2015 21:01
Ok,
ich werde gucken, ob die Probleme auch auftauchen, während ich mit dem abgesicherten Modus im Internet bin.

Auf jeden Fall ist er langsamer als der Chrome.
Den IE nutze ich nicht, kann ich also nicht sagen...

Langsamer als vorher auf keinen Fall... halt irgendwie standardmäßig..
Das kann doch nicht sein...
Ich komme hier in diesem Forum um ein Problem zu lösen, es wird mit Bravur gelöst. Der FF läuft geschmeidig, sehr schön.. und kurze Zeit später läuft er wieder so wie ich ihn sonst auch kenne...

Warum kann das schöne geschmeidige Laufen nicht bleiben....

Bootsektor 01.03.2015 21:42
Hallo,

Zitat:
Warum kann das schöne geschmeidige Laufen nicht bleiben....
Das kann ich dir jetzt leider auch nicht beantworten, teste das mal bitte, vll ist da einfach ein Addon oder eine Erweiterung die quer sitzt, grundsätzlich sind Chrome und der IE aber auch schneller als der FF.

magigstar 08.03.2015 19:35
Also ich sehe da keinen großen Unterschied.
Womöglich kann es in Zusammenhang mit einem Add-On sein, aber ich hab ja auch nicht so viele...

Bootsektor 08.03.2015 23:41
Generell ist es so, dass sowohl der IE als auch Chrome schneller sind als der FF.

magigstar 15.03.2015 23:48
Ist es auch normal, dass Eset nach ein paar Minuten gleich viele Einträge an Schadsoftware findet...

Bootsektor 17.03.2015 14:50
Zeig mal das Log von ESET.


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:16 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131