Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Avira durch gruppenrichtlinie blockiert

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 25.07.2014, 16:21   #1
nug0tt
 
Avira durch gruppenrichtlinie blockiert - Standard

Avira durch gruppenrichtlinie blockiert



Hallo liebe Virenprofis,

ich habe folgendes Problem, über das ich hier schon öfters gelesen habe. Ich kann leider nichts mit den Log Dateien von Farbar anfangen, daher poste ich sie hier direkt. Aber vorher evtl. noch etwas zum Ablauf bis hier hin: Ich habe meinen Rechner gestartet. Dann nach dem Booten die Nachricht "EdjalJahqi.dll konnte nicht gestartet werden" oder so ähnlich, den genauen Wortlaut erinnere ich nicht mehr. Ich hab dann den entsprechenden Ordner aufgesucht und promt sprang Avira an und sagt mir "Trojaner entdeckt", leider erinnere ich hier nicht den Namen und da ich nun Avira wegen der sog. "Gruppenrichtlinie" nicht starten kann, kann ich hier auch keine logs einsehen. Und nun die Farbar logs.
FRST.txt
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014 01
Ran by jesper1 (administrator) on JESPER-PC on 25-07-2014 15:59:48
Running from E:\downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(Dropbox, Inc.) C:\Users\jesper1\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Users\jesper1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\jesper1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\jesper1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\jesper1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\jesper1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\jesper1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\jesper1\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1825064 2009-08-28] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe 
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [CloneCDTray] => C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-30] (SlySoft, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [52168 2008-06-30] (Elaborate Bytes AG)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Bonus.SSR.FR11] => C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [934152 2011-11-07] (ABBYY.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-07-06] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$e12285732c912dc7f94845f638808e81\n. ATTENTION! ====> ZeroAccess?
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3597317893-1479406781-1183269255-1006\...\Run: [Google Update] => C:\Users\jesper1\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-15] (Google Inc.)
HKU\S-1-5-21-3597317893-1479406781-1183269255-1006\...\Run: [EdjalJahqi] => regsvr32.exe " 
HKU\S-1-5-21-3597317893-1479406781-1183269255-1006\...\MountPoints2: {7e8794b4-ea2f-11e1-8749-e8ccd7bc9be0} - H:\autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\jesper1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\jesper1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x36E418B8B4A4CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll No File
DPF: HKLM-x32 {271A3CF5-5A54-447B-A08F-BE805F0DA60B} https://www.olb.de/olb_fb3_1867b/plugin/AXFOAM.CAB
DPF: HKLM-x32 {C752FF21-A8EF-468E-B507-5BBAFB84359E} https://hbciweb.olb.de/financebrowser5/plugin/Signlet-Plugin.CAB
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default
FF DefaultSearchEngine: Google.de
FF SelectedSearchEngine: Google.de
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://search.musicfrost.com/results.php?q=
FF NetworkProxy: "autoconfig_url", "hxxp://www.ub.fernuni-hagen.de/proxy.pac"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @idsoftware.com/QuakeLive - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.11.0 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.11 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.11 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.11 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.11.0 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\jesper1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\jesper1\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\jesper1\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\jesper1\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer Cloud)
FF Plugin ProgramFiles/Appdata: C:\Users\jesper1\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\jesper1\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\searchplugins\amazonde.xml
FF SearchPlugin: C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\searchplugins\digibib.xml
FF SearchPlugin: C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\searchplugins\googlede.xml
FF SearchPlugin: C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\searchplugins\leo-deu-eng.xml
FF SearchPlugin: C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\searchplugins\youtube-videosuche.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\Extensions\2020Player_IKEA@2020Technologies.com [2014-05-10]
FF Extension: No Name - C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\Extensions\SearchHelper [2014-05-10]
FF Extension: DDBAC Plug-In - C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\Extensions\{271A3CF5-5A54-447B-A08F-BE805F0DA60A} [2014-05-10]
FF Extension: Live HTTP Headers - C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-04-08]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-07-06]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-05-13]
FF HKLM-x32\...\Firefox\Extensions: [{1DD9AC48-0855-4AE7-9934-159B4377FFA2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\jesper1\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\jesper1\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\jesper1\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (20-20 3D Viewer for IKEA) - C:\Users\jesper\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.94.0_0\NP_2020Player_IKEA.dll No File
CHR Plugin: (Intel(R) Threading Building Blocks for Windows) - C:\Users\jesper\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.94.0_0\tbb.dll No File
CHR Plugin: (Intel(R) Threading Building Blocks for Windows) - C:\Users\jesper\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.94.0_0\tbbmalloc.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Adobe Contribute CS5 ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll (Adobe Systems, Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U4) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (Unity Player) - C:\Users\jesper\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Plugin: (Google Update) - C:\Users\jesper\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (ProxFlow) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-05-10]
CHR Extension: (YouTube) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-10]
CHR Extension: (Google-Suche) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-10]
CHR Extension: (Internet Banking der OLB) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fipffogddddpcmkklaodlnofkmpognml [2014-05-10]
CHR Extension: (AdBlock) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-10]
CHR Extension: (RealPlayer Downloader) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-05-10]
CHR Extension: (Hangouts) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-06-13]
CHR Extension: (Facebook Notifications) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo [2014-05-10]
CHR Extension: (Google Wallet) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-10]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm [2014-05-10]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-05-10]
CHR Extension: (Google Mail) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-10]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-06-10]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
CHR StartMenuInternet: Google Chrome - C:\Users\jesper\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [819976 2011-10-12] (ABBYY)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
S2 CDMA Device Service; C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe [159232 2011-08-02] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S4 NetMsmqActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-09] (Microsoft Corporation) [File not signed]
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-09] (Microsoft Corporation) [File not signed]
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-09] (Microsoft Corporation) [File not signed]
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-09] (Microsoft Corporation) [File not signed]
R2 NitroDriverReadSpool; C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [341312 2010-06-24] (Nitro PDF Software)
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-06-10] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-07-06] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-06-10] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 Winmgmt; C:\PROGRA~3\2992199F9A\1azjg33.faa [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-22] (DT Soft Ltd)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
S3 npf; C:\Windows\System32\drivers\npf.sys [35344 2010-07-16] (CACE Technologies, Inc.)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [867064 2013-03-21] (Duplex Secure Ltd.)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-25 15:59 - 2014-07-25 15:59 - 00000000 ____D () C:\FRST
2014-07-20 10:43 - 2014-07-20 10:43 - 00000000 ____D () C:\Users\jesper1\AppData\Roaming\Apple Computer
2014-07-18 12:41 - 2014-07-18 14:26 - 00000000 ____D () C:\Program Files (x86)\FLAC
2014-07-18 12:41 - 2014-07-18 12:41 - 00001866 _____ () C:\Users\Public\Desktop\FLAC Frontend.lnk
2014-07-18 12:41 - 2014-07-18 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLAC
2014-07-18 12:34 - 2014-07-18 12:34 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-07-18 01:16 - 2014-07-25 15:42 - 00000000 ____D () C:\ProgramData\EdjalJahqi
2014-07-11 19:55 - 2014-07-11 19:57 - 00000000 ___HD () C:\jexepackres
2014-07-11 19:55 - 2014-07-11 19:55 - 00000033 _____ () C:\Users\jesper1\AstroViewer 3.1.6-Path
2014-07-11 19:55 - 2014-07-11 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AstroViewer 3.1.6
2014-07-08 15:28 - 2014-07-08 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-07-08 15:28 - 2014-07-08 15:28 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-08 15:28 - 2014-07-08 15:28 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-07-08 15:27 - 2014-07-08 15:27 - 00000000 ____D () C:\Users\jesper1\AppData\Local\Apple
2014-07-08 15:24 - 2014-07-08 15:24 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-08 15:24 - 2014-07-08 15:24 - 00000000 ____D () C:\ProgramData\Apple
2014-07-08 15:24 - 2014-07-08 15:24 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-07-08 15:19 - 2014-07-08 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fox Interactive
2014-07-06 17:41 - 2014-07-25 15:46 - 00003368 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3597317893-1479406781-1183269255-1006
2014-07-06 17:38 - 2014-07-06 17:39 - 00291296 _____ () C:\Windows\Minidump\070614-29265-01.dmp
2014-07-06 17:21 - 2014-07-06 18:00 - 00002562 _____ () C:\Windows\diagwrn.xml
2014-07-06 17:21 - 2014-07-06 18:00 - 00001908 _____ () C:\Windows\diagerr.xml
2014-07-06 11:33 - 2014-07-25 15:46 - 00003238 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3597317893-1479406781-1183269255-1006
2014-07-06 11:32 - 2014-07-06 11:32 - 00001046 _____ () C:\Users\Public\Desktop\RealPlayer Cloud.lnk
2014-07-06 11:32 - 2014-07-06 11:32 - 00000000 ____D () C:\Users\jesper1\AppData\Roaming\RealNetworks
2014-07-06 11:32 - 2014-07-06 11:32 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-07-06 11:32 - 2014-07-06 11:32 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-07-06 11:31 - 2014-07-06 11:31 - 00505416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-07-06 11:31 - 2014-07-06 11:31 - 00353864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-07-06 11:31 - 2014-07-06 11:31 - 00278600 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2014-07-06 11:31 - 2014-07-06 11:31 - 00201800 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-25 15:59 - 2014-07-25 15:59 - 00000000 ____D () C:\FRST
2014-07-25 15:53 - 2009-07-14 06:45 - 00021120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-25 15:53 - 2009-07-14 06:45 - 00021120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-25 15:51 - 2010-08-16 13:36 - 01267157 _____ () C:\Windows\WindowsUpdate.log
2014-07-25 15:48 - 2014-05-10 01:11 - 00000000 ____D () C:\Users\jesper1\AppData\Roaming\Dropbox
2014-07-25 15:46 - 2014-07-06 17:41 - 00003368 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3597317893-1479406781-1183269255-1006
2014-07-25 15:46 - 2014-07-06 11:33 - 00003238 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3597317893-1479406781-1183269255-1006
2014-07-25 15:45 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-25 15:45 - 2009-07-14 06:51 - 00001141 _____ () C:\Windows\setupact.log
2014-07-25 15:42 - 2014-07-18 01:16 - 00000000 ____D () C:\ProgramData\EdjalJahqi
2014-07-25 15:39 - 2014-05-10 01:13 - 00001024 _____ () C:\Users\jesper1\Desktop\Dropbox.lnk
2014-07-25 15:39 - 2014-05-10 01:12 - 00000000 ____D () C:\Users\jesper1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-25 15:32 - 2014-02-20 19:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-25 15:32 - 2012-05-13 18:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-25 15:32 - 2010-08-16 17:14 - 00231820 _____ () C:\Windows\PFRO.log
2014-07-24 09:24 - 2014-06-13 12:51 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1006UA.job
2014-07-24 09:15 - 2012-04-05 20:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-24 09:02 - 2012-04-15 11:33 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1000UA.job
2014-07-23 11:23 - 2014-06-13 12:51 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1006Core.job
2014-07-23 11:02 - 2012-04-15 11:33 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1000Core.job
2014-07-22 21:49 - 2014-05-10 01:14 - 00000000 ____D () C:\Users\jesper1\Documents\Citavi 3
2014-07-20 14:57 - 2014-05-12 11:33 - 00003346 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3597317893-1479406781-1183269255-1006
2014-07-20 14:57 - 2014-05-12 11:33 - 00003216 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3597317893-1479406781-1183269255-1006
2014-07-20 10:43 - 2014-07-20 10:43 - 00000000 ____D () C:\Users\jesper1\AppData\Roaming\Apple Computer
2014-07-18 14:42 - 2014-05-10 01:14 - 00000000 ____D () C:\Users\jesper1\Documents\DVDVideoSoft
2014-07-18 14:40 - 2014-05-10 01:13 - 00000000 ____D () C:\Users\jesper1\AppData\Roaming\vlc
2014-07-18 14:26 - 2014-07-18 12:41 - 00000000 ____D () C:\Program Files (x86)\FLAC
2014-07-18 12:41 - 2014-07-18 12:41 - 00001866 _____ () C:\Users\Public\Desktop\FLAC Frontend.lnk
2014-07-18 12:41 - 2014-07-18 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLAC
2014-07-18 12:35 - 2010-08-17 20:06 - 00000000 ____D () C:\Program Files (x86)\Winamp3
2014-07-18 12:34 - 2014-07-18 12:34 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-07-17 08:39 - 2014-05-10 01:13 - 00002371 _____ () C:\Users\jesper1\Desktop\Google Chrome.lnk
2014-07-11 19:57 - 2014-07-11 19:55 - 00000000 ___HD () C:\jexepackres
2014-07-11 19:55 - 2014-07-11 19:55 - 00000033 _____ () C:\Users\jesper1\AstroViewer 3.1.6-Path
2014-07-11 19:55 - 2014-07-11 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AstroViewer 3.1.6
2014-07-11 19:55 - 2014-05-10 00:45 - 00000000 ____D () C:\Users\jesper1
2014-07-10 11:49 - 2013-05-14 08:26 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-09 00:15 - 2012-04-05 20:22 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 00:15 - 2012-04-05 20:22 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 00:15 - 2011-05-22 09:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 15:28 - 2014-07-08 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-07-08 15:28 - 2014-07-08 15:28 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-08 15:28 - 2014-07-08 15:28 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-07-08 15:27 - 2014-07-08 15:27 - 00000000 ____D () C:\Users\jesper1\AppData\Local\Apple
2014-07-08 15:24 - 2014-07-08 15:24 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-08 15:24 - 2014-07-08 15:24 - 00000000 ____D () C:\ProgramData\Apple
2014-07-08 15:24 - 2014-07-08 15:24 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-07-08 15:19 - 2014-07-08 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fox Interactive
2014-07-06 18:00 - 2014-07-06 17:21 - 00002562 _____ () C:\Windows\diagwrn.xml
2014-07-06 18:00 - 2014-07-06 17:21 - 00001908 _____ () C:\Windows\diagerr.xml
2014-07-06 18:00 - 2009-07-14 06:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-06 17:39 - 2014-07-06 17:38 - 00291296 _____ () C:\Windows\Minidump\070614-29265-01.dmp
2014-07-06 17:38 - 2012-01-25 12:10 - 00000000 ____D () C:\Windows\Minidump
2014-07-06 11:32 - 2014-07-06 11:32 - 00001046 _____ () C:\Users\Public\Desktop\RealPlayer Cloud.lnk
2014-07-06 11:32 - 2014-07-06 11:32 - 00000000 ____D () C:\Users\jesper1\AppData\Roaming\RealNetworks
2014-07-06 11:32 - 2014-07-06 11:32 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-07-06 11:32 - 2014-07-06 11:32 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-07-06 11:32 - 2014-05-10 00:46 - 00000000 ____D () C:\Users\jesper1\AppData\Roaming\Real
2014-07-06 11:32 - 2013-01-05 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2014-07-06 11:32 - 2010-10-16 21:08 - 00000000 ____D () C:\Program Files (x86)\Real
2014-07-06 11:31 - 2014-07-06 11:31 - 00505416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-07-06 11:31 - 2014-07-06 11:31 - 00353864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-07-06 11:31 - 2014-07-06 11:31 - 00278600 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2014-07-06 11:31 - 2014-07-06 11:31 - 00201800 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2014-07-06 11:31 - 2010-10-16 21:08 - 00000000 ____D () C:\ProgramData\Real
2014-07-03 15:27 - 2013-05-14 08:24 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3597317893-1479406781-1183269255-1000\$e12285732c912dc7f94845f638808e81

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$e12285732c912dc7f94845f638808e81

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\jesper1\AppData\Local\Temp\avgnt.exe
C:\Users\jesper1\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuu1ngv.dll
C:\Users\jesper1\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\jesper1\AppData\Local\Temp\lowproc.exe
C:\Users\jesper1\AppData\Local\Temp\RSPUpgradeInstaller.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2014-07-18 14:01

==================== End Of Log ============================
         
Und hier die Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-07-2014 01
Ran by jesper1 at 2014-07-25 16:01:14
Running from E:\downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 11 (HKLM-x32\...\{F1100000-0009-0000-0001-074957833700}) (Version: 11.0.376 - ABBYY)
AC3Filter (remove only) (HKLM-x32\...\AC3Filter) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe PDF ePub DRM Removal 4.1.6 (HKLM-x32\...\{C9DD56CA-BAE9-452A-AFE9-834C7770D1A3}) (Version: 4.1.6 - EPUBSOFT)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Age of Empires Online (HKLM-x32\...\Steam App 105430) (Version:  - Microsoft)
ANNO 1602 Königs-Edition (HKLM-x32\...\{077A7810-A937-4465-AD08-ACED9807995F}) (Version: 1.00 - )
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Astroburn Lite (HKLM-x32\...\Astroburn Lite) (Version: 1.7.0.0175 - Disc Soft Ltd)
AstroViewer 3.1.6 (HKLM-x32\...\AstroViewer 3.1.6) (Version:  - Dirk Matussek)
Audacity 1.3.12 (HKLM-x32\...\Audacity 1.3 Beta_is1) (Version:  - Audacity Team)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BIOSAgentPlus by eSupport.com (HKLM-x32\...\BIOSAgentPlus_is1) (Version:  - Copyright © 2013 eSupport.com, Inc • All Rights Reserved)
Cisco AnyConnect VPN Client (HKLM-x32\...\{96C6C69B-B21D-48D9-8ACC-52AE3EB361A2}) (Version: 2.2.0133 - Cisco Systems, Inc.)
Citavi (HKLM-x32\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.4.0.2 - Swiss Academic Software)
CloneCD (HKLM-x32\...\CloneCD) (Version:  - SlySoft)
Counter-Strike 1.6 (HKLM-x32\...\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}) (Version: 1.6 - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Dark Strokes: Die Sünden der Väter Sammleredition (HKLM-x32\...\BFG-Dark Strokes - Die Suenden der Vaeter Sammleredition) (Version:  - )
DDBAC (HKLM-x32\...\{F161B4FF-3976-4917-BD27-CA28C95A13AE}) (Version: 5.3.0 - DataDesign)
Deponia Demo (HKLM-x32\...\Steam App 217830) (Version:  - Daedalic Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Die besten Bewerbungsmuster (HKLM-x32\...\EH_Bewmuster) (Version:  - )
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.41 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
Dungeon Keeper Gold (HKLM-x32\...\GOGPACKDUNGEONKEEPER_is1) (Version: 2.0.0.4 - GOG.com)
DVDFab 8.2.0.8 (29/08/2012) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
Dwarfs F2P (HKLM-x32\...\Steam App 213650) (Version:  - Power of 2)
Edna & Harvey: Harvey's New Eyes (HKLM-x32\...\Steam App 219910) (Version:  - Daedalic Entertainment)
ePub DRM Removal (HKLM-x32\...\ePubDRMRemoval) (Version: 1.4.1 - eBook Converter)
Escape From Monkey Island (HKLM-x32\...\bgbennyboyEMIReplacementSetup_is1) (Version: 1.0 - Quick and Easy Software)
Evernote v. 4.5.3 (HKLM-x32\...\{7BFD42CA-460A-11E1-AE58-984BE15F174E}) (Version: 4.5.3.6131 - Evernote Corp.)
Express Dictate (HKLM-x32\...\Express) (Version: 5.67 - NCH Software)
Express Scribe (HKLM-x32\...\Scribe) (Version: 5.58 - NCH Software)
Fable - The Lost Chapters (HKLM-x32\...\Steam App 204030) (Version:  - Lionhead Studios)
FileZilla Client 3.5.3 (HKLM-x32\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
FLAC 1.2.1b (remove only) (HKLM-x32\...\FLAC) (Version: 1.2.1b - Xiph.org)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Franzis Lebenslauf (HKLM-x32\...\Franzis Lebenslauf) (Version:  - )
Free YouTube to MP3 Converter version 3.8 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version:  - DVDVideoSoft Limited.)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Graph 4.4.2 (HKLM-x32\...\Graph_is1) (Version:  - Ivan Johansen)
GTA2 (HKLM-x32\...\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}) (Version: 1.00.001 - )
Gunpoint (HKLM-x32\...\Steam App 206190) (Version:  - Suspicious Developments)
Halo 2 for Windows Vista (HKLM-x32\...\Halo 2) (Version:  - Microsoft Game Studios)
Halo 2 for Windows Vista (x32 Version: 1.0.0.0 - Microsoft Corporation) Hidden
Haufe Formular-Manager (HKLM-x32\...\{9353F6E9-13B7-43B4-8FA5-CB46CA22671B}) (Version: 2.1.8.0 - Haufe)
IBM SPSS Statistics 20 (HKLM\...\{2AF8017B-E503-408F-AACE-8A335452CAD2}) (Version: 20.0.0.0 - IBM Corp)
Inkscape 0.48.4 (HKCU\...\Inkscape) (Version: 0.48.4 - )
ISOpen V4.5 (HKLM-x32\...\ISOpen_is1) (Version:  - Koyote Soft)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version:  - )
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mindjet MindManager 9 (HKLM-x32\...\{04FE949D-172D-45B4-ACE6-6BCFAB5EC563}) (Version: 9.1.157 - Mindjet)
Minecraft Cracked (HKLM-x32\...\Minecraft Cracked) (Version:  - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Nitro PDF Professional (HKLM\...\{48851F89-AA1D-4FFF-90A6-9594C97BDA1B}) (Version: 6.1.2.1 - Nitro PDF Software)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{54194F60-988C-4D03-B922-C2B00EFDA39A}) (Version: 9.10.0222 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.11.2678 - Electronic Arts, Inc.)
Paragon Partition Manager™ 12 Free (HKLM-x32\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF Annotator 3.0.0.324 (HKLM-x32\...\PDFAnnotator_is1) (Version: 3.0.0.324 - GRAHL software design)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.7.5 - )
Pointofix (HKLM-x32\...\Pointofix_is1) (Version:  - Amerigomedia)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
PSPP (HKLM-x32\...\B426B849-6071-5684-6429-7BE6B77DAB5B) (Version: 20111111 - GNU)
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
Quake Live Mozilla Plugin (HKLM-x32\...\{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}) (Version: 1.0.520 - id Software)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
R for Windows 2.12.0 (HKLM\...\R for Windows 2.12.0_is1) (Version: 2.12.0 - R Development Core Team)
RealDownloader (x32 Version: 17.0.11 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.10 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Ricochet (HKLM-x32\...\Steam App 60) (Version:  - Valve)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.6.0 - SAMSUNG Electronics Co., Ltd.)
SimCity 4 Deluxe (HKLM-x32\...\{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}) (Version:  - )
Skype™ 6.1 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.130 - Skype Technologies S.A.)
Soldat 1.6.2 (HKLM-x32\...\Soldat_is1) (Version: 1.6.2 - Michal Marcinkowski)
Star Wars(tm) Knights of the Old Republic(tm) II: The Sith Lords(tm) (HKLM-x32\...\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}) (Version: 1.00.0000 - Obsidian)
Stellarium 0.12.0 (HKLM\...\Stellarium_is1) (Version: 0.12.0 - Stellarium team)
Stronghold Crusader Extreme (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.20.0000 - Firefly Studios)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.3.0 - Synaptics Incorporated)
The X-Files DVD (HKLM-x32\...\The X-Files DVD) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{C5325053-3C37-4A69-959E-4802AE6686EF}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BBE715CA-02FD-4C5A-90BB-440A967DF05E}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Ventuz 2008 x64 beta (HKLM\...\{1C0E88DD-F67A-4630-86F5-E0D35A4043D1}) (Version: 2.5.25 - Ventuz Technology)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Virtuallab 6.2.2 (HKLM-x32\...\Virtuallab_is1) (Version:  - NASA and University of Illinois at Urbana Champaign)
VLC media player 1.1.10 (HKLM-x32\...\VLC media player) (Version: 1.1.10 - VideoLAN)
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
Winamp3 (remove only) (HKLM-x32\...\Winamp3) (Version:  - )
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
XBSlink (HKLM-x32\...\XBSlink) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\jesper1\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\jesper1\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\jesper1\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2013-10-29 21:19 - 00002756 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com
127.0.0.1 adobe-dns-5.adobe.com
127.0.0.1 hh-software.com
127.0.0.1 www.hh-software.com
127.0.0.1 activate.adobe.de
127.0.0.1 practivate.adobe.de
127.0.0.1 ereg.adobe.de
127.0.0.1 activate.wip3.adobe.de

There are 33 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {10E107F5-9F9A-4A55-B92E-10CFBA6F79B8} - System32\Tasks\Restart Capsule Task => C:\Program Files (x86)\Capsule\bin\Capsule.exe
Task: {27CBE514-7ACB-4307-B8CD-12F77AF96F08} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3597317893-1479406781-1183269255-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {3560298F-C93F-406E-9003-C484A66CB49D} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3597317893-1479406781-1183269255-1006 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {3D592177-3525-48EC-A869-3CC1D7E587D1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1000UA => C:\Users\jesper\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {43A49A11-EF3F-427E-ACE7-037D53354C03} - System32\Tasks\{F3AEDA6C-CD6B-4F82-955C-9CB4BCD2D36D} => G:\Install\setup.exe
Task: {49523480-9C0B-49C7-B2EE-97919D0BA962} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1006UA => C:\Users\jesper1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-15] (Google Inc.)
Task: {55B4F489-A4EA-4B92-B4AC-0948AF3810D5} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3597317893-1479406781-1183269255-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {629193CD-D74E-4613-8EA5-6D709D7A4F53} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1006Core => C:\Users\jesper1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-15] (Google Inc.)
Task: {7869FBE5-1BA3-40BA-AE3F-6C3E4E64DA23} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3597317893-1479406781-1183269255-1006 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {7F9F8D87-516A-4CAA-92EB-2E6D6BD00A0E} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3597317893-1479406781-1183269255-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {86AC1CA9-F123-4755-9A54-E88484BC8102} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1000Core => C:\Users\jesper\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {9B63D3F8-3866-4D58-9C1C-AE2167070CAA} - System32\Tasks\{6FAE2A4E-6313-40C2-9803-67C6DA89EBF8} => Firefox.exe hxxp://ui.skype.com/ui/0/5.3.0.120/de/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-installed;madedefault
Task: {C33273E9-40AA-4541-BBE4-CE3EB9A55EE5} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3597317893-1479406781-1183269255-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {C9871D6C-1431-4C51-A60E-79275A857770} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3597317893-1479406781-1183269255-1006 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {D877E72B-67D5-4076-92DE-481709FDDF81} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {DB27C846-DAE6-48FB-A387-E016C44D2015} - System32\Tasks\{9F812417-0EFB-4DD2-8B2E-27DDA81DEDFC} => E:\spiele\age3\age3.exe
Task: {EC8C529E-7328-43A5-BB8B-0FE1D29E9BD2} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3597317893-1479406781-1183269255-1006 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1000Core.job => C:\Users\jesper\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1000UA.job => C:\Users\jesper\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1006Core.job => C:\Users\jesper1\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1006UA.job => C:\Users\jesper1\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-10-29 11:31 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-06-10 22:03 - 2014-06-10 22:03 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2013-02-13 04:37 - 2013-02-13 04:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-07-06 11:31 - 2014-07-06 11:31 - 00861784 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2014-07-25 15:48 - 2014-07-25 15:48 - 00043008 _____ () c:\users\jesper1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuu1ngv.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\jesper1\AppData\Roaming\Dropbox\bin\libcef.dll
2013-02-13 04:38 - 2013-02-13 04:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2011-08-31 16:44 - 2011-08-31 16:44 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2011-08-31 16:44 - 2011-08-31 16:44 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2012-01-08 15:41 - 2012-01-08 15:41 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-07-17 08:39 - 2014-07-15 11:24 - 00718664 _____ () C:\Users\jesper1\AppData\Local\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-17 08:39 - 2014-07-15 11:24 - 00126280 _____ () C:\Users\jesper1\AppData\Local\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-17 08:39 - 2014-07-15 11:24 - 08537928 _____ () C:\Users\jesper1\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-17 08:39 - 2014-07-15 11:24 - 00353096 _____ () C:\Users\jesper1\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-17 08:39 - 2014-07-15 11:24 - 01732936 _____ () C:\Users\jesper1\AppData\Local\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:977BE2E9F2233890
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Microsoft:4xyOaSNrqmdg1yIYlqPZG52p
AlternateDataStreams: C:\ProgramData\Microsoft:nCY5YgXSXqiKflay4X791NtHc
AlternateDataStreams: C:\ProgramData\Temp:FCBEDCFD
AlternateDataStreams: C:\Users\jesper\AppData\Local:YamQImQmFbrzKASdojZpHs2c

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/21/2014 00:38:56 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (07/21/2014 00:37:40 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (07/21/2014 00:35:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/21/2014 09:43:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/20/2014 04:15:11 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (07/20/2014 04:13:58 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (07/20/2014 04:11:37 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/20/2014 03:01:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 36.0.1985.125, Zeitstempel: 0x53c4dbee
Name des fehlerhaften Moduls: chrome.dll, Version: 36.0.1985.125, Zeitstempel: 0x53c4d8ad
Ausnahmecode: 0xc0000005
Fehleroffset: 0x004a740e
ID des fehlerhaften Prozesses: 0xb28
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3

Error: (07/20/2014 10:19:45 AM) (Source: MsiInstaller) (EventID: 11601) (User: jesper-PC)
Description: Produkt: Java 7 Update 65 -- Datenträger voll: Kein Speicherplatz mehr -- Datenträger: 'C:'; erforderlicher Speicherplatz: 71.487 KB; verfügbarer Speicherplatz: 29.368 KB. Geben Sie Speicherplatz frei, und wiederholen Sie den Vorgang.

Error: (07/19/2014 00:33:20 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (07/25/2014 04:06:34 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/25/2014 04:06:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/25/2014 04:05:34 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/25/2014 04:05:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/25/2014 04:04:34 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/25/2014 04:04:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/25/2014 04:03:34 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/25/2014 04:03:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/25/2014 04:02:34 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/25/2014 04:02:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126


Microsoft Office Sessions:
=========================
Error: (06/26/2014 03:07:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/28/2010 09:12:49 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1027 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 38%
Total physical RAM: 4090.61 MB
Available physical RAM: 2529.24 MB
Total Pagefile: 8179.41 MB
Available Pagefile: 6295.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:45.41 GB) (Free:3.46 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:5 GB) (Free:2.32 GB) NTFS
Drive e: () (Fixed) (Total:237.67 GB) (Free:13.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: B6394A61)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=45 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=238 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=05)

==================== End Of Log ============================
         
Danke schonmal im Voraus

Alt 25.07.2014, 16:46   #2
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Avira durch gruppenrichtlinie blockiert - Standard

Avira durch gruppenrichtlinie blockiert



Hi, Du hast echte Malware auf dem PC laufen. Daher rate ich Dir, alle sensiblen Online-Passwörter von einem sauberen PC aus zu ändern.

Helfen kann ich erst, wenn Du alle illegale Software auf dem PC entfernt hast.

Code:
ATTFilter
127.0.0.1 localhost
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com
127.0.0.1 adobe-dns-5.adobe.com
127.0.0.1 hh-software.com
127.0.0.1 www.hh-software.com
127.0.0.1 activate.adobe.de
127.0.0.1 practivate.adobe.de
127.0.0.1 ereg.adobe.de
127.0.0.1 activate.wip3.adobe.de
         
Unsere Regeln:
http://www.trojaner-board.de/95394-c...-software.html
__________________

__________________

Alt 25.07.2014, 17:40   #3
nug0tt
 
Avira durch gruppenrichtlinie blockiert - Standard

Avira durch gruppenrichtlinie blockiert



Ok, alles entfernt. und hier nochmal die neuen logs

FRST.txt

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014 01
Ran by jesper1 (administrator) on JESPER-PC on 25-07-2014 17:32:22
Running from C:\Users\jesper1\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(Dropbox, Inc.) C:\Users\jesper1\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1825064 2009-08-28] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe 
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [CloneCDTray] => C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-30] (SlySoft, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [52168 2008-06-30] (Elaborate Bytes AG)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Bonus.SSR.FR11] => C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [934152 2011-11-07] (ABBYY.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-07-06] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$e12285732c912dc7f94845f638808e81\n. ATTENTION! ====> ZeroAccess?
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3597317893-1479406781-1183269255-1006\...\Run: [Google Update] => C:\Users\jesper1\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-15] (Google Inc.)
HKU\S-1-5-21-3597317893-1479406781-1183269255-1006\...\Run: [EdjalJahqi] => regsvr32.exe " 
HKU\S-1-5-21-3597317893-1479406781-1183269255-1006\...\MountPoints2: {7e8794b4-ea2f-11e1-8749-e8ccd7bc9be0} - H:\autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\jesper1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\jesper1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x36E418B8B4A4CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll No File
DPF: HKLM-x32 {271A3CF5-5A54-447B-A08F-BE805F0DA60B} https://www.olb.de/olb_fb3_1867b/plugin/AXFOAM.CAB
DPF: HKLM-x32 {C752FF21-A8EF-468E-B507-5BBAFB84359E} https://hbciweb.olb.de/financebrowser5/plugin/Signlet-Plugin.CAB
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default
FF DefaultSearchEngine: Google.de
FF SelectedSearchEngine: Google.de
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://search.musicfrost.com/results.php?q=
FF NetworkProxy: "autoconfig_url", "hxxp://www.ub.fernuni-hagen.de/proxy.pac"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @idsoftware.com/QuakeLive - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.11.0 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.11 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.11 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.11 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.11.0 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\jesper1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\jesper1\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\jesper1\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\jesper1\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer Cloud)
FF Plugin ProgramFiles/Appdata: C:\Users\jesper1\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\jesper1\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\searchplugins\amazonde.xml
FF SearchPlugin: C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\searchplugins\digibib.xml
FF SearchPlugin: C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\searchplugins\googlede.xml
FF SearchPlugin: C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\searchplugins\leo-deu-eng.xml
FF SearchPlugin: C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\searchplugins\youtube-videosuche.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\Extensions\2020Player_IKEA@2020Technologies.com [2014-05-10]
FF Extension: No Name - C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\Extensions\SearchHelper [2014-05-10]
FF Extension: DDBAC Plug-In - C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\Extensions\{271A3CF5-5A54-447B-A08F-BE805F0DA60A} [2014-05-10]
FF Extension: Live HTTP Headers - C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-04-08]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-07-06]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-05-13]
FF HKLM-x32\...\Firefox\Extensions: [{1DD9AC48-0855-4AE7-9934-159B4377FFA2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\jesper1\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\jesper1\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\jesper1\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (20-20 3D Viewer for IKEA) - C:\Users\jesper\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.94.0_0\NP_2020Player_IKEA.dll No File
CHR Plugin: (Intel(R) Threading Building Blocks for Windows) - C:\Users\jesper\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.94.0_0\tbb.dll No File
CHR Plugin: (Intel(R) Threading Building Blocks for Windows) - C:\Users\jesper\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.94.0_0\tbbmalloc.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Adobe Contribute CS5 ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U4) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (Unity Player) - C:\Users\jesper\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Plugin: (Google Update) - C:\Users\jesper\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (ProxFlow) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-05-10]
CHR Extension: (YouTube) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-10]
CHR Extension: (Google-Suche) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-10]
CHR Extension: (Internet Banking der OLB) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fipffogddddpcmkklaodlnofkmpognml [2014-05-10]
CHR Extension: (AdBlock) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-10]
CHR Extension: (RealPlayer Downloader) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-05-10]
CHR Extension: (Hangouts) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-06-13]
CHR Extension: (Facebook Notifications) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo [2014-05-10]
CHR Extension: (Google Wallet) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-10]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm [2014-05-10]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-05-10]
CHR Extension: (Google Mail) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-10]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-06-10]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
CHR StartMenuInternet: Google Chrome - C:\Users\jesper\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [819976 2011-10-12] (ABBYY)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 CDMA Device Service; C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe [159232 2011-08-02] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S4 NetMsmqActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-09] (Microsoft Corporation) [File not signed]
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-09] (Microsoft Corporation) [File not signed]
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-09] (Microsoft Corporation) [File not signed]
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-09] (Microsoft Corporation) [File not signed]
R2 NitroDriverReadSpool; C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [341312 2010-06-24] (Nitro PDF Software)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-06-10] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-07-06] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-06-10] () [File not signed]
S2 Winmgmt; C:\PROGRA~3\2992199F9A\1azjg33.faa [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-22] (DT Soft Ltd)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
S3 npf; C:\Windows\System32\drivers\npf.sys [35344 2010-07-16] (CACE Technologies, Inc.)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [867064 2013-03-21] (Duplex Secure Ltd.)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-25 17:30 - 2014-07-25 17:32 - 00029681 _____ () C:\Users\jesper1\Desktop\FRST.txt
2014-07-25 17:30 - 2014-07-25 15:59 - 02093568 _____ (Farbar) C:\Users\jesper1\Desktop\FRST64.exe
2014-07-25 17:17 - 2014-07-25 17:19 - 00001281 _____ () C:\Windows\system32\Drivers\etc\hosts datei.lnk
2014-07-25 15:59 - 2014-07-25 17:32 - 00000000 ____D () C:\FRST
2014-07-20 10:43 - 2014-07-20 10:43 - 00000000 ____D () C:\Users\jesper1\AppData\Roaming\Apple Computer
2014-07-18 12:41 - 2014-07-18 14:26 - 00000000 ____D () C:\Program Files (x86)\FLAC
2014-07-18 12:41 - 2014-07-18 12:41 - 00001866 _____ () C:\Users\Public\Desktop\FLAC Frontend.lnk
2014-07-18 12:41 - 2014-07-18 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLAC
2014-07-18 12:34 - 2014-07-18 12:34 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-07-18 01:16 - 2014-07-25 15:42 - 00000000 ____D () C:\ProgramData\EdjalJahqi
2014-07-11 19:55 - 2014-07-11 19:57 - 00000000 ___HD () C:\jexepackres
2014-07-11 19:55 - 2014-07-11 19:55 - 00000033 _____ () C:\Users\jesper1\AstroViewer 3.1.6-Path
2014-07-11 19:55 - 2014-07-11 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AstroViewer 3.1.6
2014-07-08 15:28 - 2014-07-08 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-07-08 15:28 - 2014-07-08 15:28 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-08 15:28 - 2014-07-08 15:28 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-07-08 15:27 - 2014-07-08 15:27 - 00000000 ____D () C:\Users\jesper1\AppData\Local\Apple
2014-07-08 15:24 - 2014-07-08 15:24 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-08 15:24 - 2014-07-08 15:24 - 00000000 ____D () C:\ProgramData\Apple
2014-07-08 15:24 - 2014-07-08 15:24 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-07-08 15:19 - 2014-07-08 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fox Interactive
2014-07-06 17:41 - 2014-07-25 17:28 - 00003368 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3597317893-1479406781-1183269255-1006
2014-07-06 17:38 - 2014-07-06 17:39 - 00291296 _____ () C:\Windows\Minidump\070614-29265-01.dmp
2014-07-06 17:21 - 2014-07-06 18:00 - 00002562 _____ () C:\Windows\diagwrn.xml
2014-07-06 17:21 - 2014-07-06 18:00 - 00001908 _____ () C:\Windows\diagerr.xml
2014-07-06 11:33 - 2014-07-25 17:28 - 00003238 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3597317893-1479406781-1183269255-1006
2014-07-06 11:32 - 2014-07-06 11:32 - 00001046 _____ () C:\Users\Public\Desktop\RealPlayer Cloud.lnk
2014-07-06 11:32 - 2014-07-06 11:32 - 00000000 ____D () C:\Users\jesper1\AppData\Roaming\RealNetworks
2014-07-06 11:32 - 2014-07-06 11:32 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-07-06 11:32 - 2014-07-06 11:32 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-07-06 11:31 - 2014-07-06 11:31 - 00505416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-07-06 11:31 - 2014-07-06 11:31 - 00353864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-07-06 11:31 - 2014-07-06 11:31 - 00278600 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2014-07-06 11:31 - 2014-07-06 11:31 - 00201800 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-25 17:32 - 2014-07-25 17:30 - 00029681 _____ () C:\Users\jesper1\Desktop\FRST.txt
2014-07-25 17:32 - 2014-07-25 15:59 - 00000000 ____D () C:\FRST
2014-07-25 17:32 - 2010-08-16 13:36 - 01269660 _____ () C:\Windows\WindowsUpdate.log
2014-07-25 17:31 - 2014-05-10 01:11 - 00000000 ____D () C:\Users\jesper1\AppData\Roaming\Dropbox
2014-07-25 17:28 - 2014-07-06 17:41 - 00003368 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3597317893-1479406781-1183269255-1006
2014-07-25 17:28 - 2014-07-06 11:33 - 00003238 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3597317893-1479406781-1183269255-1006
2014-07-25 17:28 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-25 17:28 - 2009-07-14 06:51 - 00001197 _____ () C:\Windows\setupact.log
2014-07-25 17:24 - 2014-06-13 12:51 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1006UA.job
2014-07-25 17:19 - 2014-07-25 17:17 - 00001281 _____ () C:\Windows\system32\Drivers\etc\hosts datei.lnk
2014-07-25 17:15 - 2012-04-05 20:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-25 17:11 - 2010-08-18 12:32 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-25 17:10 - 2011-01-20 22:00 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-07-25 17:10 - 2011-01-20 21:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS5
2014-07-25 17:10 - 2010-10-06 15:41 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-25 17:02 - 2012-04-15 11:33 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1000UA.job
2014-07-25 15:59 - 2014-07-25 17:30 - 02093568 _____ (Farbar) C:\Users\jesper1\Desktop\FRST64.exe
2014-07-25 15:53 - 2009-07-14 06:45 - 00021120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-25 15:53 - 2009-07-14 06:45 - 00021120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-25 15:42 - 2014-07-18 01:16 - 00000000 ____D () C:\ProgramData\EdjalJahqi
2014-07-25 15:39 - 2014-05-10 01:13 - 00001024 _____ () C:\Users\jesper1\Desktop\Dropbox.lnk
2014-07-25 15:39 - 2014-05-10 01:12 - 00000000 ____D () C:\Users\jesper1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-25 15:32 - 2014-02-20 19:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-25 15:32 - 2012-05-13 18:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-25 15:32 - 2010-08-16 17:14 - 00231820 _____ () C:\Windows\PFRO.log
2014-07-23 11:23 - 2014-06-13 12:51 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1006Core.job
2014-07-23 11:02 - 2012-04-15 11:33 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1000Core.job
2014-07-22 21:49 - 2014-05-10 01:14 - 00000000 ____D () C:\Users\jesper1\Documents\Citavi 3
2014-07-20 14:57 - 2014-05-12 11:33 - 00003346 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3597317893-1479406781-1183269255-1006
2014-07-20 14:57 - 2014-05-12 11:33 - 00003216 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3597317893-1479406781-1183269255-1006
2014-07-20 10:43 - 2014-07-20 10:43 - 00000000 ____D () C:\Users\jesper1\AppData\Roaming\Apple Computer
2014-07-18 14:42 - 2014-05-10 01:14 - 00000000 ____D () C:\Users\jesper1\Documents\DVDVideoSoft
2014-07-18 14:40 - 2014-05-10 01:13 - 00000000 ____D () C:\Users\jesper1\AppData\Roaming\vlc
2014-07-18 14:26 - 2014-07-18 12:41 - 00000000 ____D () C:\Program Files (x86)\FLAC
2014-07-18 12:41 - 2014-07-18 12:41 - 00001866 _____ () C:\Users\Public\Desktop\FLAC Frontend.lnk
2014-07-18 12:41 - 2014-07-18 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLAC
2014-07-18 12:35 - 2010-08-17 20:06 - 00000000 ____D () C:\Program Files (x86)\Winamp3
2014-07-18 12:34 - 2014-07-18 12:34 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-07-17 08:39 - 2014-05-10 01:13 - 00002371 _____ () C:\Users\jesper1\Desktop\Google Chrome.lnk
2014-07-11 19:57 - 2014-07-11 19:55 - 00000000 ___HD () C:\jexepackres
2014-07-11 19:55 - 2014-07-11 19:55 - 00000033 _____ () C:\Users\jesper1\AstroViewer 3.1.6-Path
2014-07-11 19:55 - 2014-07-11 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AstroViewer 3.1.6
2014-07-11 19:55 - 2014-05-10 00:45 - 00000000 ____D () C:\Users\jesper1
2014-07-10 11:49 - 2013-05-14 08:26 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-09 00:15 - 2012-04-05 20:22 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 00:15 - 2012-04-05 20:22 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 00:15 - 2011-05-22 09:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 15:28 - 2014-07-08 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-07-08 15:28 - 2014-07-08 15:28 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-08 15:28 - 2014-07-08 15:28 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-07-08 15:27 - 2014-07-08 15:27 - 00000000 ____D () C:\Users\jesper1\AppData\Local\Apple
2014-07-08 15:24 - 2014-07-08 15:24 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-08 15:24 - 2014-07-08 15:24 - 00000000 ____D () C:\ProgramData\Apple
2014-07-08 15:24 - 2014-07-08 15:24 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-07-08 15:19 - 2014-07-08 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fox Interactive
2014-07-06 18:00 - 2014-07-06 17:21 - 00002562 _____ () C:\Windows\diagwrn.xml
2014-07-06 18:00 - 2014-07-06 17:21 - 00001908 _____ () C:\Windows\diagerr.xml
2014-07-06 18:00 - 2009-07-14 06:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-06 17:39 - 2014-07-06 17:38 - 00291296 _____ () C:\Windows\Minidump\070614-29265-01.dmp
2014-07-06 17:38 - 2012-01-25 12:10 - 00000000 ____D () C:\Windows\Minidump
2014-07-06 11:32 - 2014-07-06 11:32 - 00001046 _____ () C:\Users\Public\Desktop\RealPlayer Cloud.lnk
2014-07-06 11:32 - 2014-07-06 11:32 - 00000000 ____D () C:\Users\jesper1\AppData\Roaming\RealNetworks
2014-07-06 11:32 - 2014-07-06 11:32 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-07-06 11:32 - 2014-07-06 11:32 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-07-06 11:32 - 2014-05-10 00:46 - 00000000 ____D () C:\Users\jesper1\AppData\Roaming\Real
2014-07-06 11:32 - 2013-01-05 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2014-07-06 11:32 - 2010-10-16 21:08 - 00000000 ____D () C:\Program Files (x86)\Real
2014-07-06 11:31 - 2014-07-06 11:31 - 00505416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-07-06 11:31 - 2014-07-06 11:31 - 00353864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-07-06 11:31 - 2014-07-06 11:31 - 00278600 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2014-07-06 11:31 - 2014-07-06 11:31 - 00201800 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2014-07-06 11:31 - 2010-10-16 21:08 - 00000000 ____D () C:\ProgramData\Real
2014-07-03 15:27 - 2013-05-14 08:24 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3597317893-1479406781-1183269255-1000\$e12285732c912dc7f94845f638808e81

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$e12285732c912dc7f94845f638808e81

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\jesper1\AppData\Local\Temp\avgnt.exe
C:\Users\jesper1\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpevtn_q.dll
C:\Users\jesper1\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\jesper1\AppData\Local\Temp\lowproc.exe
C:\Users\jesper1\AppData\Local\Temp\RSPUpgradeInstaller.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2014-07-18 14:01

==================== End Of Log ============================
         
--- --- ---


addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-07-2014 01
Ran by jesper1 at 2014-07-25 17:33:14
Running from C:\Users\jesper1\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 11 (HKLM-x32\...\{F1100000-0009-0000-0001-074957833700}) (Version: 11.0.376 - ABBYY)
AC3Filter (remove only) (HKLM-x32\...\AC3Filter) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe PDF ePub DRM Removal 4.1.6 (HKLM-x32\...\{C9DD56CA-BAE9-452A-AFE9-834C7770D1A3}) (Version: 4.1.6 - EPUBSOFT)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Age of Empires Online (HKLM-x32\...\Steam App 105430) (Version:  - Microsoft)
ANNO 1602 Königs-Edition (HKLM-x32\...\{077A7810-A937-4465-AD08-ACED9807995F}) (Version: 1.00 - )
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Astroburn Lite (HKLM-x32\...\Astroburn Lite) (Version: 1.7.0.0175 - Disc Soft Ltd)
AstroViewer 3.1.6 (HKLM-x32\...\AstroViewer 3.1.6) (Version:  - Dirk Matussek)
Audacity 1.3.12 (HKLM-x32\...\Audacity 1.3 Beta_is1) (Version:  - Audacity Team)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BIOSAgentPlus by eSupport.com (HKLM-x32\...\BIOSAgentPlus_is1) (Version:  - Copyright © 2013 eSupport.com, Inc • All Rights Reserved)
Cisco AnyConnect VPN Client (HKLM-x32\...\{96C6C69B-B21D-48D9-8ACC-52AE3EB361A2}) (Version: 2.2.0133 - Cisco Systems, Inc.)
Citavi (HKLM-x32\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.4.0.2 - Swiss Academic Software)
CloneCD (HKLM-x32\...\CloneCD) (Version:  - SlySoft)
Counter-Strike 1.6 (HKLM-x32\...\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}) (Version: 1.6 - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Dark Strokes: Die Sünden der Väter Sammleredition (HKLM-x32\...\BFG-Dark Strokes - Die Suenden der Vaeter Sammleredition) (Version:  - )
DDBAC (HKLM-x32\...\{F161B4FF-3976-4917-BD27-CA28C95A13AE}) (Version: 5.3.0 - DataDesign)
Deponia Demo (HKLM-x32\...\Steam App 217830) (Version:  - Daedalic Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Die besten Bewerbungsmuster (HKLM-x32\...\EH_Bewmuster) (Version:  - )
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.41 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
Dungeon Keeper Gold (HKLM-x32\...\GOGPACKDUNGEONKEEPER_is1) (Version: 2.0.0.4 - GOG.com)
DVDFab 8.2.0.8 (29/08/2012) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
Dwarfs F2P (HKLM-x32\...\Steam App 213650) (Version:  - Power of 2)
Edna & Harvey: Harvey's New Eyes (HKLM-x32\...\Steam App 219910) (Version:  - Daedalic Entertainment)
ePub DRM Removal (HKLM-x32\...\ePubDRMRemoval) (Version: 1.4.1 - eBook Converter)
Escape From Monkey Island (HKLM-x32\...\bgbennyboyEMIReplacementSetup_is1) (Version: 1.0 - Quick and Easy Software)
Evernote v. 4.5.3 (HKLM-x32\...\{7BFD42CA-460A-11E1-AE58-984BE15F174E}) (Version: 4.5.3.6131 - Evernote Corp.)
Express Dictate (HKLM-x32\...\Express) (Version: 5.67 - NCH Software)
Express Scribe (HKLM-x32\...\Scribe) (Version: 5.58 - NCH Software)
Fable - The Lost Chapters (HKLM-x32\...\Steam App 204030) (Version:  - Lionhead Studios)
FileZilla Client 3.5.3 (HKLM-x32\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
FLAC 1.2.1b (remove only) (HKLM-x32\...\FLAC) (Version: 1.2.1b - Xiph.org)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Franzis Lebenslauf (HKLM-x32\...\Franzis Lebenslauf) (Version:  - )
Free YouTube to MP3 Converter version 3.8 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version:  - DVDVideoSoft Limited.)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Graph 4.4.2 (HKLM-x32\...\Graph_is1) (Version:  - Ivan Johansen)
GTA2 (HKLM-x32\...\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}) (Version: 1.00.001 - )
Gunpoint (HKLM-x32\...\Steam App 206190) (Version:  - Suspicious Developments)
Halo 2 for Windows Vista (HKLM-x32\...\Halo 2) (Version:  - Microsoft Game Studios)
Halo 2 for Windows Vista (x32 Version: 1.0.0.0 - Microsoft Corporation) Hidden
Haufe Formular-Manager (HKLM-x32\...\{9353F6E9-13B7-43B4-8FA5-CB46CA22671B}) (Version: 2.1.8.0 - Haufe)
IBM SPSS Statistics 20 (HKLM\...\{2AF8017B-E503-408F-AACE-8A335452CAD2}) (Version: 20.0.0.0 - IBM Corp)
Inkscape 0.48.4 (HKCU\...\Inkscape) (Version: 0.48.4 - )
ISOpen V4.5 (HKLM-x32\...\ISOpen_is1) (Version:  - Koyote Soft)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version:  - )
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mindjet MindManager 9 (HKLM-x32\...\{04FE949D-172D-45B4-ACE6-6BCFAB5EC563}) (Version: 9.1.157 - Mindjet)
Minecraft Cracked (HKLM-x32\...\Minecraft Cracked) (Version:  - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Nitro PDF Professional (HKLM\...\{48851F89-AA1D-4FFF-90A6-9594C97BDA1B}) (Version: 6.1.2.1 - Nitro PDF Software)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{54194F60-988C-4D03-B922-C2B00EFDA39A}) (Version: 9.10.0222 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.11.2678 - Electronic Arts, Inc.)
Paragon Partition Manager™ 12 Free (HKLM-x32\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF Annotator 3.0.0.324 (HKLM-x32\...\PDFAnnotator_is1) (Version: 3.0.0.324 - GRAHL software design)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.7.5 - )
Pointofix (HKLM-x32\...\Pointofix_is1) (Version:  - Amerigomedia)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
PSPP (HKLM-x32\...\B426B849-6071-5684-6429-7BE6B77DAB5B) (Version: 20111111 - GNU)
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
Quake Live Mozilla Plugin (HKLM-x32\...\{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}) (Version: 1.0.520 - id Software)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
R for Windows 2.12.0 (HKLM\...\R for Windows 2.12.0_is1) (Version: 2.12.0 - R Development Core Team)
RealDownloader (x32 Version: 17.0.11 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.10 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Ricochet (HKLM-x32\...\Steam App 60) (Version:  - Valve)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.6.0 - SAMSUNG Electronics Co., Ltd.)
SimCity 4 Deluxe (HKLM-x32\...\{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}) (Version:  - )
Skype™ 6.1 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.130 - Skype Technologies S.A.)
Soldat 1.6.2 (HKLM-x32\...\Soldat_is1) (Version: 1.6.2 - Michal Marcinkowski)
Star Wars(tm) Knights of the Old Republic(tm) II: The Sith Lords(tm) (HKLM-x32\...\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}) (Version: 1.00.0000 - Obsidian)
Stellarium 0.12.0 (HKLM\...\Stellarium_is1) (Version: 0.12.0 - Stellarium team)
Stronghold Crusader Extreme (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.20.0000 - Firefly Studios)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.3.0 - Synaptics Incorporated)
The X-Files DVD (HKLM-x32\...\The X-Files DVD) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{C5325053-3C37-4A69-959E-4802AE6686EF}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BBE715CA-02FD-4C5A-90BB-440A967DF05E}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Ventuz 2008 x64 beta (HKLM\...\{1C0E88DD-F67A-4630-86F5-E0D35A4043D1}) (Version: 2.5.25 - Ventuz Technology)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Virtuallab 6.2.2 (HKLM-x32\...\Virtuallab_is1) (Version:  - NASA and University of Illinois at Urbana Champaign)
VLC media player 1.1.10 (HKLM-x32\...\VLC media player) (Version: 1.1.10 - VideoLAN)
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
Winamp3 (remove only) (HKLM-x32\...\Winamp3) (Version:  - )
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
XBSlink (HKLM-x32\...\XBSlink) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\jesper1\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\jesper1\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\jesper1\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-07-25 17:27 - 00000862 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {10E107F5-9F9A-4A55-B92E-10CFBA6F79B8} - System32\Tasks\Restart Capsule Task => C:\Program Files (x86)\Capsule\bin\Capsule.exe
Task: {27CBE514-7ACB-4307-B8CD-12F77AF96F08} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3597317893-1479406781-1183269255-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {3AFE14E6-3970-401D-A24C-16041DF5F3EE} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3597317893-1479406781-1183269255-1006 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {3D592177-3525-48EC-A869-3CC1D7E587D1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1000UA => C:\Users\jesper\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {43A49A11-EF3F-427E-ACE7-037D53354C03} - System32\Tasks\{F3AEDA6C-CD6B-4F82-955C-9CB4BCD2D36D} => G:\Install\setup.exe
Task: {49523480-9C0B-49C7-B2EE-97919D0BA962} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1006UA => C:\Users\jesper1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-15] (Google Inc.)
Task: {55B4F489-A4EA-4B92-B4AC-0948AF3810D5} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3597317893-1479406781-1183269255-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {629193CD-D74E-4613-8EA5-6D709D7A4F53} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1006Core => C:\Users\jesper1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-15] (Google Inc.)
Task: {7F9F8D87-516A-4CAA-92EB-2E6D6BD00A0E} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3597317893-1479406781-1183269255-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {86AC1CA9-F123-4755-9A54-E88484BC8102} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1000Core => C:\Users\jesper\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {9B63D3F8-3866-4D58-9C1C-AE2167070CAA} - System32\Tasks\{6FAE2A4E-6313-40C2-9803-67C6DA89EBF8} => Firefox.exe hxxp://ui.skype.com/ui/0/5.3.0.120/de/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-installed;madedefault
Task: {BCE6A995-F611-4BB4-A278-78788C27AC2F} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3597317893-1479406781-1183269255-1006 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {C33273E9-40AA-4541-BBE4-CE3EB9A55EE5} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3597317893-1479406781-1183269255-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {C9871D6C-1431-4C51-A60E-79275A857770} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3597317893-1479406781-1183269255-1006 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {D877E72B-67D5-4076-92DE-481709FDDF81} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {DB27C846-DAE6-48FB-A387-E016C44D2015} - System32\Tasks\{9F812417-0EFB-4DD2-8B2E-27DDA81DEDFC} => E:\spiele\age3\age3.exe
Task: {EC8C529E-7328-43A5-BB8B-0FE1D29E9BD2} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3597317893-1479406781-1183269255-1006 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1000Core.job => C:\Users\jesper\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1000UA.job => C:\Users\jesper\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1006Core.job => C:\Users\jesper1\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1006UA.job => C:\Users\jesper1\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-10-29 11:31 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-08-16 14:07 - 2008-06-20 00:41 - 00062464 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2011-09-04 14:13 - 2011-08-02 11:47 - 00159232 _____ () C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe
2014-06-10 17:50 - 2014-06-10 17:50 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-06-10 22:03 - 2014-06-10 22:03 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2013-02-13 04:37 - 2013-02-13 04:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-07-06 11:31 - 2014-07-06 11:31 - 00861784 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2014-07-25 17:31 - 2014-07-25 17:31 - 00043008 _____ () c:\users\jesper1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpevtn_q.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\jesper1\AppData\Roaming\Dropbox\bin\libcef.dll
2011-08-31 16:44 - 2011-08-31 16:44 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2011-08-31 16:44 - 2011-08-31 16:44 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2013-02-13 04:38 - 2013-02-13 04:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2012-01-08 15:41 - 2012-01-08 15:41 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-07-17 08:39 - 2014-07-15 11:24 - 00718664 _____ () C:\Users\jesper1\AppData\Local\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-17 08:39 - 2014-07-15 11:24 - 00126280 _____ () C:\Users\jesper1\AppData\Local\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-17 08:39 - 2014-07-15 11:24 - 08537928 _____ () C:\Users\jesper1\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-17 08:39 - 2014-07-15 11:24 - 00353096 _____ () C:\Users\jesper1\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-17 08:39 - 2014-07-15 11:24 - 01732936 _____ () C:\Users\jesper1\AppData\Local\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:977BE2E9F2233890
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Microsoft:4xyOaSNrqmdg1yIYlqPZG52p
AlternateDataStreams: C:\ProgramData\Microsoft:nCY5YgXSXqiKflay4X791NtHc
AlternateDataStreams: C:\ProgramData\Temp:FCBEDCFD
AlternateDataStreams: C:\Users\jesper\AppData\Local:YamQImQmFbrzKASdojZpHs2c

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/21/2014 00:38:56 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (07/21/2014 00:37:40 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (07/21/2014 00:35:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/21/2014 09:43:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/20/2014 04:15:11 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (07/20/2014 04:13:58 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (07/20/2014 04:11:37 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/20/2014 03:01:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 36.0.1985.125, Zeitstempel: 0x53c4dbee
Name des fehlerhaften Moduls: chrome.dll, Version: 36.0.1985.125, Zeitstempel: 0x53c4d8ad
Ausnahmecode: 0xc0000005
Fehleroffset: 0x004a740e
ID des fehlerhaften Prozesses: 0xb28
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3

Error: (07/20/2014 10:19:45 AM) (Source: MsiInstaller) (EventID: 11601) (User: jesper-PC)
Description: Produkt: Java 7 Update 65 -- Datenträger voll: Kein Speicherplatz mehr -- Datenträger: 'C:'; erforderlicher Speicherplatz: 71.487 KB; verfügbarer Speicherplatz: 29.368 KB. Geben Sie Speicherplatz frei, und wiederholen Sie den Vorgang.

Error: (07/19/2014 00:33:20 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (07/25/2014 05:38:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/25/2014 05:38:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/25/2014 05:37:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/25/2014 05:37:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/25/2014 05:36:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/25/2014 05:36:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/25/2014 05:35:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/25/2014 05:35:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/25/2014 05:34:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/25/2014 05:34:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126


Microsoft Office Sessions:
=========================
Error: (06/26/2014 03:07:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/28/2010 09:12:49 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1027 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 37%
Total physical RAM: 4090.61 MB
Available physical RAM: 2567.37 MB
Total Pagefile: 8179.41 MB
Available Pagefile: 6424.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:45.41 GB) (Free:5.9 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:5 GB) (Free:2.32 GB) NTFS
Drive e: () (Fixed) (Total:237.67 GB) (Free:13.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: B6394A61)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=45 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=238 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=05)

==================== End Of Log ============================
         
__________________

Alt 25.07.2014, 17:51   #4
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Avira durch gruppenrichtlinie blockiert - Standard

Avira durch gruppenrichtlinie blockiert



Hi,

Code:
ATTFilter
Minecraft Cracked (HKLM-x32\...\Minecraft Cracked) (Version:  - )
         
Was ist denn mit dem? Tut mir leid dass ich frage, kenne mich mit dem Spielezeug und den dazugehörigen Cracks ehrlich gesagt nicht aus. Der Name ist jedenfalls "komisch"
Wenn es nicht legal ist, dann runter sowie alles andere auch, was noch irgendwo sein könnte...
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 25.07.2014, 18:14   #5
nug0tt
 
Avira durch gruppenrichtlinie blockiert - Standard

Avira durch gruppenrichtlinie blockiert



Next try
FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014 01
Ran by jesper1 (administrator) on JESPER-PC on 25-07-2014 18:02:35
Running from C:\Users\jesper1\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(Dropbox, Inc.) C:\Users\jesper1\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Users\jesper1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\jesper1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\jesper1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\jesper1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\jesper1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\jesper1\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1825064 2009-08-28] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe 
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [CloneCDTray] => C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-30] (SlySoft, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [52168 2008-06-30] (Elaborate Bytes AG)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Bonus.SSR.FR11] => C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [934152 2011-11-07] (ABBYY.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-07-06] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$e12285732c912dc7f94845f638808e81\n. ATTENTION! ====> ZeroAccess?
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3597317893-1479406781-1183269255-1006\...\Run: [Google Update] => C:\Users\jesper1\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-15] (Google Inc.)
HKU\S-1-5-21-3597317893-1479406781-1183269255-1006\...\Run: [EdjalJahqi] => regsvr32.exe " 
HKU\S-1-5-21-3597317893-1479406781-1183269255-1006\...\MountPoints2: {7e8794b4-ea2f-11e1-8749-e8ccd7bc9be0} - H:\autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\jesper1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\jesper1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x36E418B8B4A4CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll No File
DPF: HKLM-x32 {271A3CF5-5A54-447B-A08F-BE805F0DA60B} https://www.olb.de/olb_fb3_1867b/plugin/AXFOAM.CAB
DPF: HKLM-x32 {C752FF21-A8EF-468E-B507-5BBAFB84359E} https://hbciweb.olb.de/financebrowser5/plugin/Signlet-Plugin.CAB
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default
FF DefaultSearchEngine: Google.de
FF SelectedSearchEngine: Google.de
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://search.musicfrost.com/results.php?q=
FF NetworkProxy: "autoconfig_url", "hxxp://www.ub.fernuni-hagen.de/proxy.pac"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @idsoftware.com/QuakeLive - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.11.0 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.11 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.11 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.11 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.11.0 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\jesper1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\jesper1\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\jesper1\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\jesper1\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer Cloud)
FF Plugin ProgramFiles/Appdata: C:\Users\jesper1\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\jesper1\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\searchplugins\amazonde.xml
FF SearchPlugin: C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\searchplugins\digibib.xml
FF SearchPlugin: C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\searchplugins\googlede.xml
FF SearchPlugin: C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\searchplugins\leo-deu-eng.xml
FF SearchPlugin: C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\searchplugins\youtube-videosuche.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\Extensions\2020Player_IKEA@2020Technologies.com [2014-05-10]
FF Extension: No Name - C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\Extensions\SearchHelper [2014-05-10]
FF Extension: DDBAC Plug-In - C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\Extensions\{271A3CF5-5A54-447B-A08F-BE805F0DA60A} [2014-05-10]
FF Extension: Live HTTP Headers - C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-04-08]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-07-06]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-05-13]
FF HKLM-x32\...\Firefox\Extensions: [{1DD9AC48-0855-4AE7-9934-159B4377FFA2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\jesper1\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\jesper1\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\jesper1\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (20-20 3D Viewer for IKEA) - C:\Users\jesper\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.94.0_0\NP_2020Player_IKEA.dll No File
CHR Plugin: (Intel(R) Threading Building Blocks for Windows) - C:\Users\jesper\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.94.0_0\tbb.dll No File
CHR Plugin: (Intel(R) Threading Building Blocks for Windows) - C:\Users\jesper\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.94.0_0\tbbmalloc.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Adobe Contribute CS5 ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U4) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (Unity Player) - C:\Users\jesper\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Plugin: (Google Update) - C:\Users\jesper\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (ProxFlow) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-05-10]
CHR Extension: (YouTube) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-10]
CHR Extension: (Google-Suche) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-10]
CHR Extension: (Internet Banking der OLB) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fipffogddddpcmkklaodlnofkmpognml [2014-05-10]
CHR Extension: (AdBlock) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-10]
CHR Extension: (RealPlayer Downloader) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-05-10]
CHR Extension: (Hangouts) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-06-13]
CHR Extension: (Facebook Notifications) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo [2014-05-10]
CHR Extension: (Google Wallet) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-10]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm [2014-05-10]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-05-10]
CHR Extension: (Google Mail) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-10]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-06-10]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
CHR StartMenuInternet: Google Chrome - C:\Users\jesper\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [819976 2011-10-12] (ABBYY)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 CDMA Device Service; C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe [159232 2011-08-02] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S4 NetMsmqActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-09] (Microsoft Corporation) [File not signed]
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-09] (Microsoft Corporation) [File not signed]
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-09] (Microsoft Corporation) [File not signed]
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-09] (Microsoft Corporation) [File not signed]
R2 NitroDriverReadSpool; C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [341312 2010-06-24] (Nitro PDF Software)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-06-10] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-07-06] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-06-10] () [File not signed]
S2 Winmgmt; C:\PROGRA~3\2992199F9A\1azjg33.faa [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-22] (DT Soft Ltd)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
S3 npf; C:\Windows\System32\drivers\npf.sys [35344 2010-07-16] (CACE Technologies, Inc.)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [867064 2013-03-21] (Duplex Secure Ltd.)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-25 17:56 - 2014-07-25 17:56 - 00003302 _____ () C:\Windows\System32\Tasks\{6D341E45-9F8E-45B3-A8E7-A45A97774125}
2014-07-25 17:33 - 2014-07-25 17:38 - 00039488 _____ () C:\Users\jesper1\Desktop\Addition.txt
2014-07-25 17:30 - 2014-07-25 18:02 - 00030179 _____ () C:\Users\jesper1\Desktop\FRST.txt
2014-07-25 17:30 - 2014-07-25 15:59 - 02093568 _____ (Farbar) C:\Users\jesper1\Desktop\FRST64.exe
2014-07-25 17:17 - 2014-07-25 17:19 - 00001281 _____ () C:\Windows\system32\Drivers\etc\hosts datei.lnk
2014-07-25 15:59 - 2014-07-25 18:02 - 00000000 ____D () C:\FRST
2014-07-20 10:43 - 2014-07-20 10:43 - 00000000 ____D () C:\Users\jesper1\AppData\Roaming\Apple Computer
2014-07-18 12:41 - 2014-07-18 14:26 - 00000000 ____D () C:\Program Files (x86)\FLAC
2014-07-18 12:41 - 2014-07-18 12:41 - 00001866 _____ () C:\Users\Public\Desktop\FLAC Frontend.lnk
2014-07-18 12:41 - 2014-07-18 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLAC
2014-07-18 12:34 - 2014-07-18 12:34 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-07-18 01:16 - 2014-07-25 15:42 - 00000000 ____D () C:\ProgramData\EdjalJahqi
2014-07-11 19:55 - 2014-07-11 19:57 - 00000000 ___HD () C:\jexepackres
2014-07-11 19:55 - 2014-07-11 19:55 - 00000033 _____ () C:\Users\jesper1\AstroViewer 3.1.6-Path
2014-07-11 19:55 - 2014-07-11 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AstroViewer 3.1.6
2014-07-08 15:28 - 2014-07-08 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-07-08 15:28 - 2014-07-08 15:28 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-08 15:28 - 2014-07-08 15:28 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-07-08 15:27 - 2014-07-08 15:27 - 00000000 ____D () C:\Users\jesper1\AppData\Local\Apple
2014-07-08 15:24 - 2014-07-08 15:24 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-08 15:24 - 2014-07-08 15:24 - 00000000 ____D () C:\ProgramData\Apple
2014-07-08 15:24 - 2014-07-08 15:24 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-07-08 15:19 - 2014-07-08 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fox Interactive
2014-07-06 17:41 - 2014-07-25 17:28 - 00003368 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3597317893-1479406781-1183269255-1006
2014-07-06 17:38 - 2014-07-06 17:39 - 00291296 _____ () C:\Windows\Minidump\070614-29265-01.dmp
2014-07-06 17:21 - 2014-07-06 18:00 - 00002562 _____ () C:\Windows\diagwrn.xml
2014-07-06 17:21 - 2014-07-06 18:00 - 00001908 _____ () C:\Windows\diagerr.xml
2014-07-06 11:33 - 2014-07-25 17:28 - 00003238 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3597317893-1479406781-1183269255-1006
2014-07-06 11:32 - 2014-07-06 11:32 - 00001046 _____ () C:\Users\Public\Desktop\RealPlayer Cloud.lnk
2014-07-06 11:32 - 2014-07-06 11:32 - 00000000 ____D () C:\Users\jesper1\AppData\Roaming\RealNetworks
2014-07-06 11:32 - 2014-07-06 11:32 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-07-06 11:32 - 2014-07-06 11:32 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-07-06 11:31 - 2014-07-06 11:31 - 00505416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-07-06 11:31 - 2014-07-06 11:31 - 00353864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-07-06 11:31 - 2014-07-06 11:31 - 00278600 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2014-07-06 11:31 - 2014-07-06 11:31 - 00201800 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-25 18:02 - 2014-07-25 17:30 - 00030179 _____ () C:\Users\jesper1\Desktop\FRST.txt
2014-07-25 18:02 - 2014-07-25 15:59 - 00000000 ____D () C:\FRST
2014-07-25 18:02 - 2012-04-15 11:33 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1000UA.job
2014-07-25 17:56 - 2014-07-25 17:56 - 00003302 _____ () C:\Windows\System32\Tasks\{6D341E45-9F8E-45B3-A8E7-A45A97774125}
2014-07-25 17:38 - 2014-07-25 17:33 - 00039488 _____ () C:\Users\jesper1\Desktop\Addition.txt
2014-07-25 17:36 - 2009-07-14 06:45 - 00021120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-25 17:36 - 2009-07-14 06:45 - 00021120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-25 17:34 - 2010-08-16 13:36 - 01270430 _____ () C:\Windows\WindowsUpdate.log
2014-07-25 17:31 - 2014-05-10 01:11 - 00000000 ____D () C:\Users\jesper1\AppData\Roaming\Dropbox
2014-07-25 17:28 - 2014-07-06 17:41 - 00003368 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3597317893-1479406781-1183269255-1006
2014-07-25 17:28 - 2014-07-06 11:33 - 00003238 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3597317893-1479406781-1183269255-1006
2014-07-25 17:28 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-25 17:28 - 2009-07-14 06:51 - 00001197 _____ () C:\Windows\setupact.log
2014-07-25 17:24 - 2014-06-13 12:51 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1006UA.job
2014-07-25 17:19 - 2014-07-25 17:17 - 00001281 _____ () C:\Windows\system32\Drivers\etc\hosts datei.lnk
2014-07-25 17:15 - 2012-04-05 20:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-25 17:11 - 2010-08-18 12:32 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-25 17:10 - 2011-01-20 22:00 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-07-25 17:10 - 2011-01-20 21:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS5
2014-07-25 17:10 - 2010-10-06 15:41 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-25 15:59 - 2014-07-25 17:30 - 02093568 _____ (Farbar) C:\Users\jesper1\Desktop\FRST64.exe
2014-07-25 15:42 - 2014-07-18 01:16 - 00000000 ____D () C:\ProgramData\EdjalJahqi
2014-07-25 15:39 - 2014-05-10 01:13 - 00001024 _____ () C:\Users\jesper1\Desktop\Dropbox.lnk
2014-07-25 15:39 - 2014-05-10 01:12 - 00000000 ____D () C:\Users\jesper1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-25 15:32 - 2014-02-20 19:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-25 15:32 - 2012-05-13 18:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-25 15:32 - 2010-08-16 17:14 - 00231820 _____ () C:\Windows\PFRO.log
2014-07-23 11:23 - 2014-06-13 12:51 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1006Core.job
2014-07-23 11:02 - 2012-04-15 11:33 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1000Core.job
2014-07-22 21:49 - 2014-05-10 01:14 - 00000000 ____D () C:\Users\jesper1\Documents\Citavi 3
2014-07-20 14:57 - 2014-05-12 11:33 - 00003346 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3597317893-1479406781-1183269255-1006
2014-07-20 14:57 - 2014-05-12 11:33 - 00003216 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3597317893-1479406781-1183269255-1006
2014-07-20 10:43 - 2014-07-20 10:43 - 00000000 ____D () C:\Users\jesper1\AppData\Roaming\Apple Computer
2014-07-18 14:42 - 2014-05-10 01:14 - 00000000 ____D () C:\Users\jesper1\Documents\DVDVideoSoft
2014-07-18 14:40 - 2014-05-10 01:13 - 00000000 ____D () C:\Users\jesper1\AppData\Roaming\vlc
2014-07-18 14:26 - 2014-07-18 12:41 - 00000000 ____D () C:\Program Files (x86)\FLAC
2014-07-18 12:41 - 2014-07-18 12:41 - 00001866 _____ () C:\Users\Public\Desktop\FLAC Frontend.lnk
2014-07-18 12:41 - 2014-07-18 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLAC
2014-07-18 12:35 - 2010-08-17 20:06 - 00000000 ____D () C:\Program Files (x86)\Winamp3
2014-07-18 12:34 - 2014-07-18 12:34 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-07-17 08:39 - 2014-05-10 01:13 - 00002371 _____ () C:\Users\jesper1\Desktop\Google Chrome.lnk
2014-07-11 19:57 - 2014-07-11 19:55 - 00000000 ___HD () C:\jexepackres
2014-07-11 19:55 - 2014-07-11 19:55 - 00000033 _____ () C:\Users\jesper1\AstroViewer 3.1.6-Path
2014-07-11 19:55 - 2014-07-11 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AstroViewer 3.1.6
2014-07-11 19:55 - 2014-05-10 00:45 - 00000000 ____D () C:\Users\jesper1
2014-07-10 11:49 - 2013-05-14 08:26 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-09 00:15 - 2012-04-05 20:22 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 00:15 - 2012-04-05 20:22 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 00:15 - 2011-05-22 09:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 15:28 - 2014-07-08 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-07-08 15:28 - 2014-07-08 15:28 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-08 15:28 - 2014-07-08 15:28 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-07-08 15:27 - 2014-07-08 15:27 - 00000000 ____D () C:\Users\jesper1\AppData\Local\Apple
2014-07-08 15:24 - 2014-07-08 15:24 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-08 15:24 - 2014-07-08 15:24 - 00000000 ____D () C:\ProgramData\Apple
2014-07-08 15:24 - 2014-07-08 15:24 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-07-08 15:19 - 2014-07-08 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fox Interactive
2014-07-06 18:00 - 2014-07-06 17:21 - 00002562 _____ () C:\Windows\diagwrn.xml
2014-07-06 18:00 - 2014-07-06 17:21 - 00001908 _____ () C:\Windows\diagerr.xml
2014-07-06 18:00 - 2009-07-14 06:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-06 17:39 - 2014-07-06 17:38 - 00291296 _____ () C:\Windows\Minidump\070614-29265-01.dmp
2014-07-06 17:38 - 2012-01-25 12:10 - 00000000 ____D () C:\Windows\Minidump
2014-07-06 11:32 - 2014-07-06 11:32 - 00001046 _____ () C:\Users\Public\Desktop\RealPlayer Cloud.lnk
2014-07-06 11:32 - 2014-07-06 11:32 - 00000000 ____D () C:\Users\jesper1\AppData\Roaming\RealNetworks
2014-07-06 11:32 - 2014-07-06 11:32 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-07-06 11:32 - 2014-07-06 11:32 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-07-06 11:32 - 2014-05-10 00:46 - 00000000 ____D () C:\Users\jesper1\AppData\Roaming\Real
2014-07-06 11:32 - 2013-01-05 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2014-07-06 11:32 - 2010-10-16 21:08 - 00000000 ____D () C:\Program Files (x86)\Real
2014-07-06 11:31 - 2014-07-06 11:31 - 00505416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-07-06 11:31 - 2014-07-06 11:31 - 00353864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-07-06 11:31 - 2014-07-06 11:31 - 00278600 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2014-07-06 11:31 - 2014-07-06 11:31 - 00201800 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2014-07-06 11:31 - 2010-10-16 21:08 - 00000000 ____D () C:\ProgramData\Real
2014-07-03 15:27 - 2013-05-14 08:24 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3597317893-1479406781-1183269255-1000\$e12285732c912dc7f94845f638808e81

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$e12285732c912dc7f94845f638808e81

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\jesper1\AppData\Local\Temp\avgnt.exe
C:\Users\jesper1\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpevtn_q.dll
C:\Users\jesper1\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\jesper1\AppData\Local\Temp\lowproc.exe
C:\Users\jesper1\AppData\Local\Temp\RSPUpgradeInstaller.exe
C:\Users\jesper1\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2014-07-18 14:01

==================== End Of Log ============================
         
--- --- ---


addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-07-2014 01
Ran by jesper1 at 2014-07-25 18:03:14
Running from C:\Users\jesper1\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 11 (HKLM-x32\...\{F1100000-0009-0000-0001-074957833700}) (Version: 11.0.376 - ABBYY)
AC3Filter (remove only) (HKLM-x32\...\AC3Filter) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe PDF ePub DRM Removal 4.1.6 (HKLM-x32\...\{C9DD56CA-BAE9-452A-AFE9-834C7770D1A3}) (Version: 4.1.6 - EPUBSOFT)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Age of Empires Online (HKLM-x32\...\Steam App 105430) (Version:  - Microsoft)
ANNO 1602 Königs-Edition (HKLM-x32\...\{077A7810-A937-4465-AD08-ACED9807995F}) (Version: 1.00 - )
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Astroburn Lite (HKLM-x32\...\Astroburn Lite) (Version: 1.7.0.0175 - Disc Soft Ltd)
AstroViewer 3.1.6 (HKLM-x32\...\AstroViewer 3.1.6) (Version:  - Dirk Matussek)
Audacity 1.3.12 (HKLM-x32\...\Audacity 1.3 Beta_is1) (Version:  - Audacity Team)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BIOSAgentPlus by eSupport.com (HKLM-x32\...\BIOSAgentPlus_is1) (Version:  - Copyright © 2013 eSupport.com, Inc • All Rights Reserved)
Cisco AnyConnect VPN Client (HKLM-x32\...\{96C6C69B-B21D-48D9-8ACC-52AE3EB361A2}) (Version: 2.2.0133 - Cisco Systems, Inc.)
Citavi (HKLM-x32\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.4.0.2 - Swiss Academic Software)
CloneCD (HKLM-x32\...\CloneCD) (Version:  - SlySoft)
Counter-Strike 1.6 (HKLM-x32\...\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}) (Version: 1.6 - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Dark Strokes: Die Sünden der Väter Sammleredition (HKLM-x32\...\BFG-Dark Strokes - Die Suenden der Vaeter Sammleredition) (Version:  - )
DDBAC (HKLM-x32\...\{F161B4FF-3976-4917-BD27-CA28C95A13AE}) (Version: 5.3.0 - DataDesign)
Deponia Demo (HKLM-x32\...\Steam App 217830) (Version:  - Daedalic Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Die besten Bewerbungsmuster (HKLM-x32\...\EH_Bewmuster) (Version:  - )
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.41 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
Dungeon Keeper Gold (HKLM-x32\...\GOGPACKDUNGEONKEEPER_is1) (Version: 2.0.0.4 - GOG.com)
DVDFab 8.2.0.8 (29/08/2012) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
Dwarfs F2P (HKLM-x32\...\Steam App 213650) (Version:  - Power of 2)
Edna & Harvey: Harvey's New Eyes (HKLM-x32\...\Steam App 219910) (Version:  - Daedalic Entertainment)
ePub DRM Removal (HKLM-x32\...\ePubDRMRemoval) (Version: 1.4.1 - eBook Converter)
Escape From Monkey Island (HKLM-x32\...\bgbennyboyEMIReplacementSetup_is1) (Version: 1.0 - Quick and Easy Software)
Evernote v. 4.5.3 (HKLM-x32\...\{7BFD42CA-460A-11E1-AE58-984BE15F174E}) (Version: 4.5.3.6131 - Evernote Corp.)
Express Dictate (HKLM-x32\...\Express) (Version: 5.67 - NCH Software)
Express Scribe (HKLM-x32\...\Scribe) (Version: 5.58 - NCH Software)
Fable - The Lost Chapters (HKLM-x32\...\Steam App 204030) (Version:  - Lionhead Studios)
FileZilla Client 3.5.3 (HKLM-x32\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
FLAC 1.2.1b (remove only) (HKLM-x32\...\FLAC) (Version: 1.2.1b - Xiph.org)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Franzis Lebenslauf (HKLM-x32\...\Franzis Lebenslauf) (Version:  - )
Free YouTube to MP3 Converter version 3.8 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version:  - DVDVideoSoft Limited.)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Graph 4.4.2 (HKLM-x32\...\Graph_is1) (Version:  - Ivan Johansen)
GTA2 (HKLM-x32\...\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}) (Version: 1.00.001 - )
Gunpoint (HKLM-x32\...\Steam App 206190) (Version:  - Suspicious Developments)
Halo 2 for Windows Vista (HKLM-x32\...\Halo 2) (Version:  - Microsoft Game Studios)
Halo 2 for Windows Vista (x32 Version: 1.0.0.0 - Microsoft Corporation) Hidden
Haufe Formular-Manager (HKLM-x32\...\{9353F6E9-13B7-43B4-8FA5-CB46CA22671B}) (Version: 2.1.8.0 - Haufe)
IBM SPSS Statistics 20 (HKLM\...\{2AF8017B-E503-408F-AACE-8A335452CAD2}) (Version: 20.0.0.0 - IBM Corp)
Inkscape 0.48.4 (HKCU\...\Inkscape) (Version: 0.48.4 - )
ISOpen V4.5 (HKLM-x32\...\ISOpen_is1) (Version:  - Koyote Soft)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version:  - )
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mindjet MindManager 9 (HKLM-x32\...\{04FE949D-172D-45B4-ACE6-6BCFAB5EC563}) (Version: 9.1.157 - Mindjet)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Nitro PDF Professional (HKLM\...\{48851F89-AA1D-4FFF-90A6-9594C97BDA1B}) (Version: 6.1.2.1 - Nitro PDF Software)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{54194F60-988C-4D03-B922-C2B00EFDA39A}) (Version: 9.10.0222 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.11.2678 - Electronic Arts, Inc.)
Paragon Partition Manager™ 12 Free (HKLM-x32\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF Annotator 3.0.0.324 (HKLM-x32\...\PDFAnnotator_is1) (Version: 3.0.0.324 - GRAHL software design)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.7.5 - )
Pointofix (HKLM-x32\...\Pointofix_is1) (Version:  - Amerigomedia)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
PSPP (HKLM-x32\...\B426B849-6071-5684-6429-7BE6B77DAB5B) (Version: 20111111 - GNU)
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
Quake Live Mozilla Plugin (HKLM-x32\...\{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}) (Version: 1.0.520 - id Software)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
R for Windows 2.12.0 (HKLM\...\R for Windows 2.12.0_is1) (Version: 2.12.0 - R Development Core Team)
RealDownloader (x32 Version: 17.0.11 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.10 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Ricochet (HKLM-x32\...\Steam App 60) (Version:  - Valve)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.6.0 - SAMSUNG Electronics Co., Ltd.)
SimCity 4 Deluxe (HKLM-x32\...\{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}) (Version:  - )
Skype™ 6.1 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.130 - Skype Technologies S.A.)
Soldat 1.6.2 (HKLM-x32\...\Soldat_is1) (Version: 1.6.2 - Michal Marcinkowski)
Star Wars(tm) Knights of the Old Republic(tm) II: The Sith Lords(tm) (HKLM-x32\...\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}) (Version: 1.00.0000 - Obsidian)
Stellarium 0.12.0 (HKLM\...\Stellarium_is1) (Version: 0.12.0 - Stellarium team)
Stronghold Crusader Extreme (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.20.0000 - Firefly Studios)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.3.0 - Synaptics Incorporated)
The X-Files DVD (HKLM-x32\...\The X-Files DVD) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{C5325053-3C37-4A69-959E-4802AE6686EF}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BBE715CA-02FD-4C5A-90BB-440A967DF05E}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Ventuz 2008 x64 beta (HKLM\...\{1C0E88DD-F67A-4630-86F5-E0D35A4043D1}) (Version: 2.5.25 - Ventuz Technology)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Virtuallab 6.2.2 (HKLM-x32\...\Virtuallab_is1) (Version:  - NASA and University of Illinois at Urbana Champaign)
VLC media player 1.1.10 (HKLM-x32\...\VLC media player) (Version: 1.1.10 - VideoLAN)
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
Winamp3 (remove only) (HKLM-x32\...\Winamp3) (Version:  - )
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
XBSlink (HKLM-x32\...\XBSlink) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\jesper1\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\jesper1\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\jesper1\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-07-25 17:27 - 00000862 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {10E107F5-9F9A-4A55-B92E-10CFBA6F79B8} - System32\Tasks\Restart Capsule Task => C:\Program Files (x86)\Capsule\bin\Capsule.exe
Task: {27CBE514-7ACB-4307-B8CD-12F77AF96F08} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3597317893-1479406781-1183269255-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {3AFE14E6-3970-401D-A24C-16041DF5F3EE} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3597317893-1479406781-1183269255-1006 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {3D592177-3525-48EC-A869-3CC1D7E587D1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1000UA => C:\Users\jesper\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {43A49A11-EF3F-427E-ACE7-037D53354C03} - System32\Tasks\{F3AEDA6C-CD6B-4F82-955C-9CB4BCD2D36D} => G:\Install\setup.exe
Task: {49523480-9C0B-49C7-B2EE-97919D0BA962} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1006UA => C:\Users\jesper1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-15] (Google Inc.)
Task: {55B4F489-A4EA-4B92-B4AC-0948AF3810D5} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3597317893-1479406781-1183269255-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {629193CD-D74E-4613-8EA5-6D709D7A4F53} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1006Core => C:\Users\jesper1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-15] (Google Inc.)
Task: {7F9F8D87-516A-4CAA-92EB-2E6D6BD00A0E} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3597317893-1479406781-1183269255-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {86AC1CA9-F123-4755-9A54-E88484BC8102} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1000Core => C:\Users\jesper\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {9B63D3F8-3866-4D58-9C1C-AE2167070CAA} - System32\Tasks\{6FAE2A4E-6313-40C2-9803-67C6DA89EBF8} => Firefox.exe hxxp://ui.skype.com/ui/0/5.3.0.120/de/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-installed;madedefault
Task: {BCE6A995-F611-4BB4-A278-78788C27AC2F} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3597317893-1479406781-1183269255-1006 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {C33273E9-40AA-4541-BBE4-CE3EB9A55EE5} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3597317893-1479406781-1183269255-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {C9871D6C-1431-4C51-A60E-79275A857770} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3597317893-1479406781-1183269255-1006 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {D877E72B-67D5-4076-92DE-481709FDDF81} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {DB27C846-DAE6-48FB-A387-E016C44D2015} - System32\Tasks\{9F812417-0EFB-4DD2-8B2E-27DDA81DEDFC} => E:\spiele\age3\age3.exe
Task: {EC8C529E-7328-43A5-BB8B-0FE1D29E9BD2} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3597317893-1479406781-1183269255-1006 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1000Core.job => C:\Users\jesper\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1000UA.job => C:\Users\jesper\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1006Core.job => C:\Users\jesper1\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1006UA.job => C:\Users\jesper1\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-10-29 11:31 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-08-16 14:07 - 2008-06-20 00:41 - 00062464 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2010-06-24 11:07 - 2010-06-24 11:07 - 00123712 _____ () C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NPShellExtension64.dll
2011-09-04 14:13 - 2011-08-02 11:47 - 00159232 _____ () C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe
2014-06-10 17:50 - 2014-06-10 17:50 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-06-10 22:03 - 2014-06-10 22:03 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2013-02-13 04:37 - 2013-02-13 04:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-07-06 11:31 - 2014-07-06 11:31 - 00861784 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2014-07-25 17:31 - 2014-07-25 17:31 - 00043008 _____ () c:\users\jesper1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpevtn_q.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\jesper1\AppData\Roaming\Dropbox\bin\libcef.dll
2011-08-31 16:44 - 2011-08-31 16:44 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2011-08-31 16:44 - 2011-08-31 16:44 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2013-02-13 04:38 - 2013-02-13 04:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2012-01-08 15:41 - 2012-01-08 15:41 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-07-17 08:39 - 2014-07-15 11:24 - 00718664 _____ () C:\Users\jesper1\AppData\Local\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-17 08:39 - 2014-07-15 11:24 - 00126280 _____ () C:\Users\jesper1\AppData\Local\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-17 08:39 - 2014-07-15 11:24 - 08537928 _____ () C:\Users\jesper1\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-17 08:39 - 2014-07-15 11:24 - 00353096 _____ () C:\Users\jesper1\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-17 08:39 - 2014-07-15 11:24 - 01732936 _____ () C:\Users\jesper1\AppData\Local\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:977BE2E9F2233890
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Microsoft:4xyOaSNrqmdg1yIYlqPZG52p
AlternateDataStreams: C:\ProgramData\Microsoft:nCY5YgXSXqiKflay4X791NtHc
AlternateDataStreams: C:\ProgramData\Temp:FCBEDCFD
AlternateDataStreams: C:\Users\jesper\AppData\Local:YamQImQmFbrzKASdojZpHs2c

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/21/2014 00:38:56 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (07/21/2014 00:37:40 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (07/21/2014 00:35:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/21/2014 09:43:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/20/2014 04:15:11 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (07/20/2014 04:13:58 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (07/20/2014 04:11:37 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/20/2014 03:01:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 36.0.1985.125, Zeitstempel: 0x53c4dbee
Name des fehlerhaften Moduls: chrome.dll, Version: 36.0.1985.125, Zeitstempel: 0x53c4d8ad
Ausnahmecode: 0xc0000005
Fehleroffset: 0x004a740e
ID des fehlerhaften Prozesses: 0xb28
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3

Error: (07/20/2014 10:19:45 AM) (Source: MsiInstaller) (EventID: 11601) (User: jesper-PC)
Description: Produkt: Java 7 Update 65 -- Datenträger voll: Kein Speicherplatz mehr -- Datenträger: 'C:'; erforderlicher Speicherplatz: 71.487 KB; verfügbarer Speicherplatz: 29.368 KB. Geben Sie Speicherplatz frei, und wiederholen Sie den Vorgang.

Error: (07/19/2014 00:33:20 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (07/25/2014 06:05:28 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/25/2014 06:04:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/25/2014 06:04:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/25/2014 06:03:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/25/2014 06:03:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/25/2014 05:52:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/25/2014 05:52:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/25/2014 05:51:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/25/2014 05:51:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/25/2014 05:50:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126


Microsoft Office Sessions:
=========================
Error: (06/26/2014 03:07:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/28/2010 09:12:49 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1027 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 36%
Total physical RAM: 4090.61 MB
Available physical RAM: 2613.09 MB
Total Pagefile: 8179.41 MB
Available Pagefile: 6385.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:45.41 GB) (Free:5.9 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:5 GB) (Free:2.32 GB) NTFS
Drive e: () (Fixed) (Total:237.67 GB) (Free:13.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: B6394A61)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=45 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=238 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=05)

==================== End Of Log ============================
         


Alt 25.07.2014, 18:43   #6
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Avira durch gruppenrichtlinie blockiert - Standard

Avira durch gruppenrichtlinie blockiert



Schritt 1



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
ATTFilter
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKU\S-1-5-21-3597317893-1479406781-1183269255-1006\...\Run: [EdjalJahqi] => regsvr32.exe "
         
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.

Schritt 2

Avira Echtzeitscanner ausschalten:


Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Avira durch gruppenrichtlinie blockiert

Alt 25.07.2014, 18:50   #7
nug0tt
 
Avira durch gruppenrichtlinie blockiert - Standard

Avira durch gruppenrichtlinie blockiert



Hallo,
hier die Fixlog.txt
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-07-2014 01
Ran by jesper1 at 2014-07-25 18:47:04 Run:1
Running from C:\Users\jesper1\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION HKU\S-1-5-21-3597317893-1479406781-1183269255-1006\...\Run: [EdjalJahqi] => regsvr32.exe "
*****************

HKLM => Group Policy Restriction on software restored successfully.

==== End of Fixlog ====
         

Alt 25.07.2014, 18:53   #8
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Avira durch gruppenrichtlinie blockiert - Standard

Avira durch gruppenrichtlinie blockiert



Fix nochmal machen.

Auf die Formatierung des Textes achten:

Das müssen drei Zeilen sein. Bei Dir ist es eine. Daher hat der Fix nicht geklappt.
Code:
ATTFilter
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKU\S-1-5-21-3597317893-1479406781-1183269255-1006\...\Run: [EdjalJahqi] => regsvr32.exe "
         
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 25.07.2014, 19:21   #9
nug0tt
 
Avira durch gruppenrichtlinie blockiert - Standard

Avira durch gruppenrichtlinie blockiert



OH Nein. Ist es problematisch, dass ich nun auch schon Combofix ausgeführt habe?

hier jedenfalls der neue Fixlog
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-07-2014 01
Ran by jesper1 at 2014-07-25 19:18:50 Run:2
Running from C:\Users\jesper1\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKU\S-1-5-21-3597317893-1479406781-1183269255-1006\...\Run: [EdjalJahqi] => regsvr32.exe "

*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKU\S-1-5-21-3597317893-1479406781-1183269255-1006\Software\Microsoft\Windows\CurrentVersion\Run\\EdjalJahqi => Value not found.

==== End of Fixlog ====
         

Alt 25.07.2014, 19:22   #10
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Avira durch gruppenrichtlinie blockiert - Standard

Avira durch gruppenrichtlinie blockiert



Combofix-Log bitte posten...
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 25.07.2014, 19:24   #11
nug0tt
 
Avira durch gruppenrichtlinie blockiert - Standard

Avira durch gruppenrichtlinie blockiert



Oh ja klar

Combofilxlog
Code:
ATTFilter
ComboFix 14-07-25.01 - jesper1 25.07.2014  18:55:41.1.2 - x64
ausgeführt von:: c:\users\jesper1\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\2433f433
c:\users\jesper1\AppData\Roaming\2433f433
c:\windows\IsUn0407.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-06-25 bis 2014-07-25  ))))))))))))))))))))))))))))))
.
.
2014-07-25 17:03 . 2014-07-25 17:03	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-07-25 17:03 . 2014-07-25 17:03	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2014-07-25 13:59 . 2014-07-25 16:47	--------	d-----w-	C:\FRST
2014-07-20 19:26 . 2014-06-06 04:38	822384	----a-w-	c:\program files (x86)\Mozilla Firefox\icuuc52.dll
2014-07-20 19:26 . 2014-06-06 04:38	1022576	----a-w-	c:\program files (x86)\Mozilla Firefox\icuin52.dll
2014-07-20 19:26 . 2014-06-06 04:38	10594416	----a-w-	c:\program files (x86)\Mozilla Firefox\icudt52.dll
2014-07-20 08:43 . 2014-07-20 08:43	--------	d-----w-	c:\users\jesper1\AppData\Roaming\Apple Computer
2014-07-18 10:41 . 2014-07-18 12:26	--------	d-----w-	c:\program files (x86)\FLAC
2014-07-18 10:34 . 2014-07-18 10:34	--------	d-----w-	c:\program files (x86)\Winamp
2014-07-17 23:16 . 2014-07-25 13:42	--------	d-----w-	c:\programdata\EdjalJahqi
2014-07-11 17:55 . 2014-07-11 17:55	--------	d-----w-	c:\users\jesper1\applogs
2014-07-11 17:55 . 2014-07-11 17:57	--------	d-----w-	C:\jexepackres
2014-07-08 13:29 . 2014-07-08 13:29	159744	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2014-07-08 13:29 . 2014-07-08 13:29	159744	----a-w-	c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin5.dll
2014-07-08 13:29 . 2014-07-08 13:29	159744	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2014-07-08 13:29 . 2014-07-08 13:29	159744	----a-w-	c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin4.dll
2014-07-08 13:29 . 2014-07-08 13:29	159744	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2014-07-08 13:29 . 2014-07-08 13:29	159744	----a-w-	c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin3.dll
2014-07-08 13:29 . 2014-07-08 13:29	159744	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2014-07-08 13:29 . 2014-07-08 13:29	159744	----a-w-	c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin2.dll
2014-07-08 13:29 . 2014-07-08 13:29	159744	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2014-07-08 13:29 . 2014-07-08 13:29	159744	----a-w-	c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin.dll
2014-07-08 13:28 . 2014-07-08 13:28	--------	d-----w-	c:\program files (x86)\QuickTime
2014-07-08 13:28 . 2014-07-08 13:28	--------	d-----w-	c:\programdata\Apple Computer
2014-07-08 13:27 . 2014-07-08 13:27	--------	d-----w-	c:\program files (x86)\Common Files\Apple
2014-07-08 13:27 . 2014-07-08 13:27	--------	d-----w-	c:\users\jesper1\AppData\Local\Apple
2014-07-08 13:24 . 2014-07-08 13:24	--------	d-----w-	c:\programdata\Apple
2014-07-08 13:24 . 2014-07-08 13:24	--------	d-----w-	c:\program files (x86)\Apple Software Update
2014-07-06 09:32 . 2014-07-06 09:32	--------	d-----w-	c:\users\jesper1\AppData\Roaming\RealNetworks
2014-07-06 09:32 . 2014-07-06 09:32	--------	d-----w-	c:\programdata\RealNetworks
2014-07-06 09:32 . 2014-07-06 09:32	--------	d-----w-	c:\program files (x86)\RealNetworks
2014-07-06 09:31 . 2014-07-06 09:31	--------	d-----w-	c:\program files (x86)\Common Files\xing shared
2014-07-06 09:31 . 2014-07-06 09:31	153672	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2014-07-06 09:31 . 2014-07-06 09:31	148552	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
2014-07-06 09:31 . 2014-07-06 09:31	505416	----a-w-	c:\windows\SysWow64\msvcp71.dll
2014-07-06 09:31 . 2014-07-06 09:31	353864	----a-w-	c:\windows\SysWow64\msvcr71.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-10 09:49 . 2013-05-14 06:26	42040	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2014-07-08 22:15 . 2012-04-05 18:22	699056	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-08 22:15 . 2011-05-22 07:36	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-03 13:27 . 2013-05-14 06:24	117712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-05-27 14:01 . 2013-05-14 06:24	130584	----a-w-	c:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Bonus.SSR.FR11"="c:\program files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2011-11-07 934152]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-07-03 750160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2014-07-06 296520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
.
c:\users\jesper1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\jesper1\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-21 35464216]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-1-23 1014112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
RealPlayer Cloud Service UI.lnk - c:\program files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe [2014-7-6 1022048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 ABBYY.Licensing.FineReader.Professional.11.0;ABBYY FineReader 11 PE Licensing Service;c:\program files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe;c:\program files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 CDMA Device Service;CDMA Device Service;c:\program files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe;c:\program files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe [x]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [x]
S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 RealPlayer Cloud Service;RealPlayer Cloud Service;c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe;c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [x]
S2 RealPlayerUpdateSvc;RealPlayer Update Service;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [x]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 22:15]
.
2014-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1006Core.job
- c:\users\jesper1\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-09 09:33]
.
2014-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1006UA.job
- c:\users\jesper1\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-09 09:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} - hxxps://www.olb.de/olb_fb3_1867b/plugin/AXFOAM.CAB
DPF: {C752FF21-A8EF-468E-B507-5BBAFB84359E} - hxxps://hbciweb.olb.de/financebrowser5/plugin/Signlet-Plugin.CAB
FF - ProfilePath - c:\users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\
FF - prefs.js: browser.search.selectedEngine - Google.de
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.musicfrost.com/results.php?q=
FF - prefs.js: network.proxy.type - 2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-EdjalJahqi - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-KiesTrayAgent - c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe
AddRemove-Digital Editions - c:\program files (x86)\Adobe\Adobe Digital Editions\uninstall.exe
AddRemove-EH_Bewmuster - c:\windows\IsUn0407.exe
AddRemove-Minecraft Cracked - c:\users\jesper\AppData\Roaming\.minecraft\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
   55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
   03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
   34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
   36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{6FE6A929-59D1-4763-91AD-29B61CFFB35B}"=hex:51,66,7a,6c,4c,1d,38,12,47,aa,f5,
   6b,e3,17,0d,02,ee,bb,6a,f6,19,a1,f7,4f
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:41,bd,33,85,22,34,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,ef,92,20,e6,36,b0,48,8d,6c,28,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,ef,92,20,e6,36,b0,48,8d,6c,28,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:a5,e4,d0,9a,ef,99,80,7c,32,7f,d6,6b,ae,a4,1f,c1,e9,2b,42,0a,fb,
   24,c6,11,38,97,ec,49,82,8b,cb,08,49,02,9a,03,73,d3,a5,37,61,8e,77,0a,84,0d,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:a5,e4,d0,9a,ef,99,80,7c,32,7f,d6,6b,ae,a4,1f,c1,e9,2b,42,0a,fb,
   24,c6,11,38,97,ec,49,82,8b,cb,08,49,02,9a,03,73,d3,a5,37,61,8e,77,0a,84,0d,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\users\jesper1\AppData\Roaming\Dropbox\bin\Dropbox.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-07-25  19:13:03 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-07-25 17:13
.
Vor Suchlauf: 6.201.749.504 Bytes frei
Nach Suchlauf: 6.821.687.296 Bytes frei
.
- - End Of File - - C2CFF746809F4B3E45D304966AB20534
A36C5E4F47E84449FF07ED3517B43A31
         

Alt 25.07.2014, 19:52   #12
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Avira durch gruppenrichtlinie blockiert - Standard

Avira durch gruppenrichtlinie blockiert



Ok...

Schritt 1

Malwarebytes Antimalware
  • Download-Link
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Unter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
  • Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten".
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...)
  • Poste mir den Inhalt der Logdatei (geht so...). Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread.

Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt 3



Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

Schritt 4
Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.




Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 25.07.2014, 20:50   #13
nug0tt
 
Avira durch gruppenrichtlinie blockiert - Standard

Avira durch gruppenrichtlinie blockiert



hier schonmal der malwarebyteslog
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 25.07.2014
Suchlauf-Zeit: 20:06:49
Logdatei: 
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.25.06
Rootkit Datenbank: v2014.07.17.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: jesper1

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 372236
Verstrichene Zeit: 20 Min, 40 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 2
Redir.GSearch, HKU\S-1-5-21-3597317893-1479406781-1183269255-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{D7BE8ED1-B138-48FD-BB22-9779A39130B1}, In Quarantäne, [7829acf4b1cab284ca0cf48a5da508f8], 
Redir.GSearch, HKU\S-1-5-21-3597317893-1479406781-1183269255-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{D7BE8ED1-B138-48FD-BB22-9779A39130B1}, In Quarantäne, [7829acf4b1cab284ca0cf48a5da508f8], 

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 2
Trojan.Agent, C:\ProgramData\2992199F9A\33gjza1.cpp, In Quarantäne, [5b461a867a013afcc23cb1d1f20f9e62], 
Trojan.Agent.TPL, C:\Users\jesper1\AppData\Local\2433f433, In Quarantäne, [5849acf459221620212c679524df2dd3], 

Physische Sektoren: 0
(No malicious items detected)


(end)
         

Alt 25.07.2014, 20:54   #14
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Avira durch gruppenrichtlinie blockiert - Standard

Avira durch gruppenrichtlinie blockiert



OK...
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 26.07.2014, 07:16   #15
nug0tt
 
Avira durch gruppenrichtlinie blockiert - Standard

Avira durch gruppenrichtlinie blockiert



hier die log von Eset
Code:
ATTFilter
C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll	Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung	gelöscht - in Quarantäne kopiert
C:\Program Files (x86)\Avira\AntiVir Desktop\apnstub.exe	Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung	gelöscht - in Quarantäne kopiert
C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe	Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung	gelöscht - in Quarantäne kopiert
C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe	Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung	gelöscht - in Quarantäne kopiert
C:\Program Files (x86)\Common Files\DVDVideoSoft\TB\DVDVideoSoftTB.exe	Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
C:\Program Files (x86)\NCH Software\Express\express.exe	Variante von Win32/Bundled.Toolbar.Google.C potenziell unsichere Anwendung	gelöscht - in Quarantäne kopiert
C:\Program Files (x86)\NCH Software\Express\expresssetup_v5.67.exe	Variante von Win32/Bundled.Toolbar.Google.C potenziell unsichere Anwendung	gelöscht - in Quarantäne kopiert
C:\Program Files (x86)\NCH Software\Scribe\scribe.exe	möglicherweise Variante von Win32/Bundled.Toolbar.Google.C potenziell unsichere Anwendung	gelöscht - in Quarantäne kopiert
C:\Program Files (x86)\NCH Software\Scribe\scribesetup_v5.58.exe	möglicherweise Variante von Win32/Bundled.Toolbar.Google.C potenziell unsichere Anwendung	gelöscht - in Quarantäne kopiert
C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe	Win32/Toolbar.Widgi evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
C:\Users\jesper1\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\564e2fc0-487a112f	Mehrere Bedrohungen	Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\jesper1\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\29b32e91-343fc110	Mehrere Bedrohungen	Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\jesper1\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\685e9593-3b9ffd3b	Mehrere Bedrohungen	Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\jesper1\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\19635bc4-2ea4cb0a	Mehrere Bedrohungen	Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\jesper1\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\65ed19f4-1bd00909	Mehrere Bedrohungen	Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\jesper1\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\7639ca79-68e47462	Mehrere Bedrohungen	Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\jesper1\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\1ca772bd-6943346b	Variante von Java/Exploit.CVE-2013-1493.FY Trojaner	Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\jesper1\Desktop\PhotoScape_V3.6.2.exe	Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung	gelöscht - in Quarantäne kopiert
E:\Bitcoin\bitcoin-qt.exe	Variante von Win32/BitCoinMiner.BJ potenziell unsichere Anwendung	gelöscht - in Quarantäne kopiert
E:\Bitcoin\daemon\bitcoind.exe	Variante von Win32/BitCoinMiner.BJ potenziell unsichere Anwendung	gelöscht - in Quarantäne kopiert
E:\downloads\Paragon.Partition.Manager.v9.0.rar	Variante von Win32/Injector.DAT Trojaner	gelöscht - in Quarantäne kopiert
E:\images\BIOS_SLIC_2.1_2010-06-20\PubKeyCompare 1.0.0.5\PubKeyCompare.exe	Variante von Win32/Packed.ExeScript.B Trojaner	Gesäubert durch Löschen - in Quarantäne kopiert
E:\multiAVCHD\tools\process.exe	Win32/PrcView potenziell unsichere Anwendung	gelöscht - in Quarantäne kopiert
E:\rs\AstroburnLite170-0175.exe	Win32/OpenCandy potenziell unsichere Anwendung	gelöscht - in Quarantäne kopiert
E:\rs\bitcoin-0.8.5-win32-setup.exe	Variante von Win32/BitCoinMiner.BJ potenziell unsichere Anwendung	gelöscht - in Quarantäne kopiert
E:\rs\DTLite4471-0333.exe	Win32/DownWare.L evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
E:\rs\essetup.exe	möglicherweise Variante von Win32/Bundled.Toolbar.Google.C potenziell unsichere Anwendung	gelöscht - in Quarantäne kopiert
E:\rs\installer_gameranger_4_9_170610_Deutsch.exe	Win32/Toolbar.Babylon evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
E:\rs\ISOpenSetup.exe	Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
E:\rs\multiAVCHD_4.1.exe	Win32/PrcView potenziell unsichere Anwendung	gelöscht - in Quarantäne kopiert
E:\rs\PDFCreator-1_2_3_setup.exe	Win32/Toolbar.Widgi evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
E:\rs\speedupmypc.exe	Win32/SpeedUpMyPC evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
E:\rs\YouTubeDownloaderSetup262.exe	möglicherweise Variante von Win32/Toolbar.Widgi evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
E:\rs\rsdf loads\BIOS_SLIC_2.1_2010-06-20.zip	Variante von Win32/Packed.ExeScript.B Trojaner	gelöscht - in Quarantäne kopiert
E:\rs\rsdf loads\flac-1.2.1b - CHIP-Installer.exe	Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung	gelöscht - in Quarantäne kopiert
         

Antwort

Themen zu Avira durch gruppenrichtlinie blockiert
device driver, durch gruppenrichtlinie blockiert, gruppenrichtlinie, gruppenrichtlinie blockiert, java/exploit.cve-2013-1493.fy, koyote, redir.gsearch, trojan.agent, trojan.agent.tpl, win32/bitcoinminer.bj, win32/bundled.toolbar.ask, win32/bundled.toolbar.ask.d, win32/bundled.toolbar.ask.g, win32/bundled.toolbar.google.c, win32/bundled.toolbar.google.d, win32/downloadsponsor.a, win32/downware.l, win32/injector.dat, win32/packed.exescript.b, win32/toolbar.babylon, win32/toolbar.conduit.b, win32/toolbar.searchsuite, win32/toolbar.widgi



Ähnliche Themen: Avira durch gruppenrichtlinie blockiert


  1. Avira Antivir wird durch eine Gruppenrichtlinie blockiert
    Plagegeister aller Art und deren Bekämpfung - 06.01.2015 (11)
  2. Avira wird durch eine Gruppenrichtlinie blockiert
    Plagegeister aller Art und deren Bekämpfung - 23.12.2014 (25)
  3. 2x Avira wurde durch eine Gruppenrichtlinie blockiert. Was soll ich tuhen?
    Mülltonne - 27.07.2014 (2)
  4. Avira wurde durch eine Gruppenrichtlinie blockiert. Was soll ich machen?
    Log-Analyse und Auswertung - 27.07.2014 (1)
  5. Avira - Dieses Programm wurde durch eine Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 05.07.2014 (5)
  6. Avira durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 28.06.2014 (13)
  7. Vista: Avira wurde durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 15.06.2014 (13)
  8. Avira Virenprogramm durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 11.06.2014 (1)
  9. Windows 7: Avira wurde durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 11.06.2014 (17)
  10. Win7 Pro - SP 1 - 32 Bit - Avira durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 11.06.2014 (14)
  11. Avira wurde durch eine Gruppenrichtlinie blockiert!
    Alles rund um Windows - 05.06.2014 (5)
  12. Win7: Avira wird durch Gruppenrichtlinie blockiert.
    Log-Analyse und Auswertung - 22.05.2014 (9)
  13. Trojanerbefall - Avira Antivirus Free durch Gruppenrichtlinie blockiert!
    Log-Analyse und Auswertung - 15.05.2014 (7)
  14. WIN7: Avira wird durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 14.05.2014 (9)
  15. Avira Start wird durch eine Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 21.04.2014 (9)
  16. Avira wird durch eine Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 03.04.2014 (15)
  17. avira: dieses programm wurde durch eine gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 03.12.2013 (11)

Zum Thema Avira durch gruppenrichtlinie blockiert - Hallo liebe Virenprofis, ich habe folgendes Problem, über das ich hier schon öfters gelesen habe. Ich kann leider nichts mit den Log Dateien von Farbar anfangen, daher poste ich sie - Avira durch gruppenrichtlinie blockiert...
Archiv
Du betrachtest: Avira durch gruppenrichtlinie blockiert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.