Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Free Driver Scout - Zusatzprogramme

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.08.2014, 22:02   #1
magigstar
 
Free Driver Scout - Zusatzprogramme - Standard

Free Driver Scout - Zusatzprogramme



Guten Abend,

ich hab einen völlig dummen Fehler gemacht.
Ich habe Free Driver Scout installiert, und die ganzen Zusatzprogramme ebenso.

Nun habe ich trovi search und startweb als Suchfenster. Desweiteren Security Guard 0.2 als Add-On.
Und irgendein Init oder so wollte auch sich als Add-On einnisten.

Ganz davon abgesehen, dass mein AntiVir gemeldet hat, da wäre ein Virus.
Was habe ich jetzt bloß alles heruntergeladen und wie gefährlich ist es?


Und vor allem, wie kriege ich alles wieder weg?

Alt 01.08.2014, 22:15   #2
Bootsektor
/// TB-Ausbilder
 
Free Driver Scout - Zusatzprogramme - Standard

Free Driver Scout - Zusatzprogramme





Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem
  • Führe bitte nur Scans durch zu denen Du von mir aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
  • Poste die Logfiles direkt in deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Posten in Code Tags
Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke.
Dazu:
  • Klicke über dem Antwortfenster auf die Raute #, dann steht dort in eckigen Klammern [] CODE /CODE.
  • Zwischen den beiden code-Bausteinen fügst Du dann deine Logfiles ein. Also CODE Logfile /CODE
  • Wenn die Logs zu lang sein sollten, dann teile sie bitte auf und poste sie dann hier in Deinem Thread, notfalls in mehreren Antworten.

Lass uns mal schauen
Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 01.08.2014, 22:21   #3
magigstar
 
Free Driver Scout - Zusatzprogramme - Standard

Free Driver Scout - Zusatzprogramme



Vielen Dank...

Ich verlängere mal die Liste:

- Immitent (Toolbar)
- IObit Uninstaller
- Advanced SystemCare 7
- Surfing Protection
__________________

Alt 01.08.2014, 22:22   #4
Bootsektor
/// TB-Ausbilder
 
Free Driver Scout - Zusatzprogramme - Standard

Free Driver Scout - Zusatzprogramme



Bekommen wir hin

Ich brauch nur erst die FRST.txt und addition.txt

Alt 01.08.2014, 22:37   #5
magigstar
 
Free Driver Scout - Zusatzprogramme - Standard

Free Driver Scout - Zusatzprogramme



Hallo Sandra :-)


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 02
Ran by XXXXXX XXXXXX (administrator) on ARBEITSCOMPUTER on 01-08-2014 23:27:55
Running from C:\Users\XXXXXX XXXXXX\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Common Files\AAV\aavus.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\No-IP\ducservice.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\PLFSetI.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe
(RescueTime, Inc.) C:\Program Files (x86)\RescueTime\RescueTime.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Mirko Böer) C:\Program Files (x86)\SSS\SimpleScreenshot.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\SteganosHotKeyService.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\fredirstarter.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicator.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mirko Böer) C:\Program Files\AmP\AmP.exe
(Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-07-23] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-11] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-29] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2011-11-13] ()
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [3942216 2011-01-25] (O&O Software GmbH)
HKLM\...\Run: [PLFSetL] => C:\Windows\PLFSetL.exe [99712 2011-01-13] (Sonix Technology Co., Ltd.)
HKLM\...\Run: [SNUVCDSM] => C:\Windows\snuvcdsm.exe [30080 2011-01-13] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-02] (Dritek System Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [SimpleScreenshot] => C:\Program Files (x86)\SSS\SIMPLESCREENSHOT.EXE [2255360 2008-02-09] (Mirko Böer)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Steganos HotKeys] => C:\Program Files (x86)\Steganos Safe 14\SteganosHotKeyService.exe [100864 2014-02-25] (Steganos Software GmbH)
HKLM-x32\...\Run: [SAFE14 File Redirection Starter] => C:\Program Files (x86)\Steganos Safe 14\fredirstarter.exe [17408 2014-02-25] (Steganos Software GmbH)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [HP Deskjet 3070 B611 series (NET)] => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [1128000 2014-06-03] (BillP Studios)
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [ALBATTTOOL] => C:\Program Files (x86)\AkkuLine.de\AkkuLine Batterie-Tool\AL-Batterie-Tool.exe
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [SAFE14 Browser Monitor] => C:\Program Files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe [70144 2014-02-25] (Steganos Software GmbH)
HKU\S-1-5-21-1242904208-471078349-2963378918-1003\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-1242904208-471078349-2963378918-1003\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
Startup: C:\Users\XXXXXX XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk
ShortcutTarget: RescueTime.lnk -> C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3320326&octid=EB_ORIGINAL_CTID&ISID=MD4C1BF03-46E7-4AE1-9ECF-D95BDF14B1E3&SearchSource=58&CUI=&UM=6&UP=SPC7363D78-F165-417D-9298-7B6C89FADDA5&q={searchTerms}&SSPV=
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} ->  No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\XXXXXX XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\7ypdkl8a.default
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: hxxp://arbeits-abc.de/forum/|hxxp://empire.goodgamestudios.com/?country=DE
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\XXXXXX XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\7ypdkl8a.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\XXXXXX XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\7ypdkl8a.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\XXXXXX XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\7ypdkl8a.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-06-08]
FF Extension: ProxTube - C:\Users\XXXXXX XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\7ypdkl8a.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2014-07-28]
FF Extension: NoScript - C:\Users\XXXXXX XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\7ypdkl8a.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-06-08]
FF Extension: LeechBlock - C:\Users\XXXXXX XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\7ypdkl8a.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387x}.xpi [2014-03-09]
FF Extension: LeechBlock - C:\Users\XXXXXX XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\7ypdkl8a.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2014-07-12]
FF Extension: Adblock Plus - C:\Users\XXXXXX XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\7ypdkl8a.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-14]

Chrome: 
=======
CHR HomePage: 

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Common Files\AAV\aavus.exe [122880 2007-10-04] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 BotkindSyncService; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [182784 2013-10-10] () [File not signed]
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241704 2014-03-25] (Foxit Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-11] (Egis Technology Inc.)
R2 NoIPDUCService4; C:\Program Files (x86)\No-IP\ducservice.exe [11264 2013-01-24] () [File not signed]
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3051848 2011-01-25] (O&O Software GmbH)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] () [File not signed]
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) [File not signed]
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe [72344 2008-05-19] (SiSoftware) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [247152 2010-04-27] ()
S2 HPSLPSVC; C:\Users\DANIEL~1\AppData\Local\Temp\7zS0A83\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 EkaProt6; C:\Windows\System32\DRIVERS\ekaprot6.sys [27288 2012-03-23] (Ekahau Inc.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [109144 2014-01-30] (Softwareentwicklung Remus - ArchiCrypt - )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806592 2011-01-13] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
R4 iscreenyfilter; iscreenyfilter.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-01 23:26 - 2014-08-01 23:27 - 00064125 _____ () C:\Users\XXXXXX XXXXXX\Desktop\Addition.txt
2014-08-01 23:25 - 2014-08-01 23:28 - 00024288 _____ () C:\Users\XXXXXX XXXXXX\Desktop\FRST.txt
2014-08-01 23:25 - 2014-08-01 23:27 - 00000000 ____D () C:\FRST
2014-08-01 23:24 - 2014-08-01 23:25 - 02094080 _____ (Farbar) C:\Users\XXXXXX XXXXXX\Desktop\FRST64.exe
2014-08-01 23:21 - 2014-08-01 23:21 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-08-01 23:11 - 2014-08-01 23:11 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Roaming\ProductData
2014-08-01 23:10 - 2014-08-01 23:10 - 00000000 ____D () C:\ProgramData\ProductData
2014-08-01 23:10 - 2014-08-01 23:10 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-08-01 23:09 - 2014-08-01 23:21 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-08-01 23:09 - 2014-08-01 23:10 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Roaming\IObit
2014-08-01 23:09 - 2014-08-01 23:10 - 00000000 ____D () C:\ProgramData\IObit
2014-08-01 23:09 - 2014-08-01 23:09 - 00002876 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (XXXXXX XXXXXX)
2014-08-01 22:47 - 2014-08-01 22:47 - 00000000 ____D () C:\Program Files\005
2014-08-01 22:46 - 2014-08-01 22:47 - 00000000 ____D () C:\temp
2014-08-01 22:46 - 2014-08-01 22:46 - 00000000 ____D () C:\Windows\LastGood
2014-08-01 22:40 - 2014-08-01 22:44 - 00000000 ____D () C:\ProgramData\FreeDriverScout
2014-08-01 22:40 - 2014-08-01 22:40 - 00004150 _____ () C:\Windows\System32\Tasks\FreeDriverScout
2014-08-01 22:40 - 2014-08-01 22:40 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Documents\Freemium Driver Utilities
2014-08-01 22:39 - 2014-08-01 22:39 - 00004196 _____ () C:\Windows\System32\Tasks\Software Updater
2014-08-01 22:38 - 2014-08-01 22:39 - 00000000 ____D () C:\Program Files\SoftwareUpdater
2014-08-01 22:38 - 2014-08-01 22:38 - 00000000 ____D () C:\Program Files\Covus Freemium
2014-08-01 22:37 - 2014-08-01 22:47 - 00000000 ____D () C:\Program Files (x86)\PC Speed Up
2014-08-01 22:36 - 2014-08-01 22:53 - 00000000 ____D () C:\Program Files (x86)\Security Guard
2014-08-01 22:36 - 2014-08-01 22:36 - 16527392 _____ (IObit ) C:\Users\XXXXXX XXXXXX\Downloads\driver_booster_setup_1.4.0.exe
2014-08-01 17:08 - 2014-08-01 17:08 - 00000287 _____ () C:\Users\XXXXXX XXXXXX\Desktop\Vorsicht bei diesen 10 Interessenten-Typen - unternehmenskick.de.URL
2014-08-01 17:01 - 2014-08-01 17:01 - 00000245 _____ () C:\Users\XXXXXX XXXXXX\Desktop\Amazon.de Gitte Härter Bücher, Hörbücher, Bibliografie, Diskussionen.URL
2014-08-01 16:56 - 2014-08-01 16:56 - 00000254 _____ () C:\Users\XXXXXX XXXXXX\Desktop\Video Selbstsabotage erkennen - unternehmenskick.de.URL
2014-08-01 16:51 - 2014-08-01 16:51 - 00000244 _____ () C:\Users\XXXXXX XXXXXX\Desktop\ARERO - DER WELTFONDS Fonds Kurs DWS0R4 LU0360863863.URL
2014-08-01 16:11 - 2014-08-01 16:11 - 00000343 _____ () C:\Users\XXXXXX XXXXXX\Desktop\Sell in May and go away Was die Börsenweisheiten von Kostolany, Buffett und Co. heute noch taugen eBook Jessica Schwarzer Am.URL
2014-08-01 15:18 - 2014-08-01 15:18 - 00001271 _____ () C:\Users\XXXXXX XXXXXX\Desktop\CoreTemp.ini
2014-08-01 14:01 - 2014-08-01 14:01 - 00000224 _____ () C:\Users\XXXXXX XXXXXX\Desktop\genublog*Blog.URL
2014-08-01 12:02 - 2014-08-01 12:02 - 02426824 _____ () C:\Users\XXXXXX XXXXXX\Downloads\Art.-Nr.10381
2014-08-01 12:01 - 2014-08-01 12:01 - 02631097 _____ () C:\Users\XXXXXX XXXXXX\Downloads\Art.-Nr(1).10102
2014-08-01 12:00 - 2014-08-01 12:00 - 02631097 _____ () C:\Users\XXXXXX XXXXXX\Downloads\Art.-Nr.10102
2014-08-01 10:31 - 2014-08-01 10:31 - 00000971 _____ () C:\Users\XXXXXX\Desktop\SpeedFan.lnk
2014-08-01 10:31 - 2014-08-01 10:31 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-08-01 10:26 - 2014-08-01 10:26 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Documents\Steganos Safe
2014-08-01 10:16 - 2014-08-01 10:16 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Desktop\Ordner2
2014-08-01 10:10 - 2014-08-01 10:11 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Desktop\Ordner
2014-08-01 10:07 - 2014-08-01 10:09 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Desktop\Word-Mails
2014-08-01 08:13 - 2014-06-22 13:16 - 00449904 _____ () C:\Windows\system32\Drivers\etc\hosts.20140801-081329.backup
2014-07-30 12:19 - 2014-07-30 12:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-27 14:09 - 2014-07-27 14:10 - 00020617 _____ () C:\Users\XXXXXX XXXXXX\Downloads\Protokoll Sitzung am 15.7.14.odt
2014-07-18 20:15 - 2014-07-18 20:15 - 00050803 _____ () C:\Users\XXXXXX XXXXXX\AppData\Local\recently-used.xbel
2014-07-18 14:58 - 2014-07-18 14:58 - 00000934 _____ () C:\Users\Public\Desktop\EinsteinBrainTrainer.lnk
2014-07-18 14:58 - 2014-07-18 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BBG Entertainment GmbH
2014-07-18 14:57 - 2014-07-18 14:58 - 00000000 ____D () C:\Program Files (x86)\EinsteinBrainTrainer
2014-07-16 13:45 - 2014-07-16 13:45 - 00001747 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-16 13:45 - 2014-07-16 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-16 13:44 - 2014-07-16 13:44 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-16 13:44 - 2014-07-16 13:44 - 00000000 ____D () C:\Program Files\iTunes
2014-07-16 13:44 - 2014-07-16 13:44 - 00000000 ____D () C:\Program Files\iPod
2014-07-16 13:44 - 2014-07-16 13:44 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-16 07:51 - 2014-07-25 22:35 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Desktop\Autos
2014-07-13 08:35 - 2014-07-13 08:36 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Desktop\Fotos Ordnung u. Essen
2014-07-11 00:29 - 2014-07-11 00:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steganos Safe 14
2014-07-11 00:29 - 2014-07-11 00:29 - 00000000 ____D () C:\Program Files (x86)\Steganos Safe 14
2014-07-10 17:50 - 2014-08-01 10:11 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Desktop\Gimp
2014-07-10 17:50 - 2014-07-10 17:50 - 00180570 _____ () C:\Users\XXXXXX XXXXXX\Downloads\dbp-1.1.8.zip
2014-07-09 19:29 - 2014-08-01 10:26 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Roaming\Steganos
2014-07-09 13:07 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 13:07 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 13:07 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 13:07 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 13:07 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 13:07 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 13:07 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 13:07 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 13:06 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 13:06 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 13:06 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 13:06 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 13:06 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 13:06 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 13:06 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 13:06 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 13:06 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 13:06 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 13:06 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 13:06 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 13:06 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 13:06 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 13:06 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 13:06 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 13:06 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 13:06 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 13:06 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 13:06 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 13:06 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 13:06 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 13:06 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 13:06 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 13:06 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 13:06 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 13:06 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 13:06 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 13:06 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 13:06 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 13:06 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 13:06 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 13:06 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 13:06 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 13:06 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 13:06 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 13:06 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 13:06 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 13:06 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 13:06 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 13:06 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 13:06 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 13:06 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 13:06 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 13:06 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 13:06 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 13:06 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 13:06 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 13:06 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 13:06 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 13:05 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 13:05 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 13:05 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 13:05 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 13:05 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 13:05 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 13:05 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 13:05 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 13:05 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 13:05 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 13:05 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 13:05 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 13:05 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 13:05 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 13:05 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 13:05 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 13:05 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 13:05 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 13:05 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 13:05 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 13:05 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 13:05 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 13:05 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-08 19:31 - 2014-07-08 19:31 - 00001138 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-08 19:31 - 2014-07-08 19:31 - 00001126 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-07-08 19:31 - 2014-07-08 19:31 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-07-08 18:12 - 2014-07-08 18:13 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Desktop\Joyce
2014-07-07 16:28 - 2014-07-07 16:28 - 00040044 _____ () C:\Users\XXXXXX XXXXXX\Downloads\tam608.wav
2014-07-07 13:14 - 2014-07-07 13:15 - 26773640 _____ (Steganos Software GmbH) C:\Users\XXXXXX XXXXXX\Downloads\safe14intwr.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-01 23:28 - 2014-08-01 23:25 - 00024288 _____ () C:\Users\XXXXXX XXXXXX\Desktop\FRST.txt
2014-08-01 23:27 - 2014-08-01 23:26 - 00064125 _____ () C:\Users\XXXXXX XXXXXX\Desktop\Addition.txt
2014-08-01 23:27 - 2014-08-01 23:25 - 00000000 ____D () C:\FRST
2014-08-01 23:25 - 2014-08-01 23:24 - 02094080 _____ (Farbar) C:\Users\XXXXXX XXXXXX\Desktop\FRST64.exe
2014-08-01 23:21 - 2014-08-01 23:21 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-08-01 23:21 - 2014-08-01 23:09 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-08-01 23:12 - 2011-11-13 22:43 - 02010812 _____ () C:\Windows\WindowsUpdate.log
2014-08-01 23:11 - 2014-08-01 23:11 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Roaming\ProductData
2014-08-01 23:10 - 2014-08-01 23:10 - 00000000 ____D () C:\ProgramData\ProductData
2014-08-01 23:10 - 2014-08-01 23:10 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-08-01 23:10 - 2014-08-01 23:09 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Roaming\IObit
2014-08-01 23:10 - 2014-08-01 23:09 - 00000000 ____D () C:\ProgramData\IObit
2014-08-01 23:10 - 2011-11-21 18:05 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Roaming\Apple Computer
2014-08-01 23:10 - 2011-11-14 07:34 - 00702664 _____ () C:\Windows\system32\perfh007.dat
2014-08-01 23:10 - 2011-11-14 07:34 - 00151424 _____ () C:\Windows\system32\perfc007.dat
2014-08-01 23:10 - 2009-07-14 07:13 - 01629998 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-01 23:09 - 2014-08-01 23:09 - 00002876 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (XXXXXX XXXXXX)
2014-08-01 23:07 - 2012-09-20 05:21 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-01 23:05 - 2012-08-14 19:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-01 23:04 - 2009-07-14 06:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-01 23:04 - 2009-07-14 06:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-01 22:59 - 2014-03-30 17:29 - 00005303 _____ () C:\Windows\system32\AutoPico.log
2014-08-01 22:53 - 2014-08-01 22:36 - 00000000 ____D () C:\Program Files (x86)\Security Guard
2014-08-01 22:47 - 2014-08-01 22:47 - 00000000 ____D () C:\Program Files\005
2014-08-01 22:47 - 2014-08-01 22:46 - 00000000 ____D () C:\temp
2014-08-01 22:47 - 2014-08-01 22:37 - 00000000 ____D () C:\Program Files (x86)\PC Speed Up
2014-08-01 22:46 - 2014-08-01 22:46 - 00000000 ____D () C:\Windows\LastGood
2014-08-01 22:44 - 2014-08-01 22:40 - 00000000 ____D () C:\ProgramData\FreeDriverScout
2014-08-01 22:40 - 2014-08-01 22:40 - 00004150 _____ () C:\Windows\System32\Tasks\FreeDriverScout
2014-08-01 22:40 - 2014-08-01 22:40 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Documents\Freemium Driver Utilities
2014-08-01 22:39 - 2014-08-01 22:39 - 00004196 _____ () C:\Windows\System32\Tasks\Software Updater
2014-08-01 22:39 - 2014-08-01 22:38 - 00000000 ____D () C:\Program Files\SoftwareUpdater
2014-08-01 22:38 - 2014-08-01 22:38 - 00000000 ____D () C:\Program Files\Covus Freemium
2014-08-01 22:36 - 2014-08-01 22:36 - 16527392 _____ (IObit ) C:\Users\XXXXXX XXXXXX\Downloads\driver_booster_setup_1.4.0.exe
2014-08-01 22:14 - 2013-11-02 10:43 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Roaming\Skype
2014-08-01 17:08 - 2014-08-01 17:08 - 00000287 _____ () C:\Users\XXXXXX XXXXXX\Desktop\Vorsicht bei diesen 10 Interessenten-Typen - unternehmenskick.de.URL
2014-08-01 17:01 - 2014-08-01 17:01 - 00000245 _____ () C:\Users\XXXXXX XXXXXX\Desktop\Amazon.de Gitte Härter Bücher, Hörbücher, Bibliografie, Diskussionen.URL
2014-08-01 16:56 - 2014-08-01 16:56 - 00000254 _____ () C:\Users\XXXXXX XXXXXX\Desktop\Video Selbstsabotage erkennen - unternehmenskick.de.URL
2014-08-01 16:51 - 2014-08-01 16:51 - 00000244 _____ () C:\Users\XXXXXX XXXXXX\Desktop\ARERO - DER WELTFONDS Fonds Kurs DWS0R4 LU0360863863.URL
2014-08-01 16:11 - 2014-08-01 16:11 - 00000343 _____ () C:\Users\XXXXXX XXXXXX\Desktop\Sell in May and go away Was die Börsenweisheiten von Kostolany, Buffett und Co. heute noch taugen eBook Jessica Schwarzer Am.URL
2014-08-01 15:18 - 2014-08-01 15:18 - 00001271 _____ () C:\Users\XXXXXX XXXXXX\Desktop\CoreTemp.ini
2014-08-01 14:01 - 2014-08-01 14:01 - 00000224 _____ () C:\Users\XXXXXX XXXXXX\Desktop\genublog*Blog.URL
2014-08-01 12:02 - 2014-08-01 12:02 - 02426824 _____ () C:\Users\XXXXXX XXXXXX\Downloads\Art.-Nr.10381
2014-08-01 12:01 - 2014-08-01 12:01 - 02631097 _____ () C:\Users\XXXXXX XXXXXX\Downloads\Art.-Nr(1).10102
2014-08-01 12:00 - 2014-08-01 12:00 - 02631097 _____ () C:\Users\XXXXXX XXXXXX\Downloads\Art.-Nr.10102
2014-08-01 11:39 - 2013-11-02 10:43 - 00002103 _____ () C:\Users\XXXXXX XXXXXX\Desktop\Skype.lnk
2014-08-01 10:40 - 2014-06-15 14:35 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-08-01 10:31 - 2014-08-01 10:31 - 00000971 _____ () C:\Users\XXXXXX\Desktop\SpeedFan.lnk
2014-08-01 10:31 - 2014-08-01 10:31 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-08-01 10:31 - 2014-06-15 14:35 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-08-01 10:26 - 2014-08-01 10:26 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Documents\Steganos Safe
2014-08-01 10:26 - 2014-07-09 19:29 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Roaming\Steganos
2014-08-01 10:24 - 2014-06-10 07:50 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2014-08-01 10:24 - 2009-11-05 02:36 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-01 10:23 - 2014-06-15 14:36 - 00000000 ____D () C:\ProgramData\WebTemp
2014-08-01 10:23 - 2014-06-15 14:29 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Roaming\JAM Software
2014-08-01 10:22 - 2011-11-13 23:53 - 00000000 ____D () C:\ProgramData\Temp
2014-08-01 10:20 - 2014-06-08 14:17 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-08-01 10:16 - 2014-08-01 10:16 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Desktop\Ordner
2014-08-01 10:11 - 2014-08-01 10:10 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Desktop\Ordner2
2014-08-01 10:11 - 2014-07-10 17:50 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Desktop\Gimp
2014-08-01 10:09 - 2014-08-01 10:07 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Desktop\Word-Mails
2014-08-01 10:09 - 2012-06-10 15:07 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Documents\Bewerbungen
2014-08-01 10:03 - 2014-06-15 22:36 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Desktop\Steuerfachthemen
2014-08-01 07:57 - 2012-09-20 05:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-01 07:56 - 2014-06-18 09:20 - 00003696 _____ () C:\Windows\setupact.log
2014-08-01 07:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-31 11:09 - 2012-01-01 10:33 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Documents\SZ
2014-07-30 18:06 - 2013-12-14 13:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-30 12:19 - 2014-07-30 12:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-27 14:10 - 2014-07-27 14:09 - 00020617 _____ () C:\Users\XXXXXX XXXXXX\Downloads\Protokoll Sitzung am 15.7.14.odt
2014-07-26 16:58 - 2012-03-25 12:40 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Documents\Steuerfälle
2014-07-25 22:35 - 2014-07-16 07:51 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Desktop\Autos
2014-07-25 06:01 - 2014-05-31 12:35 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Desktop\aufräumen, was geht
2014-07-24 18:02 - 2012-01-28 15:52 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 18:02 - 2012-01-28 15:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 13:03 - 2012-01-28 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-23 22:30 - 2014-06-28 08:10 - 14159872 _____ () C:\Users\XXXXXX XXXXXX\AppData\Roaming\Sandra.mdb
2014-07-18 20:15 - 2014-07-18 20:15 - 00050803 _____ () C:\Users\XXXXXX XXXXXX\AppData\Local\recently-used.xbel
2014-07-18 20:15 - 2014-06-15 20:34 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Local\gtk-2.0
2014-07-18 20:15 - 2012-08-29 11:11 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\.gimp-2.8
2014-07-18 14:58 - 2014-07-18 14:58 - 00000934 _____ () C:\Users\Public\Desktop\EinsteinBrainTrainer.lnk
2014-07-18 14:58 - 2014-07-18 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BBG Entertainment GmbH
2014-07-18 14:58 - 2014-07-18 14:57 - 00000000 ____D () C:\Program Files (x86)\EinsteinBrainTrainer
2014-07-16 13:45 - 2014-07-16 13:45 - 00001747 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-16 13:45 - 2014-07-16 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-16 13:44 - 2014-07-16 13:44 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-16 13:44 - 2014-07-16 13:44 - 00000000 ____D () C:\Program Files\iTunes
2014-07-16 13:44 - 2014-07-16 13:44 - 00000000 ____D () C:\Program Files\iPod
2014-07-16 13:44 - 2014-07-16 13:44 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-13 08:36 - 2014-07-13 08:35 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Desktop\Fotos Ordnung u. Essen
2014-07-11 00:29 - 2014-07-11 00:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steganos Safe 14
2014-07-11 00:29 - 2014-07-11 00:29 - 00000000 ____D () C:\Program Files (x86)\Steganos Safe 14
2014-07-10 18:14 - 2014-06-22 19:44 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Desktop\B
2014-07-10 17:57 - 2012-08-29 10:44 - 00000000 ____D () C:\Program Files\GIMP 2
2014-07-10 17:50 - 2014-07-10 17:50 - 00180570 _____ () C:\Users\XXXXXX XXXXXX\Downloads\dbp-1.1.8.zip
2014-07-10 13:02 - 2013-05-07 19:33 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-09 20:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-09 18:34 - 2009-07-14 06:45 - 00452872 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 18:32 - 2014-05-03 08:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 18:32 - 2009-11-05 02:26 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 18:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 18:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 17:51 - 2014-03-28 23:09 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-07-09 17:50 - 2009-11-05 05:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 17:47 - 2013-07-13 09:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 17:44 - 2011-11-18 20:58 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 12:05 - 2014-05-14 20:05 - 05659136 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-09 12:05 - 2012-04-02 20:28 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 12:05 - 2012-04-02 20:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 12:05 - 2011-11-15 22:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 00:36 - 2011-11-13 23:47 - 00113512 _____ () C:\Users\XXXXXX XXXXXX\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-08 19:31 - 2014-07-08 19:31 - 00001138 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-08 19:31 - 2014-07-08 19:31 - 00001126 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-07-08 19:31 - 2014-07-08 19:31 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-07-08 18:18 - 2012-08-29 10:44 - 00000898 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-07-08 18:13 - 2014-07-08 18:12 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Desktop\Joyce
2014-07-07 16:28 - 2014-07-07 16:28 - 00040044 _____ () C:\Users\XXXXXX XXXXXX\Downloads\tam608.wav
2014-07-07 13:15 - 2014-07-07 13:14 - 26773640 _____ (Steganos Software GmbH) C:\Users\XXXXXX XXXXXX\Downloads\safe14intwr.exe
2014-07-07 02:20 - 2012-04-20 19:28 - 00006656 _____ () C:\Users\XXXXXX XXXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-04 15:58 - 2014-06-29 08:18 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Desktop\SZ-Profile
2014-07-04 09:18 - 2012-09-22 18:09 - 00000000 ____D () C:\Windows\system32\oodag
2014-07-03 17:36 - 2014-06-20 14:07 - 00002432 _____ () C:\Windows\PFRO.log

Some content of TEMP:
====================
C:\Users\XXXXXX XXXXXX\AppData\Local\Temp\avgnt.exe
C:\Users\XXXXXX XXXXXX\AppData\Local\Temp\nsa1473.exe
C:\Users\XXXXXX XXXXXX\AppData\Local\Temp\nsfBBB.exe
C:\Users\XXXXXX XXXXXX\AppData\Local\Temp\nsfD04E.exe
C:\Users\XXXXXX XXXXXX\AppData\Local\Temp\nsvCB2F.exe
C:\Users\XXXXXX XXXXXX\AppData\Local\Temp\nsvDA5B.exe
C:\Users\XXXXXX XXXXXX\AppData\Local\Temp\nsxE449.tmp.exe
C:\Users\XXXXXX XXXXXX\AppData\Local\Temp\sfamcc00001.dll
C:\Users\XXXXXX XXXXXX\AppData\Local\Temp\sfareca00001.dll
C:\Users\XXXXXX XXXXXX\AppData\Local\Temp\sfextra.dll
C:\Users\XXXXXX\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-28 20:56

==================== End Of Log ============================
         
--- --- ---



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 02
Ran by XXXXX XXXXX at 2014-08-01 23:28:23
Running from C:\Users\XXXXX XXXXX\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.7112 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.0.7112 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.29 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.124.1120 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.124.1120 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3004 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.2009.1217 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3000 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.103 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.103 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}) (Version: 1.4.17.35005 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.4.17.35005 - Alcor Micro Corp.) Hidden
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
Alle meine Passworte 4.13 (HKLM\...\AllemeinePassworte) (Version:  - Mirko Böer)
Allway Sync version 12.16.9 (HKLM-x32\...\Allway Sync_is1) (Version:  - Botkind Inc)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1105 - Alps Electric)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{11F38253-8940-FFDA-D131-B14120C357E4}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avi2Dvd 0.6.4 (HKLM-x32\...\Avi2Dvd) (Version: 0.6.4 - TrustFm)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Backup Manager Basic (x32 Version: 2.0.0.29 - NewTech Infosystems) Hidden
BatteryCare 0.9.10.0 (HKLM-x32\...\{C6A6036D-FBD0-4324-BEAA-C0845257160C}_is1) (Version: 0.9.10.0 - Filipe Lourenço)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.31638 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}) (Version: 12.33.03 - Broadcom Corporation)
Canon MP160 Benutzerregistrierung (HKLM-x32\...\Canon MP160 Benutzerregistrierung) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.1209.2335.42329 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.1209.2335.42329 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.1209.2335.42329 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.1209.2335.42329 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.1209.2335.42329 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.1209.2335.42329 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.1209.2335.42329 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help English (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help French (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help German (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
ccc-core-static (x32 Version: 2009.1209.2335.42329 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2009.1209.2335.42329 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP)
Chandler 1.0.3 (HKLM-x32\...\Chandler) (Version: 1.0.3 - Open Source Applications Foundation)
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)
CoreAAC Audio Decoder (remove only) (HKLM-x32\...\CoreAAC Audio Decoder) (Version:  - )
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D1C35197-B856-45E2-BA67-5ABB6B0CA9C2}) (Version:  - Microsoft)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
EinsteinBrainTrainer (remove only) (HKLM-x32\...\EinsteinBrainTrainer) (Version:  - )
Ekahau HeatMapper (HKLM\...\Heatmapper-1.1.4.39795) (Version: 1.1.4.39795 - Ekahau Inc.)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
ffdshow [rev 3299] [2010-03-03] (HKLM-x32\...\ffdshow_is1) (Version: 1.0.0.3299 - )
Fiat eco:Drive (HKLM-x32\...\com.fiat.convergence.385E4263E7379A5D22A7076E99B02868EFF10711.1) (Version: 2.0.2 - Fiat Group Automobiles)
Fiat eco:Drive (x32 Version: 2.0.2 - Fiat Group Automobiles) Hidden
First Class Flurry (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}) (Version:  - Oberon Media)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.105.325 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.3.321 - Foxit Corporation)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free DVD Video Burner version 3.0.4.426 (HKLM-x32\...\Free DVD Video Burner_is1) (Version:  - DVDVideoSoft Limited.)
Free System Utilities (HKLM-x32\...\{ad2818b3-1616-4ec8-855d-be6936103e5a}) (Version: 1.1.0.70 - Covus Freemium GmbH)
Free SystemUtilities (x32 Version: 1.1.0.70 - Covus Freemium GmbH) Hidden
Free YouTube Download version 3.1.37.918 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.37.918 - DVDVideoSoft Ltd.)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0_RC_10 - )
FRITZ!Box-Fernzugang einrichten (HKLM-x32\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
FrostWire 5.3.5 (HKLM-x32\...\FrostWire 5) (Version: 5.3.5.0 - FrostWire Team)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät (HKLM\...\{48DF59F8-2ACD-4F1F-87F3-D820FE7A6178}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3070 B611 series Hilfe (HKLM-x32\...\{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.007 - HTC Corporation)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.00.132 - Oracle, Inc.) Hidden
Java SE Development Kit 8 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180000}) (Version: 8.0.0 - Oracle Corporation)
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
Join Air (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - ZTE Corporation)
K-Lite Codec Pack 9.2.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.2.0 - )
KMSpico 8.7 (HKLM\...\KMSpico v8.7_is1) (Version: 8.7 - )
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.05 - Acer Inc.)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
MediaHuman YouTube to MP3 Converter Version 3.3 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.3 - )
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft DCF MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office O MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office SharePoint Designer MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MPC-HC 1.7.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.0.1 - Vitalwerks Internet Solutions LLC)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6623 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6623 - NewTech Infosystems) Hidden
O&O Defrag Free Edition (HKLM\...\{C10CAF82-9D36-4D9A-9DC0-C4549F06B519}) (Version: 14.1.431 - O&O Software GmbH)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
pomodairo (HKLM-x32\...\{EEBEA077-AB92-5083-ECB1-C15BD842D00B}) (Version: 1.9 - UNKNOWN)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Random Dresser (HKLM-x32\...\RandomDresser) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
RescueTime 2.2.1 (HKLM-x32\...\{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1) (Version:  - RescueTime.com)
Restorer2000 3.3 (HKLM-x32\...\Restorer2000_is1) (Version: 3.3 - Bitmart Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shutdown Manager (HKLM-x32\...\{C457BA5F-35F9-480C-90F8-5C91DB443A15}_is1) (Version: 2.0.7 - Daniel Höllig)
SimpleScreenshot 1.40 (HKLM-x32\...\SimpleScreenshot) (Version:  - )
SiSoftware Sandra Lite 2014.SP2a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 20.35.2014.6 - SiSoftware)
SIW version 2011.10.29 (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.10.29 - Topala Software Solutions)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Steganos Safe 14 (HKLM-x32\...\{13B7FBFB-622E-4002-8570-594798E6167D}) (Version: 14.2.2 - Steganos Software GmbH)
Steuer-Spar-Erklärung 2008 (HKLM-x32\...\{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}) (Version: 13.02.0000 - Akademische Arbeitsgemeinschaft)
Steuer-Spar-Erklärung 2009 (HKLM-x32\...\{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}) (Version: 14.01.0000 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2010 (HKLM-x32\...\{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}) (Version: 15.15 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2011 (HKLM-x32\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.18 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.14 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.11.90 - Akademische Arbeitsgemeinschaft)
Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten (HKLM\...\{93B49FE1-0C81-479B-986A-D50DDA80E2C6}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
Time Stamp (HKLM-x32\...\Time Stamp_is1) (Version:  - 3.23.2010-0313)
TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.0.0 - TP-LINK)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
Tunatic (HKLM-x32\...\Tunatic) (Version:  - )
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{58D92858-3C94-4C2F-A8E4-AEFF9304C3CF}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition (HKLM\...\{90150000-0018-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{58D92858-3C94-4C2F-A8E4-AEFF9304C3CF}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition (HKLM\...\{90150000-001B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{58D92858-3C94-4C2F-A8E4-AEFF9304C3CF}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{58D92858-3C94-4C2F-A8E4-AEFF9304C3CF}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{58D92858-3C94-4C2F-A8E4-AEFF9304C3CF}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2850074) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{CE9A9D7C-B6FB-4F6C-8BDE-9A1ADBBAC1EE}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{C4AEA56A-0759-4D08-9FAB-31A92137D0B8}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D692E9FF-84BF-4F44-A0EA-D58ECE0D538E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880457) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{EC2AF602-2730-4B05-9438-06CDE43153F2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880464) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{88B29AA5-71EE-4692-91E2-E89407F0B783}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{6F540E80-4BB2-413F-9648-52031AA237B7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{6F540E80-4BB2-413F-9648-52031AA237B7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{6F540E80-4BB2-413F-9648-52031AA237B7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0090-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881074) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{9A479F9C-C1EC-4833-A115-A8B7A60480BD}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 64-Bit Edition (HKLM\...\{90150000-001F-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{00BBBFFE-8889-4953-956A-77DDE975A947}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{3A12DFA2-3FF5-450E-BDB1-A742551A5D1A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUSR_{EA8072E8-E3CF-46DF-A5DE-9F5975344327}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 64-Bit Edition (HKLM\...\{90150000-001F-0410-1000-0000000FF1CE}_Office15.PROPLUSR_{BF0D921F-E77E-4E03-BE71-46D9D2C7A36A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881086) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{ED3A8E98-FDD4-493F-A0EC-141821573EC2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881086) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{ED3A8E98-FDD4-493F-A0EC-141821573EC2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 64-Bit Edition (HKLM\...\{90150000-00BA-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{3C6F4768-FB23-4ECF-8328-5C47E0664B65}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{3C6F4768-FB23-4ECF-8328-5C47E0664B65}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 64-Bit Edition (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{3C6F4768-FB23-4ECF-8328-5C47E0664B65}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{3C6F4768-FB23-4ECF-8328-5C47E0664B65}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00A1-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-001A-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881075) 64-Bit Edition (HKLM\...\{90150000-0018-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{C8955821-EDAC-4E65-BEF3-C9C0A049517A}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881075) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{C8955821-EDAC-4E65-BEF3-C9C0A049517A}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0019-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version:  - Microsoft)
Update for Microsoft Visio 2013 (KB2837632) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{97183E08-6B06-40F1-80A9-585C4AEF98F1}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{BC51FE30-3A56-4802-8D9E-E9BC05B56B49}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 64-Bit Edition (HKLM\...\{90150000-001A-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{F96FE9BB-CD90-472B-852E-156342618C54}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 64-Bit Edition (HKLM\...\{90150000-001B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{F96FE9BB-CD90-472B-852E-156342618C54}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{F96FE9BB-CD90-472B-852E-156342618C54}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{F96FE9BB-CD90-472B-852E-156342618C54}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 31.0.2014.0 - BillP Studios)
WinRAR 5.10 Beta 4 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Zuzahlungsrechner (HKLM-x32\...\{B2C69E77-F209-4B63-8676-4F32B27E162B}) (Version: 3.6.0 - sfr-software-fuers-heim)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

18-07-2014 14:32:37 Windows Update
22-07-2014 14:00:44 Windows Update
24-07-2014 11:01:50 Windows Update
29-07-2014 14:18:43 Windows Update
01-08-2014 08:19:00 AkkuLine Batterie-Tool wird entfernt
01-08-2014 08:24:17 Entfernt Bildschirmschoner
01-08-2014 20:37:32 Free Driver Scout
01-08-2014 20:46:13 DriverUtilities
01-08-2014 20:49:13 Free Driver Scout

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-06-22 13:16 - 00449904 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B1337E7-FD4D-4E97-B323-C196EC76BB3E} - System32\Tasks\At1 => C:\Windows\system32\msddt.exe
Task: {0CAEEB6B-A216-4E04-9EA6-AC310639FD8D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {18A112C8-CBC3-40B3-A892-6CDC13C2762B} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-09-07] ()
Task: {23CEA58C-8E99-49B6-96E0-E0033F148659} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-14] (Google Inc.)
Task: {328BB5C8-5E96-4D38-B540-0478E729B49A} - System32\Tasks\{8AC09C7C-E103-4E38-A460-4F6A6BC3C208} => C:\Users\XXXXX XXXXX\Downloads\Microsoft.Office.Professional.Plus.2010.Deutsch.German.English.x64.+x86\32 Bit\crack\mini-KMS_Activator_v1.2_Office2010_VL_ENG_FIXED.exe
Task: {38C51694-B081-4739-8E17-069D4A49D4D4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {46589170-D2BD-4E90-A68B-EB53448C9ADC} - \Freemium1ClickMaint No Task File <==== ATTENTION
Task: {4CB16212-5451-480A-A531-815D14E8A397} - System32\Tasks\FreeDriverScout => C:\Program Files\Covus Freemium\Free Driver Scout\1Click.exe
Task: {4F70BAFB-3F9C-4504-B9C9-818B895B25A7} - System32\Tasks\{93314EA6-E64D-4617-934D-F85ECAF9B82E} => C:\Users\XXXXX XXXXX\Downloads\Microsoft.Office.Professional.Plus.2010.Deutsch.German.English.x64.+x86\32 Bit\crack\mini-KMS_Activator_v1.2_Office2010_VL_ENG_FIXED.exe
Task: {56A5104C-F855-4C70-A3CC-C25C4FC7DAD9} - System32\Tasks\Software Updater => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2014-02-12] ()
Task: {5A42985A-DC32-4FE1-8210-CA09F67316FC} - System32\Tasks\HPCustPartic.exe_{96420065-3C4E-4B3E-96DB-DB0760F51DDD} => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2011-06-08] (Hewlett-Packard Co.)
Task: {5BEBF03D-46F3-4323-9F13-07CBA091837D} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {6CD89185-CD28-476C-8761-8B7DECCD7EDA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {79FCB93E-414A-4C12-A94D-37E4558FAF44} - System32\Tasks\{D00EDC5C-F9CA-49D6-8171-48047E4F592C} => C:\Users\XXXXX XXXXX\Downloads\Microsoft.Office.Professional.Plus.2010.Deutsch.German.English.x64.+x86\32 Bit\crack\mini-KMS_Activator_v1.2_Office2010_VL_ENG_FIXED.exe
Task: {7B158A6A-42B2-4CCD-92C6-82A29FC974C5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {7EED0456-B087-4708-8496-6474B917CECB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {9C395D30-C0E5-4B3A-A232-E38DA71A3827} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A1D835EF-9220-45A2-811E-2CA5B38166BF} - System32\Tasks\hpUrlLauncher.exe_{4AF7A75F-FDE8-41B8-80D9-5C3EBC32D019} => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\utils\hpUrlLauncher.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {AF34E9C7-A25A-4DBC-9020-F503E362A6B3} - System32\Tasks\Driver Booster SkipUAC (XXXXX XXXXX) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {BBBF9E37-C1CD-4CF0-A783-CE021D6D2928} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {BF4A1AB7-0180-47BC-B4CD-E6792CC423D3} - System32\Tasks\HPCustParticipation HP Deskjet 3070 B611 series => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2011-06-08] (Hewlett-Packard Co.)
Task: {C5986952-C9F2-465D-905C-F0679F19619F} - \Software Updater Ui No Task File <==== ATTENTION
Task: {CE5325CF-BB63-4751-AB56-BD427BEAA0D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {E36CA599-B047-467B-99AF-5E380AFECE05} - System32\Tasks\{AC797CD7-B058-4AC8-84B2-B2307D6AFF9B} => C:\Program Files (x86)\Chandler1.0.3\chandler.exe
Task: {E85DBE85-E344-4E48-A05A-ACF97445121F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-14] (Google Inc.)
Task: {F30712C0-5F79-4616-BFEE-8D27E1822469} - System32\Tasks\{581487AC-8AAF-40E1-A997-6B8519F0C5EC} => C:\Program Files (x86)\Chandler1.0.3\chandler.exe
Task: {F5F2E42F-66A1-4A27-AF82-45A9767CF81D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2007-10-04 15:32 - 2007-10-04 15:32 - 00122880 _____ () C:\Program Files (x86)\Common Files\AAV\aavus.exe
2013-11-25 17:24 - 2013-10-10 12:23 - 00182784 _____ () C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe
2013-01-24 20:12 - 2013-01-24 20:12 - 00011264 _____ () C:\Program Files (x86)\No-IP\ducservice.exe
2011-03-31 17:08 - 2011-03-31 17:08 - 00080896 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2013-07-17 13:54 - 2013-07-17 13:54 - 00220672 _____ () C:\Program Files (x86)\Steganos Safe 14\ShellExtension.dll
2011-11-13 23:52 - 2011-11-13 23:51 - 00200704 _____ () C:\Windows\PLFSetI.exe
2009-07-29 14:10 - 2009-07-29 14:10 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-11-13 22:44 - 2011-11-13 22:44 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-24 08:34 - 2013-01-24 08:34 - 00067584 _____ () C:\Program Files (x86)\No-IP\ducapi.dll
2009-02-03 03:33 - 2009-02-03 03:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2008-09-29 03:55 - 2008-09-29 03:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2014-06-10 12:58 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-06-10 12:58 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-06-10 12:58 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-06-10 12:58 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-06-10 12:58 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-08-01 10:40 - 2014-08-01 10:40 - 00158720 _____ () C:\Users\XXXXX XXXXX\AppData\Local\Temp\sfareca00001.dll
2014-06-15 14:36 - 2014-08-01 10:40 - 00192512 _____ () C:\Users\XXXXX XXXXX\AppData\Local\Temp\sfamcc00001.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\ProgramData\Temp:93DE1838
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
MSCONFIG\startupreg: OODefragTray => C:\Program Files\OO Software\Defrag\oodtray.exe

==================== Faulty Device Manager Devices =============

Name: Deskjet 3070 B611 series
Description: Deskjet 3070 B611 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/01/2014 11:20:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0xdcc
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (08/01/2014 10:49:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service Search Protect Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (08/01/2014 10:36:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x1a88
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (08/01/2014 09:00:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7114

Error: (08/01/2014 09:00:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7114

Error: (08/01/2014 09:00:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/01/2014 09:00:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6116

Error: (08/01/2014 09:00:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6116

Error: (08/01/2014 09:00:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/01/2014 09:00:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5024


System errors:
=============
Error: (08/01/2014 11:22:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Advanced SystemCare Service 7" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/01/2014 11:10:57 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "Advanced SystemCare Service 7" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (08/01/2014 10:52:09 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (08/01/2014 10:48:05 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "GlobalUpdater" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (08/01/2014 10:48:01 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "SProtection" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (08/01/2014 07:59:27 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: 
%%126

Error: (08/01/2014 07:57:27 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (07/31/2014 09:16:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/31/2014 09:14:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/31/2014 09:14:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Player-Netzwerkfreigabedienst erreicht.


Microsoft Office Sessions:
=========================
Error: (08/01/2014 11:20:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141bdcc01cfadcccaf8c780C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll98d82898-19c1-11e4-b382-00262d8cabd9

Error: (08/01/2014 10:49:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service Search Protect Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (08/01/2014 10:36:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b1a8801cfadc58ca23f4eC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll8ce02b1e-19bb-11e4-b382-00262d8cabd9

Error: (08/01/2014 09:00:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7114

Error: (08/01/2014 09:00:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7114

Error: (08/01/2014 09:00:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/01/2014 09:00:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6116

Error: (08/01/2014 09:00:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6116

Error: (08/01/2014 09:00:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/01/2014 09:00:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5024


CodeIntegrity Errors:
===================================
  Date: 2014-06-28 08:07:01.069
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\DANIEL~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:00.711
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\DANIEL~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:00.330
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:00.010
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-01 15:18:48.633
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-01 15:18:48.446
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-01 15:18:48.243
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-01 15:18:48.040
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-18 23:11:40.677
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-18 23:11:40.521
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 42%
Total physical RAM: 3956.5 MB
Available physical RAM: 2288.76 MB
Total Pagefile: 7911.18 MB
Available Pagefile: 5441.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:290.05 GB) (Free:123.34 GB) NTFS
Drive d: (DATA) (Fixed) (Total:290.4 GB) (Free:284.87 GB) NTFS
Drive f: () (Removable) (Total:1.92 GB) (Free:1.82 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 6D48B855)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=290 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=290 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 0101704C)
Partition 1: (Active) - (Size=2 GB) - (Type=0C)

==================== End Of Log ============================
         

Einige Einträge lassen mich echt verzweifeln. Denn diese Einträge behaupten, ich hätte in diesem Dateipfad diese Dateien. Das ist aber so nicht.


Alt 01.08.2014, 22:59   #6
Bootsektor
/// TB-Ausbilder
 
Free Driver Scout - Zusatzprogramme - Standard

Free Driver Scout - Zusatzprogramme



Hallo,

was meinst du damit.
Zitat:
Einige Einträge lassen mich echt verzweifeln. Denn diese Einträge behaupten, ich hätte in diesem Dateipfad diese Dateien. Das ist aber so nicht
KMSpico 8.7
Das muss vorher auf jeden Fall runter.
Die von mir gelisteten Einträge deuten stark darauf hin, dass auf diesem Rechner Software benutzt wird, die nicht legal erworben wurde.

Supportunterbrechung
Lesestoff:

Die Logfiles deuten stark darauf hin, dass du nicht legal erworbene Software einsetzt. Zudem sind Cracks und Patches aus dubioser Quelle sehr oft mit Schädlingen versehen, womit man sich also fast vorsätzlich infiziert.

Wir haben uns hier auf dem Board darauf geeinigt, dass wir an dieser Stelle solange nicht weiter bereinigen, bis die Software entfernt wurde. Hinzu kommt, dass wir dich in unserer Anleitung und auch in diesem Wichtig-Thema unmissverständlich darauf hingewiesen haben, wie wir damit umgehen werden. Saubere, gute Software hat seinen Preis und die Softwarefirmen leben von diesen Einnahmen.

Bitte entscheide Dich also, wie Du weiter vorgehen möchtest und teile mir dieses hier in Deinem Thread mit.
Unsere Hilfe beschränkt sich, wenn Du diese Software nicht entfernst, nur auf das Neuaufsetzen und Absichern deines Systems.
Fragen dazu beantworten wir dir aber weiterhin gerne und zwar in unserem Forum.
__________________
--> Free Driver Scout - Zusatzprogramme

Alt 01.08.2014, 23:20   #7
magigstar
 
Free Driver Scout - Zusatzprogramme - Standard

Free Driver Scout - Zusatzprogramme



Ok, KMSpico ist hoffentlich jetzt weg.



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 02
Ran by XXXXX XXXXX (administrator) on ARBEITSCOMPUTER on 02-08-2014 00:15:44
Running from C:\Users\XXXXX XXXXX\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Common Files\AAV\aavus.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\No-IP\ducservice.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\PLFSetI.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe
(RescueTime, Inc.) C:\Program Files (x86)\RescueTime\RescueTime.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Mirko Böer) C:\Program Files (x86)\SSS\SimpleScreenshot.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\SteganosHotKeyService.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\fredirstarter.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicator.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mirko Böer) C:\Program Files\AmP\AmP.exe
(Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-07-23] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-11] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-29] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2011-11-13] ()
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [3942216 2011-01-25] (O&O Software GmbH)
HKLM\...\Run: [PLFSetL] => C:\Windows\PLFSetL.exe [99712 2011-01-13] (Sonix Technology Co., Ltd.)
HKLM\...\Run: [SNUVCDSM] => C:\Windows\snuvcdsm.exe [30080 2011-01-13] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-02] (Dritek System Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [SimpleScreenshot] => C:\Program Files (x86)\SSS\SIMPLESCREENSHOT.EXE [2255360 2008-02-09] (Mirko Böer)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Steganos HotKeys] => C:\Program Files (x86)\Steganos Safe 14\SteganosHotKeyService.exe [100864 2014-02-25] (Steganos Software GmbH)
HKLM-x32\...\Run: [SAFE14 File Redirection Starter] => C:\Program Files (x86)\Steganos Safe 14\fredirstarter.exe [17408 2014-02-25] (Steganos Software GmbH)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [HP Deskjet 3070 B611 series (NET)] => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [1128000 2014-06-03] (BillP Studios)
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [ALBATTTOOL] => C:\Program Files (x86)\AkkuLine.de\AkkuLine Batterie-Tool\AL-Batterie-Tool.exe
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [SAFE14 Browser Monitor] => C:\Program Files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe [70144 2014-02-25] (Steganos Software GmbH)
HKU\S-1-5-21-1242904208-471078349-2963378918-1003\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-1242904208-471078349-2963378918-1003\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
Startup: C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk
ShortcutTarget: RescueTime.lnk -> C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3320326&octid=EB_ORIGINAL_CTID&ISID=MD4C1BF03-46E7-4AE1-9ECF-D95BDF14B1E3&SearchSource=58&CUI=&UM=6&UP=SPC7363D78-F165-417D-9298-7B6C89FADDA5&q={searchTerms}&SSPV=
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} ->  No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\7ypdkl8a.default
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: hxxp://www.trojaner-board.de/157146-free-driver-scout-zusatzprogramme.html#post1338719|hxxp://arbeits-abc.de/forum/|hxxp://empire.goodgamestudios.com/?country=DE
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\7ypdkl8a.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\7ypdkl8a.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\7ypdkl8a.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-06-08]
FF Extension: ProxTube - C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\7ypdkl8a.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2014-07-28]
FF Extension: NoScript - C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\7ypdkl8a.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-06-08]
FF Extension: LeechBlock - C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\7ypdkl8a.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387x}.xpi [2014-03-09]
FF Extension: LeechBlock - C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\7ypdkl8a.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2014-07-12]
FF Extension: Adblock Plus - C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\7ypdkl8a.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-14]

Chrome: 
=======
CHR HomePage: 

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Common Files\AAV\aavus.exe [122880 2007-10-04] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 BotkindSyncService; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [182784 2013-10-10] () [File not signed]
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241704 2014-03-25] (Foxit Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-11] (Egis Technology Inc.)
R2 NoIPDUCService4; C:\Program Files (x86)\No-IP\ducservice.exe [11264 2013-01-24] () [File not signed]
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3051848 2011-01-25] (O&O Software GmbH)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] () [File not signed]
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) [File not signed]
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe [72344 2008-05-19] (SiSoftware) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [247152 2010-04-27] ()
S2 HPSLPSVC; C:\Users\DANIEL~1\AppData\Local\Temp\7zS0A83\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 EkaProt6; C:\Windows\System32\DRIVERS\ekaprot6.sys [27288 2012-03-23] (Ekahau Inc.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [109144 2014-01-30] (Softwareentwicklung Remus - ArchiCrypt - )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806592 2011-01-13] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
R4 iscreenyfilter; iscreenyfilter.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-01 23:26 - 2014-08-01 23:37 - 00064085 _____ () C:\Users\XXXXX XXXXX\Desktop\Addition.txt
2014-08-01 23:25 - 2014-08-02 00:15 - 00024691 _____ () C:\Users\XXXXX XXXXX\Desktop\FRST.txt
2014-08-01 23:25 - 2014-08-02 00:15 - 00000000 ____D () C:\FRST
2014-08-01 23:24 - 2014-08-01 23:25 - 02094080 _____ (Farbar) C:\Users\XXXXX XXXXX\Desktop\FRST64.exe
2014-08-01 23:21 - 2014-08-01 23:21 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-08-01 23:11 - 2014-08-01 23:11 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\ProductData
2014-08-01 23:10 - 2014-08-01 23:10 - 00000000 ____D () C:\ProgramData\ProductData
2014-08-01 23:10 - 2014-08-01 23:10 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-08-01 23:09 - 2014-08-01 23:21 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-08-01 23:09 - 2014-08-01 23:10 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\IObit
2014-08-01 23:09 - 2014-08-01 23:10 - 00000000 ____D () C:\ProgramData\IObit
2014-08-01 23:09 - 2014-08-01 23:09 - 00002876 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (XXXXX XXXXX)
2014-08-01 22:47 - 2014-08-01 22:47 - 00000000 ____D () C:\Program Files\005
2014-08-01 22:46 - 2014-08-01 22:47 - 00000000 ____D () C:\temp
2014-08-01 22:46 - 2014-08-01 22:46 - 00000000 ____D () C:\Windows\LastGood
2014-08-01 22:40 - 2014-08-01 22:44 - 00000000 ____D () C:\ProgramData\FreeDriverScout
2014-08-01 22:40 - 2014-08-01 22:40 - 00004150 _____ () C:\Windows\System32\Tasks\FreeDriverScout
2014-08-01 22:40 - 2014-08-01 22:40 - 00000000 ____D () C:\Users\XXXXX XXXXX\Documents\Freemium Driver Utilities
2014-08-01 22:39 - 2014-08-01 22:39 - 00004196 _____ () C:\Windows\System32\Tasks\Software Updater
2014-08-01 22:38 - 2014-08-01 22:39 - 00000000 ____D () C:\Program Files\SoftwareUpdater
2014-08-01 22:38 - 2014-08-01 22:38 - 00000000 ____D () C:\Program Files\Covus Freemium
2014-08-01 22:37 - 2014-08-01 22:47 - 00000000 ____D () C:\Program Files (x86)\PC Speed Up
2014-08-01 22:36 - 2014-08-01 22:53 - 00000000 ____D () C:\Program Files (x86)\Security Guard
2014-08-01 22:36 - 2014-08-01 22:36 - 16527392 _____ (IObit ) C:\Users\XXXXX XXXXX\Downloads\driver_booster_setup_1.4.0.exe
2014-08-01 17:08 - 2014-08-01 17:08 - 00000287 _____ () C:\Users\XXXXX XXXXX\Desktop\Vorsicht bei diesen 10 Interessenten-Typen - unternehmenskick.de.URL
2014-08-01 17:01 - 2014-08-01 17:01 - 00000245 _____ () C:\Users\XXXXX XXXXX\Desktop\Amazon.de Gitte Härter Bücher, Hörbücher, Bibliografie, Diskussionen.URL
2014-08-01 16:56 - 2014-08-01 16:56 - 00000254 _____ () C:\Users\XXXXX XXXXX\Desktop\Video Selbstsabotage erkennen - unternehmenskick.de.URL
2014-08-01 16:51 - 2014-08-01 16:51 - 00000244 _____ () C:\Users\XXXXX XXXXX\Desktop\ARERO - DER WELTFONDS Fonds Kurs DWS0R4 LU0360863863.URL
2014-08-01 16:11 - 2014-08-01 16:11 - 00000343 _____ () C:\Users\XXXXX XXXXX\Desktop\Sell in May and go away Was die Börsenweisheiten von Kostolany, Buffett und Co. heute noch taugen eBook Jessica Schwarzer Am.URL
2014-08-01 15:18 - 2014-08-01 15:18 - 00001271 _____ () C:\Users\XXXXX XXXXX\Desktop\CoreTemp.ini
2014-08-01 14:01 - 2014-08-01 14:01 - 00000224 _____ () C:\Users\XXXXX XXXXX\Desktop\genublog*Blog.URL
2014-08-01 12:02 - 2014-08-01 12:02 - 02426824 _____ () C:\Users\XXXXX XXXXX\Downloads\Art.-Nr.10381
2014-08-01 12:01 - 2014-08-01 12:01 - 02631097 _____ () C:\Users\XXXXX XXXXX\Downloads\Art.-Nr(1).10102
2014-08-01 12:00 - 2014-08-01 12:00 - 02631097 _____ () C:\Users\XXXXX XXXXX\Downloads\Art.-Nr.10102
2014-08-01 10:31 - 2014-08-01 10:31 - 00000971 _____ () C:\Users\XXXXX\Desktop\SpeedFan.lnk
2014-08-01 10:31 - 2014-08-01 10:31 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-08-01 10:26 - 2014-08-01 10:26 - 00000000 ____D () C:\Users\XXXXX XXXXX\Documents\Steganos Safe
2014-08-01 10:16 - 2014-08-01 10:16 - 00000000 ____D () C:\Users\XXXXX XXXXX\Desktop\SMJG
2014-08-01 10:10 - 2014-08-01 10:11 - 00000000 ____D () C:\Users\XXXXX XXXXX\Desktop\Sozphobie.de
2014-08-01 10:07 - 2014-08-01 10:09 - 00000000 ____D () C:\Users\XXXXX XXXXX\Desktop\Word-Mails
2014-08-01 08:13 - 2014-06-22 13:16 - 00449904 _____ () C:\Windows\system32\Drivers\etc\hosts.20140801-081329.backup
2014-07-30 12:19 - 2014-07-30 12:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-27 14:09 - 2014-07-27 14:10 - 00020617 _____ () C:\Users\XXXXX XXXXX\Downloads\Protokoll Sitzung am 15.7.14.odt
2014-07-18 20:15 - 2014-07-18 20:15 - 00050803 _____ () C:\Users\XXXXX XXXXX\AppData\Local\recently-used.xbel
2014-07-18 14:58 - 2014-07-18 14:58 - 00000934 _____ () C:\Users\Public\Desktop\EinsteinBrainTrainer.lnk
2014-07-18 14:58 - 2014-07-18 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BBG Entertainment GmbH
2014-07-18 14:57 - 2014-07-18 14:58 - 00000000 ____D () C:\Program Files (x86)\EinsteinBrainTrainer
2014-07-16 13:45 - 2014-07-16 13:45 - 00001747 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-16 13:45 - 2014-07-16 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-16 13:44 - 2014-07-16 13:44 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-16 13:44 - 2014-07-16 13:44 - 00000000 ____D () C:\Program Files\iTunes
2014-07-16 13:44 - 2014-07-16 13:44 - 00000000 ____D () C:\Program Files\iPod
2014-07-16 13:44 - 2014-07-16 13:44 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-16 07:51 - 2014-07-25 22:35 - 00000000 ____D () C:\Users\XXXXX XXXXX\Desktop\Autos
2014-07-13 08:35 - 2014-07-13 08:36 - 00000000 ____D () C:\Users\XXXXX XXXXX\Desktop\Fotos Ordnung u. Essen
2014-07-11 00:29 - 2014-07-11 00:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steganos Safe 14
2014-07-11 00:29 - 2014-07-11 00:29 - 00000000 ____D () C:\Program Files (x86)\Steganos Safe 14
2014-07-10 17:50 - 2014-08-01 10:11 - 00000000 ____D () C:\Users\XXXXX XXXXX\Desktop\Gimp
2014-07-10 17:50 - 2014-07-10 17:50 - 00180570 _____ () C:\Users\XXXXX XXXXX\Downloads\dbp-1.1.8.zip
2014-07-09 19:29 - 2014-08-01 10:26 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\Steganos
2014-07-09 13:07 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 13:07 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 13:07 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 13:07 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 13:07 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 13:07 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 13:07 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 13:07 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 13:06 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 13:06 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 13:06 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 13:06 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 13:06 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 13:06 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 13:06 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 13:06 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 13:06 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 13:06 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 13:06 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 13:06 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 13:06 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 13:06 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 13:06 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 13:06 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 13:06 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 13:06 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 13:06 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 13:06 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 13:06 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 13:06 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 13:06 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 13:06 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 13:06 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 13:06 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 13:06 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 13:06 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 13:06 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 13:06 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 13:06 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 13:06 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 13:06 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 13:06 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 13:06 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 13:06 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 13:06 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 13:06 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 13:06 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 13:06 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 13:06 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 13:06 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 13:06 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 13:06 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 13:06 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 13:06 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 13:06 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 13:06 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 13:06 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 13:06 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 13:05 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 13:05 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 13:05 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 13:05 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 13:05 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 13:05 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 13:05 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 13:05 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 13:05 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 13:05 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 13:05 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 13:05 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 13:05 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 13:05 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 13:05 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 13:05 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 13:05 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 13:05 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 13:05 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 13:05 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 13:05 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 13:05 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 13:05 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-08 19:31 - 2014-07-08 19:31 - 00001138 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-08 19:31 - 2014-07-08 19:31 - 00001126 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-07-08 19:31 - 2014-07-08 19:31 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-07-08 18:12 - 2014-07-08 18:13 - 00000000 ____D () C:\Users\XXXXX XXXXX\Desktop\Joyce
2014-07-07 16:28 - 2014-07-07 16:28 - 00040044 _____ () C:\Users\XXXXX XXXXX\Downloads\tam608.wav
2014-07-07 13:14 - 2014-07-07 13:15 - 26773640 _____ (Steganos Software GmbH) C:\Users\XXXXX XXXXX\Downloads\safe14intwr.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-02 00:15 - 2014-08-01 23:25 - 00024691 _____ () C:\Users\XXXXX XXXXX\Desktop\FRST.txt
2014-08-02 00:15 - 2014-08-01 23:25 - 00000000 ____D () C:\FRST
2014-08-02 00:15 - 2014-03-30 15:42 - 00000000 ____D () C:\Program Files\KMSpico
2014-08-02 00:07 - 2012-09-20 05:21 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-02 00:07 - 2012-09-20 05:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-02 00:05 - 2012-08-14 19:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-01 23:47 - 2011-11-13 22:43 - 02010904 _____ () C:\Windows\WindowsUpdate.log
2014-08-01 23:37 - 2014-08-01 23:26 - 00064085 _____ () C:\Users\XXXXX XXXXX\Desktop\Addition.txt
2014-08-01 23:25 - 2014-08-01 23:24 - 02094080 _____ (Farbar) C:\Users\XXXXX XXXXX\Desktop\FRST64.exe
2014-08-01 23:21 - 2014-08-01 23:21 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-08-01 23:21 - 2014-08-01 23:09 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-08-01 23:11 - 2014-08-01 23:11 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\ProductData
2014-08-01 23:10 - 2014-08-01 23:10 - 00000000 ____D () C:\ProgramData\ProductData
2014-08-01 23:10 - 2014-08-01 23:10 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-08-01 23:10 - 2014-08-01 23:09 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\IObit
2014-08-01 23:10 - 2014-08-01 23:09 - 00000000 ____D () C:\ProgramData\IObit
2014-08-01 23:10 - 2011-11-21 18:05 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\Apple Computer
2014-08-01 23:10 - 2011-11-14 07:34 - 00702664 _____ () C:\Windows\system32\perfh007.dat
2014-08-01 23:10 - 2011-11-14 07:34 - 00151424 _____ () C:\Windows\system32\perfc007.dat
2014-08-01 23:10 - 2009-07-14 07:13 - 01629998 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-01 23:09 - 2014-08-01 23:09 - 00002876 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (XXXXX XXXXX)
2014-08-01 23:04 - 2009-07-14 06:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-01 23:04 - 2009-07-14 06:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-01 22:59 - 2014-03-30 17:29 - 00005303 _____ () C:\Windows\system32\AutoPico.log
2014-08-01 22:53 - 2014-08-01 22:36 - 00000000 ____D () C:\Program Files (x86)\Security Guard
2014-08-01 22:47 - 2014-08-01 22:47 - 00000000 ____D () C:\Program Files\005
2014-08-01 22:47 - 2014-08-01 22:46 - 00000000 ____D () C:\temp
2014-08-01 22:47 - 2014-08-01 22:37 - 00000000 ____D () C:\Program Files (x86)\PC Speed Up
2014-08-01 22:46 - 2014-08-01 22:46 - 00000000 ____D () C:\Windows\LastGood
2014-08-01 22:44 - 2014-08-01 22:40 - 00000000 ____D () C:\ProgramData\FreeDriverScout
2014-08-01 22:40 - 2014-08-01 22:40 - 00004150 _____ () C:\Windows\System32\Tasks\FreeDriverScout
2014-08-01 22:40 - 2014-08-01 22:40 - 00000000 ____D () C:\Users\XXXXX XXXXX\Documents\Freemium Driver Utilities
2014-08-01 22:39 - 2014-08-01 22:39 - 00004196 _____ () C:\Windows\System32\Tasks\Software Updater
2014-08-01 22:39 - 2014-08-01 22:38 - 00000000 ____D () C:\Program Files\SoftwareUpdater
2014-08-01 22:38 - 2014-08-01 22:38 - 00000000 ____D () C:\Program Files\Covus Freemium
2014-08-01 22:36 - 2014-08-01 22:36 - 16527392 _____ (IObit ) C:\Users\XXXXX XXXXX\Downloads\driver_booster_setup_1.4.0.exe
2014-08-01 22:14 - 2013-11-02 10:43 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\Skype
2014-08-01 17:08 - 2014-08-01 17:08 - 00000287 _____ () C:\Users\XXXXX XXXXX\Desktop\Vorsicht bei diesen 10 Interessenten-Typen - unternehmenskick.de.URL
2014-08-01 17:01 - 2014-08-01 17:01 - 00000245 _____ () C:\Users\XXXXX XXXXX\Desktop\Amazon.de Gitte Härter Bücher, Hörbücher, Bibliografie, Diskussionen.URL
2014-08-01 16:56 - 2014-08-01 16:56 - 00000254 _____ () C:\Users\XXXXX XXXXX\Desktop\Video Selbstsabotage erkennen - unternehmenskick.de.URL
2014-08-01 16:51 - 2014-08-01 16:51 - 00000244 _____ () C:\Users\XXXXX XXXXX\Desktop\ARERO - DER WELTFONDS Fonds Kurs DWS0R4 LU0360863863.URL
2014-08-01 16:11 - 2014-08-01 16:11 - 00000343 _____ () C:\Users\XXXXX XXXXX\Desktop\Sell in May and go away Was die Börsenweisheiten von Kostolany, Buffett und Co. heute noch taugen eBook Jessica Schwarzer Am.URL
2014-08-01 15:18 - 2014-08-01 15:18 - 00001271 _____ () C:\Users\XXXXX XXXXX\Desktop\CoreTemp.ini
2014-08-01 14:01 - 2014-08-01 14:01 - 00000224 _____ () C:\Users\XXXXX XXXXX\Desktop\genublog*Blog.URL
2014-08-01 12:02 - 2014-08-01 12:02 - 02426824 _____ () C:\Users\XXXXX XXXXX\Downloads\Art.-Nr.10381
2014-08-01 12:01 - 2014-08-01 12:01 - 02631097 _____ () C:\Users\XXXXX XXXXX\Downloads\Art.-Nr(1).10102
2014-08-01 12:00 - 2014-08-01 12:00 - 02631097 _____ () C:\Users\XXXXX XXXXX\Downloads\Art.-Nr.10102
2014-08-01 11:39 - 2013-11-02 10:43 - 00002103 _____ () C:\Users\XXXXX XXXXX\Desktop\Skype.lnk
2014-08-01 10:40 - 2014-06-15 14:35 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-08-01 10:31 - 2014-08-01 10:31 - 00000971 _____ () C:\Users\XXXXX\Desktop\SpeedFan.lnk
2014-08-01 10:31 - 2014-08-01 10:31 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-08-01 10:31 - 2014-06-15 14:35 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-08-01 10:26 - 2014-08-01 10:26 - 00000000 ____D () C:\Users\XXXXX XXXXX\Documents\Steganos Safe
2014-08-01 10:26 - 2014-07-09 19:29 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\Steganos
2014-08-01 10:24 - 2014-06-10 07:50 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2014-08-01 10:24 - 2009-11-05 02:36 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-01 10:23 - 2014-06-15 14:36 - 00000000 ____D () C:\ProgramData\WebTemp
2014-08-01 10:23 - 2014-06-15 14:29 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\JAM Software
2014-08-01 10:22 - 2011-11-13 23:53 - 00000000 ____D () C:\ProgramData\Temp
2014-08-01 10:20 - 2014-06-08 14:17 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-08-01 10:16 - 2014-08-01 10:16 - 00000000 ____D () C:\Users\XXXXX XXXXX\Desktop\Ornder
2014-08-01 10:11 - 2014-08-01 10:10 - 00000000 ____D () C:\Users\XXXXX XXXXX\Desktop\Ordner2
2014-08-01 10:11 - 2014-07-10 17:50 - 00000000 ____D () C:\Users\XXXXX XXXXX\Desktop\Gimp
2014-08-01 10:09 - 2014-08-01 10:07 - 00000000 ____D () C:\Users\XXXXX XXXXX\Desktop\Word-Mails
2014-08-01 10:09 - 2012-06-10 15:07 - 00000000 ____D () C:\Users\XXXXX XXXXX\Documents\Bewerbungen
2014-08-01 10:03 - 2014-06-15 22:36 - 00000000 ____D () C:\Users\XXXXX XXXXX\Desktop\Steuerfachthemen
2014-08-01 07:56 - 2014-06-18 09:20 - 00003696 _____ () C:\Windows\setupact.log
2014-08-01 07:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-31 11:09 - 2012-01-01 10:33 - 00000000 ____D () C:\Users\XXXXX XXXXX\Documents\SZ
2014-07-30 18:06 - 2013-12-14 13:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-30 12:19 - 2014-07-30 12:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-27 14:10 - 2014-07-27 14:09 - 00020617 _____ () C:\Users\XXXXX XXXXX\Downloads\Protokoll Sitzung am 15.7.14.odt
2014-07-26 16:58 - 2012-03-25 12:40 - 00000000 ____D () C:\Users\XXXXX XXXXX\Documents\Steuerfälle
2014-07-25 22:35 - 2014-07-16 07:51 - 00000000 ____D () C:\Users\XXXXX XXXXX\Desktop\Autos
2014-07-25 06:01 - 2014-05-31 12:35 - 00000000 ____D () C:\Users\XXXXX XXXXX\Desktop\aufräumen, was geht
2014-07-24 18:02 - 2012-01-28 15:52 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 18:02 - 2012-01-28 15:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 13:03 - 2012-01-28 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-23 22:30 - 2014-06-28 08:10 - 14159872 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\Sandra.mdb
2014-07-18 20:15 - 2014-07-18 20:15 - 00050803 _____ () C:\Users\XXXXX XXXXX\AppData\Local\recently-used.xbel
2014-07-18 20:15 - 2014-06-15 20:34 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\gtk-2.0
2014-07-18 20:15 - 2012-08-29 11:11 - 00000000 ____D () C:\Users\XXXXX XXXXX\.gimp-2.8
2014-07-18 14:58 - 2014-07-18 14:58 - 00000934 _____ () C:\Users\Public\Desktop\EinsteinBrainTrainer.lnk
2014-07-18 14:58 - 2014-07-18 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BBG Entertainment GmbH
2014-07-18 14:58 - 2014-07-18 14:57 - 00000000 ____D () C:\Program Files (x86)\EinsteinBrainTrainer
2014-07-16 13:45 - 2014-07-16 13:45 - 00001747 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-16 13:45 - 2014-07-16 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-16 13:44 - 2014-07-16 13:44 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-16 13:44 - 2014-07-16 13:44 - 00000000 ____D () C:\Program Files\iTunes
2014-07-16 13:44 - 2014-07-16 13:44 - 00000000 ____D () C:\Program Files\iPod
2014-07-16 13:44 - 2014-07-16 13:44 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-13 08:36 - 2014-07-13 08:35 - 00000000 ____D () C:\Users\XXXXX XXXXX\Desktop\Fotos Ordnung u. Essen
2014-07-11 00:29 - 2014-07-11 00:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steganos Safe 14
2014-07-11 00:29 - 2014-07-11 00:29 - 00000000 ____D () C:\Program Files (x86)\Steganos Safe 14
2014-07-10 18:14 - 2014-06-22 19:44 - 00000000 ____D () C:\Users\XXXXX XXXXX\Desktop\B
2014-07-10 17:57 - 2012-08-29 10:44 - 00000000 ____D () C:\Program Files\GIMP 2
2014-07-10 17:50 - 2014-07-10 17:50 - 00180570 _____ () C:\Users\XXXXX XXXXX\Downloads\dbp-1.1.8.zip
2014-07-10 13:02 - 2013-05-07 19:33 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-09 20:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-09 18:34 - 2009-07-14 06:45 - 00452872 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 18:32 - 2014-05-03 08:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 18:32 - 2009-11-05 02:26 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 18:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 18:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 17:51 - 2014-03-28 23:09 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-07-09 17:50 - 2009-11-05 05:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 17:47 - 2013-07-13 09:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 17:44 - 2011-11-18 20:58 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 12:05 - 2014-05-14 20:05 - 05659136 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-09 12:05 - 2012-04-02 20:28 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 12:05 - 2012-04-02 20:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 12:05 - 2011-11-15 22:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 00:36 - 2011-11-13 23:47 - 00113512 _____ () C:\Users\XXXXX XXXXX\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-08 19:31 - 2014-07-08 19:31 - 00001138 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-08 19:31 - 2014-07-08 19:31 - 00001126 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-07-08 19:31 - 2014-07-08 19:31 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-07-08 18:18 - 2012-08-29 10:44 - 00000898 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-07-08 18:13 - 2014-07-08 18:12 - 00000000 ____D () C:\Users\XXXXX XXXXX\Desktop\Joyce
2014-07-07 16:28 - 2014-07-07 16:28 - 00040044 _____ () C:\Users\XXXXX XXXXX\Downloads\tam608.wav
2014-07-07 13:15 - 2014-07-07 13:14 - 26773640 _____ (Steganos Software GmbH) C:\Users\XXXXX XXXXX\Downloads\safe14intwr.exe
2014-07-07 02:20 - 2012-04-20 19:28 - 00006656 _____ () C:\Users\XXXXX XXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-04 15:58 - 2014-06-29 08:18 - 00000000 ____D () C:\Users\XXXXX XXXXX\Desktop\SZ-Profile
2014-07-04 09:18 - 2012-09-22 18:09 - 00000000 ____D () C:\Windows\system32\oodag
2014-07-03 17:36 - 2014-06-20 14:07 - 00002432 _____ () C:\Windows\PFRO.log

Some content of TEMP:
====================
C:\Users\XXXXX XXXXX\AppData\Local\Temp\avgnt.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\nsa1473.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\nsfBBB.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\nsfD04E.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\nsvCB2F.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\nsvDA5B.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\nsxE449.tmp.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\sfamcc00001.dll
C:\Users\XXXXX XXXXX\AppData\Local\Temp\sfareca00001.dll
C:\Users\XXXXX XXXXX\AppData\Local\Temp\sfextra.dll
C:\Users\XXXXX\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-28 20:56

==================== End Of Log ============================
         
--- --- ---

--- --- ---




Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 02
Ran by XXXXX XXXXX at 2014-08-02 00:16:12
Running from C:\Users\XXXXX XXXXX\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.7112 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.0.7112 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.29 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.124.1120 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.124.1120 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3004 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.2009.1217 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3000 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.103 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.103 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}) (Version: 1.4.17.35005 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.4.17.35005 - Alcor Micro Corp.) Hidden
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
Alle meine Passworte 4.13 (HKLM\...\AllemeinePassworte) (Version:  - Mirko Böer)
Allway Sync version 12.16.9 (HKLM-x32\...\Allway Sync_is1) (Version:  - Botkind Inc)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1105 - Alps Electric)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{11F38253-8940-FFDA-D131-B14120C357E4}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avi2Dvd 0.6.4 (HKLM-x32\...\Avi2Dvd) (Version: 0.6.4 - TrustFm)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Backup Manager Basic (x32 Version: 2.0.0.29 - NewTech Infosystems) Hidden
BatteryCare 0.9.10.0 (HKLM-x32\...\{C6A6036D-FBD0-4324-BEAA-C0845257160C}_is1) (Version: 0.9.10.0 - Filipe Lourenço)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.31638 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}) (Version: 12.33.03 - Broadcom Corporation)
Canon MP160 Benutzerregistrierung (HKLM-x32\...\Canon MP160 Benutzerregistrierung) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.1209.2335.42329 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.1209.2335.42329 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.1209.2335.42329 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.1209.2335.42329 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.1209.2335.42329 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.1209.2335.42329 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.1209.2335.42329 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help English (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help French (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help German (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
ccc-core-static (x32 Version: 2009.1209.2335.42329 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2009.1209.2335.42329 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP)
Chandler 1.0.3 (HKLM-x32\...\Chandler) (Version: 1.0.3 - Open Source Applications Foundation)
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)
CoreAAC Audio Decoder (remove only) (HKLM-x32\...\CoreAAC Audio Decoder) (Version:  - )
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D1C35197-B856-45E2-BA67-5ABB6B0CA9C2}) (Version:  - Microsoft)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
EinsteinBrainTrainer (remove only) (HKLM-x32\...\EinsteinBrainTrainer) (Version:  - )
Ekahau HeatMapper (HKLM\...\Heatmapper-1.1.4.39795) (Version: 1.1.4.39795 - Ekahau Inc.)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
ffdshow [rev 3299] [2010-03-03] (HKLM-x32\...\ffdshow_is1) (Version: 1.0.0.3299 - )
Fiat eco:Drive (HKLM-x32\...\com.fiat.convergence.385E4263E7379A5D22A7076E99B02868EFF10711.1) (Version: 2.0.2 - Fiat Group Automobiles)
Fiat eco:Drive (x32 Version: 2.0.2 - Fiat Group Automobiles) Hidden
First Class Flurry (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}) (Version:  - Oberon Media)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.105.325 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.3.321 - Foxit Corporation)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free DVD Video Burner version 3.0.4.426 (HKLM-x32\...\Free DVD Video Burner_is1) (Version:  - DVDVideoSoft Limited.)
Free System Utilities (HKLM-x32\...\{ad2818b3-1616-4ec8-855d-be6936103e5a}) (Version: 1.1.0.70 - Covus Freemium GmbH)
Free SystemUtilities (x32 Version: 1.1.0.70 - Covus Freemium GmbH) Hidden
Free YouTube Download version 3.1.37.918 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.37.918 - DVDVideoSoft Ltd.)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0_RC_10 - )
FRITZ!Box-Fernzugang einrichten (HKLM-x32\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
FrostWire 5.3.5 (HKLM-x32\...\FrostWire 5) (Version: 5.3.5.0 - FrostWire Team)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät (HKLM\...\{48DF59F8-2ACD-4F1F-87F3-D820FE7A6178}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3070 B611 series Hilfe (HKLM-x32\...\{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.007 - HTC Corporation)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.00.132 - Oracle, Inc.) Hidden
Java SE Development Kit 8 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180000}) (Version: 8.0.0 - Oracle Corporation)
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
Join Air (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - ZTE Corporation)
K-Lite Codec Pack 9.2.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.2.0 - )
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.05 - Acer Inc.)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
MediaHuman YouTube to MP3 Converter Version 3.3 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.3 - )
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft DCF MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office O MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office SharePoint Designer MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MPC-HC 1.7.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.0.1 - Vitalwerks Internet Solutions LLC)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6623 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6623 - NewTech Infosystems) Hidden
O&O Defrag Free Edition (HKLM\...\{C10CAF82-9D36-4D9A-9DC0-C4549F06B519}) (Version: 14.1.431 - O&O Software GmbH)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
pomodairo (HKLM-x32\...\{EEBEA077-AB92-5083-ECB1-C15BD842D00B}) (Version: 1.9 - UNKNOWN)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Random Dresser (HKLM-x32\...\RandomDresser) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
RescueTime 2.2.1 (HKLM-x32\...\{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1) (Version:  - RescueTime.com)
Restorer2000 3.3 (HKLM-x32\...\Restorer2000_is1) (Version: 3.3 - Bitmart Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shutdown Manager (HKLM-x32\...\{C457BA5F-35F9-480C-90F8-5C91DB443A15}_is1) (Version: 2.0.7 - Daniel Höllig)
SimpleScreenshot 1.40 (HKLM-x32\...\SimpleScreenshot) (Version:  - )
SiSoftware Sandra Lite 2014.SP2a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 20.35.2014.6 - SiSoftware)
SIW version 2011.10.29 (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.10.29 - Topala Software Solutions)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Steganos Safe 14 (HKLM-x32\...\{13B7FBFB-622E-4002-8570-594798E6167D}) (Version: 14.2.2 - Steganos Software GmbH)
Steuer-Spar-Erklärung 2008 (HKLM-x32\...\{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}) (Version: 13.02.0000 - Akademische Arbeitsgemeinschaft)
Steuer-Spar-Erklärung 2009 (HKLM-x32\...\{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}) (Version: 14.01.0000 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2010 (HKLM-x32\...\{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}) (Version: 15.15 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2011 (HKLM-x32\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.18 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.14 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.11.90 - Akademische Arbeitsgemeinschaft)
Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten (HKLM\...\{93B49FE1-0C81-479B-986A-D50DDA80E2C6}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
Time Stamp (HKLM-x32\...\Time Stamp_is1) (Version:  - 3.23.2010-0313)
TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.0.0 - TP-LINK)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
Tunatic (HKLM-x32\...\Tunatic) (Version:  - )
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{58D92858-3C94-4C2F-A8E4-AEFF9304C3CF}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition (HKLM\...\{90150000-0018-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{58D92858-3C94-4C2F-A8E4-AEFF9304C3CF}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition (HKLM\...\{90150000-001B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{58D92858-3C94-4C2F-A8E4-AEFF9304C3CF}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{58D92858-3C94-4C2F-A8E4-AEFF9304C3CF}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{58D92858-3C94-4C2F-A8E4-AEFF9304C3CF}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2850074) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{CE9A9D7C-B6FB-4F6C-8BDE-9A1ADBBAC1EE}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{C4AEA56A-0759-4D08-9FAB-31A92137D0B8}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D692E9FF-84BF-4F44-A0EA-D58ECE0D538E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880457) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{EC2AF602-2730-4B05-9438-06CDE43153F2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880464) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{88B29AA5-71EE-4692-91E2-E89407F0B783}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{6F540E80-4BB2-413F-9648-52031AA237B7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{6F540E80-4BB2-413F-9648-52031AA237B7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{6F540E80-4BB2-413F-9648-52031AA237B7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0090-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881074) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{9A479F9C-C1EC-4833-A115-A8B7A60480BD}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 64-Bit Edition (HKLM\...\{90150000-001F-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{00BBBFFE-8889-4953-956A-77DDE975A947}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{3A12DFA2-3FF5-450E-BDB1-A742551A5D1A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUSR_{EA8072E8-E3CF-46DF-A5DE-9F5975344327}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 64-Bit Edition (HKLM\...\{90150000-001F-0410-1000-0000000FF1CE}_Office15.PROPLUSR_{BF0D921F-E77E-4E03-BE71-46D9D2C7A36A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881086) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{ED3A8E98-FDD4-493F-A0EC-141821573EC2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881086) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{ED3A8E98-FDD4-493F-A0EC-141821573EC2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 64-Bit Edition (HKLM\...\{90150000-00BA-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{3C6F4768-FB23-4ECF-8328-5C47E0664B65}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{3C6F4768-FB23-4ECF-8328-5C47E0664B65}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 64-Bit Edition (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{3C6F4768-FB23-4ECF-8328-5C47E0664B65}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{3C6F4768-FB23-4ECF-8328-5C47E0664B65}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00A1-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-001A-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881075) 64-Bit Edition (HKLM\...\{90150000-0018-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{C8955821-EDAC-4E65-BEF3-C9C0A049517A}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881075) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{C8955821-EDAC-4E65-BEF3-C9C0A049517A}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0019-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version:  - Microsoft)
Update for Microsoft Visio 2013 (KB2837632) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{97183E08-6B06-40F1-80A9-585C4AEF98F1}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{BC51FE30-3A56-4802-8D9E-E9BC05B56B49}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 64-Bit Edition (HKLM\...\{90150000-001A-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{F96FE9BB-CD90-472B-852E-156342618C54}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 64-Bit Edition (HKLM\...\{90150000-001B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{F96FE9BB-CD90-472B-852E-156342618C54}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{F96FE9BB-CD90-472B-852E-156342618C54}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{F96FE9BB-CD90-472B-852E-156342618C54}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 31.0.2014.0 - BillP Studios)
WinRAR 5.10 Beta 4 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Zuzahlungsrechner (HKLM-x32\...\{B2C69E77-F209-4B63-8676-4F32B27E162B}) (Version: 3.6.0 - sfr-software-fuers-heim)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

18-07-2014 14:32:37 Windows Update
22-07-2014 14:00:44 Windows Update
24-07-2014 11:01:50 Windows Update
29-07-2014 14:18:43 Windows Update
01-08-2014 08:19:00 AkkuLine Batterie-Tool wird entfernt
01-08-2014 08:24:17 Entfernt Bildschirmschoner
01-08-2014 20:37:32 Free Driver Scout
01-08-2014 20:46:13 DriverUtilities
01-08-2014 20:49:13 Free Driver Scout

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-06-22 13:16 - 00449904 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B1337E7-FD4D-4E97-B323-C196EC76BB3E} - System32\Tasks\At1 => C:\Windows\system32\msddt.exe
Task: {0CAEEB6B-A216-4E04-9EA6-AC310639FD8D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {23CEA58C-8E99-49B6-96E0-E0033F148659} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-14] (Google Inc.)
Task: {328BB5C8-5E96-4D38-B540-0478E729B49A} - System32\Tasks\{8AC09C7C-E103-4E38-A460-4F6A6BC3C208} => C:\Users\XXXXX XXXXX\Downloads\Microsoft.Office.Professional.Plus.2010.Deutsch.German.English.x64.+x86\32 Bit\crack\mini-KMS_Activator_v1.2_Office2010_VL_ENG_FIXED.exe
Task: {38C51694-B081-4739-8E17-069D4A49D4D4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {46589170-D2BD-4E90-A68B-EB53448C9ADC} - \Freemium1ClickMaint No Task File <==== ATTENTION
Task: {4CB16212-5451-480A-A531-815D14E8A397} - System32\Tasks\FreeDriverScout => C:\Program Files\Covus Freemium\Free Driver Scout\1Click.exe
Task: {4F70BAFB-3F9C-4504-B9C9-818B895B25A7} - System32\Tasks\{93314EA6-E64D-4617-934D-F85ECAF9B82E} => C:\Users\XXXXX XXXXX\Downloads\Microsoft.Office.Professional.Plus.2010.Deutsch.German.English.x64.+x86\32 Bit\crack\mini-KMS_Activator_v1.2_Office2010_VL_ENG_FIXED.exe
Task: {56A5104C-F855-4C70-A3CC-C25C4FC7DAD9} - System32\Tasks\Software Updater => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2014-02-12] ()
Task: {5A42985A-DC32-4FE1-8210-CA09F67316FC} - System32\Tasks\HPCustPartic.exe_{96420065-3C4E-4B3E-96DB-DB0760F51DDD} => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2011-06-08] (Hewlett-Packard Co.)
Task: {5BEBF03D-46F3-4323-9F13-07CBA091837D} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {6CD89185-CD28-476C-8761-8B7DECCD7EDA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {79FCB93E-414A-4C12-A94D-37E4558FAF44} - System32\Tasks\{D00EDC5C-F9CA-49D6-8171-48047E4F592C} => C:\Users\XXXXX XXXXX\Downloads\Microsoft.Office.Professional.Plus.2010.Deutsch.German.English.x64.+x86\32 Bit\crack\mini-KMS_Activator_v1.2_Office2010_VL_ENG_FIXED.exe
Task: {7B158A6A-42B2-4CCD-92C6-82A29FC974C5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {7EED0456-B087-4708-8496-6474B917CECB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {9C395D30-C0E5-4B3A-A232-E38DA71A3827} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A1D835EF-9220-45A2-811E-2CA5B38166BF} - System32\Tasks\hpUrlLauncher.exe_{4AF7A75F-FDE8-41B8-80D9-5C3EBC32D019} => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\utils\hpUrlLauncher.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {AF34E9C7-A25A-4DBC-9020-F503E362A6B3} - System32\Tasks\Driver Booster SkipUAC (XXXXX XXXXX) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {BBBF9E37-C1CD-4CF0-A783-CE021D6D2928} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {BF4A1AB7-0180-47BC-B4CD-E6792CC423D3} - System32\Tasks\HPCustParticipation HP Deskjet 3070 B611 series => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2011-06-08] (Hewlett-Packard Co.)
Task: {C5986952-C9F2-465D-905C-F0679F19619F} - \Software Updater Ui No Task File <==== ATTENTION
Task: {CE5325CF-BB63-4751-AB56-BD427BEAA0D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {E36CA599-B047-467B-99AF-5E380AFECE05} - System32\Tasks\{AC797CD7-B058-4AC8-84B2-B2307D6AFF9B} => C:\Program Files (x86)\Chandler1.0.3\chandler.exe
Task: {E85DBE85-E344-4E48-A05A-ACF97445121F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-14] (Google Inc.)
Task: {F30712C0-5F79-4616-BFEE-8D27E1822469} - System32\Tasks\{581487AC-8AAF-40E1-A997-6B8519F0C5EC} => C:\Program Files (x86)\Chandler1.0.3\chandler.exe
Task: {F5F2E42F-66A1-4A27-AF82-45A9767CF81D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2007-10-04 15:32 - 2007-10-04 15:32 - 00122880 _____ () C:\Program Files (x86)\Common Files\AAV\aavus.exe
2013-11-25 17:24 - 2013-10-10 12:23 - 00182784 _____ () C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe
2013-01-24 20:12 - 2013-01-24 20:12 - 00011264 _____ () C:\Program Files (x86)\No-IP\ducservice.exe
2011-03-31 17:08 - 2011-03-31 17:08 - 00080896 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2013-07-17 13:54 - 2013-07-17 13:54 - 00220672 _____ () C:\Program Files (x86)\Steganos Safe 14\ShellExtension.dll
2011-11-13 23:52 - 2011-11-13 23:51 - 00200704 _____ () C:\Windows\PLFSetI.exe
2009-07-29 14:10 - 2009-07-29 14:10 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-11-13 22:44 - 2011-11-13 22:44 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-24 08:34 - 2013-01-24 08:34 - 00067584 _____ () C:\Program Files (x86)\No-IP\ducapi.dll
2009-02-03 03:33 - 2009-02-03 03:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2008-09-29 03:55 - 2008-09-29 03:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2014-06-10 12:58 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-06-10 12:58 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-06-10 12:58 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-06-10 12:58 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-06-10 12:58 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-08-01 10:40 - 2014-08-01 10:40 - 00158720 _____ () C:\Users\XXXXX XXXXX\AppData\Local\Temp\sfareca00001.dll
2014-06-15 14:36 - 2014-08-01 10:40 - 00192512 _____ () C:\Users\XXXXX XXXXX\AppData\Local\Temp\sfamcc00001.dll
2014-07-30 12:19 - 2014-07-30 12:19 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-09 12:05 - 2014-07-09 12:05 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\ProgramData\Temp:93DE1838
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
MSCONFIG\startupreg: OODefragTray => C:\Program Files\OO Software\Defrag\oodtray.exe

==================== Faulty Device Manager Devices =============

Name: Deskjet 3070 B611 series
Description: Deskjet 3070 B611 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/01/2014 11:20:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0xdcc
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (08/01/2014 10:49:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service Search Protect Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (08/01/2014 10:36:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x1a88
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (08/01/2014 09:00:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7114

Error: (08/01/2014 09:00:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7114

Error: (08/01/2014 09:00:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/01/2014 09:00:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6116

Error: (08/01/2014 09:00:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6116

Error: (08/01/2014 09:00:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/01/2014 09:00:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5024


System errors:
=============
Error: (08/01/2014 11:22:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Advanced SystemCare Service 7" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/01/2014 11:10:57 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "Advanced SystemCare Service 7" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (08/01/2014 10:52:09 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (08/01/2014 10:48:05 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "GlobalUpdater" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (08/01/2014 10:48:01 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "SProtection" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (08/01/2014 07:59:27 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: 
%%126

Error: (08/01/2014 07:57:27 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (07/31/2014 09:16:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/31/2014 09:14:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/31/2014 09:14:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Player-Netzwerkfreigabedienst erreicht.


Microsoft Office Sessions:
=========================
Error: (08/01/2014 11:20:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141bdcc01cfadcccaf8c780C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll98d82898-19c1-11e4-b382-00262d8cabd9

Error: (08/01/2014 10:49:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service Search Protect Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (08/01/2014 10:36:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b1a8801cfadc58ca23f4eC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll8ce02b1e-19bb-11e4-b382-00262d8cabd9

Error: (08/01/2014 09:00:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7114

Error: (08/01/2014 09:00:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7114

Error: (08/01/2014 09:00:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/01/2014 09:00:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6116

Error: (08/01/2014 09:00:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6116

Error: (08/01/2014 09:00:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/01/2014 09:00:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5024


CodeIntegrity Errors:
===================================
  Date: 2014-06-28 08:07:01.069
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\DANIEL~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:00.711
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\DANIEL~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:00.330
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:00.010
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-01 15:18:48.633
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-01 15:18:48.446
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-01 15:18:48.243
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-01 15:18:48.040
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-18 23:11:40.677
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-18 23:11:40.521
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 61%
Total physical RAM: 3956.5 MB
Available physical RAM: 1534.02 MB
Total Pagefile: 7911.18 MB
Available Pagefile: 4704.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:290.05 GB) (Free:123.27 GB) NTFS
Drive d: (DATA) (Fixed) (Total:290.4 GB) (Free:284.87 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 6D48B855)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=290 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=290 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         


Das ich im Ordner "Downloads" irgendwie Cracks hätte. Aber ich finde die Datei nicht. Echt komisch.

Geändert von magigstar (01.08.2014 um 23:25 Uhr)

Alt 02.08.2014, 00:17   #8
Bootsektor
/// TB-Ausbilder
 
Free Driver Scout - Zusatzprogramme - Standard

Free Driver Scout - Zusatzprogramme



Ok,

natürlich hast du im Downloadordner nen Office-Crack, hat Malwarebytes den gefunden? Hast du da noch n Log? Ansonsten Malwarebytes nochmal laufen lassen (Schritt 2)
Zitat:
mini-KMS_Activator_v1.2_Office2010_VL_ENG_FIXED.exe
DriverScout wolltest du jetzt behalten?
Was ist Chandler?
Wie sieht es jetzt nach diesen Schritten aus?

Bitte die X wieder ersetzen für den Fix
Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3320326&octid=EB_ORIGINAL_CTID&ISID=MD4C1BF03-46E7-4AE1-9ECF-D95BDF14B1E3&SearchSource=58&CUI=&UM=6&UP=SPC7363D78-F165-417D-9298-7B6C89FADDA5&q={searchTerms}&SSPV=
FF SearchPlugin: C:\Users\XXXXXX XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\7ypdkl8a.default\searchplugins\trovi-search.xml
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe 
C:\Program Files (x86)\IObit
C:\Users\XXXXXX XXXXXX\AppData\Roaming\IObit
C:\ProgramData\IObit
C:\Windows\System32\Tasks\Driver Booster SkipUAC (XXXXXX XXXXXX)
C:\Program Files (x86)\PC Speed Up
C:\Program Files (x86)\Security Guard
C:\Users\XXXXXX XXXXXX\Downloads\driver_booster_setup_1.4.0.exe
C:\temp
C:\Program Files\005
Task: {328BB5C8-5E96-4D38-B540-0478E729B49A} - System32\Tasks\{8AC09C7C-E103-4E38-A460-4F6A6BC3C208} => C:\Users\XXXXX XXXXX\Downloads\Microsoft.Office.Professional.Plus.2010.Deutsch.German.English.x64.+x86\32 Bit\crack\mini-KMS_Activator_v1.2_Office2010_VL_ENG_FIXED.exe
Task: {4F70BAFB-3F9C-4504-B9C9-818B895B25A7} - System32\Tasks\{93314EA6-E64D-4617-934D-F85ECAF9B82E} => C:\Users\XXXXX XXXXX\Downloads\Microsoft.Office.Professional.Plus.2010.Deutsch.German.English.x64.+x86\32 Bit\crack\mini-KMS_Activator_v1.2_Office2010_VL_ENG_FIXED.exe
Task: {46589170-D2BD-4E90-A68B-EB53448C9ADC} - \Freemium1ClickMaint No Task File <==== ATTENTION
Task: {4CB16212-5451-480A-A531-815D14E8A397} - System32\Tasks\FreeDriverScout => C:\Program Files\Covus Freemium\Free Driver Scout\1Click.exe
Task: {56A5104C-F855-4C70-A3CC-C25C4FC7DAD9} - System32\Tasks\Software Updater => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2014-02-12] ()
Task: {5BEBF03D-46F3-4323-9F13-07CBA091837D} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {79FCB93E-414A-4C12-A94D-37E4558FAF44} - System32\Tasks\{D00EDC5C-F9CA-49D6-8171-48047E4F592C} => C:\Users\XXXXX XXXXX\Downloads\Microsoft.Office.Professional.Plus.2010.Deutsch.German.English.x64.+x86\32 Bit\crack\mini-KMS_Activator_v1.2_Office2010_VL_ENG_FIXED.exe
Task: {AF34E9C7-A25A-4DBC-9020-F503E362A6B3} - System32\Tasks\Driver Booster SkipUAC (XXXXX XXXXX) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {C5986952-C9F2-465D-905C-F0679F19619F} - \Software Updater Ui No Task File <==== ATTENTION
C:\Program Files (x86)\IObit
C:\Program Files\SoftwareUpdater
C:\Program Files\Covus Freemium\Free Driver Scout\1Click.exe
C:\Users\XXXXX XXXXX\Downloads\Microsoft.Office.Professional.Plus.2010.Deutsch.German.English.x64.+x86\32 Bit\crack\mini-KMS_Activator_v1.2_Office2010_VL_ENG_FIXED.exe
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\ProgramData\Temp:93DE1838
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Klicke im Anschluss auf Suchlauf, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf jetzt starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Aktionen anwenden.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Wähle Exportieren auf Textdatei (.txt) und speichere die Datei als mbam.txt auf dem Desktop ab.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Schritt 3
Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt 4
Starte noch einmal FRST.
  • Setze den Haken bei addition.txt und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop (oder in dem Verzeichnis in dem FRST liegt) gespeichert.
  • Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.

Alt 02.08.2014, 20:05   #9
magigstar
 
Free Driver Scout - Zusatzprogramme - Standard

Free Driver Scout - Zusatzprogramme



Ich hab doch noch gar nicht Malwarebytes laufen lassen.

Ne, eigentlich habe ich ja DriverScout wieder deinstalliert.
Gibt es denn irgendwie die Möglichkeit, DriverScout zu installieren, ohne den ganzen Sch*** mit zu installlieren?

Chandler ist irgendein Termin-Programm. Also ne Alternative von Outlook. Habe ich mal installiert.


Ich werde die Schritte durchgehen und mich erneut melden.
Bis dahin schon mal: Dankschenön.

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-07-2014 02
Ran by Daniele Cipriano at 2014-08-02 10:23:06 Run:1
Running from C:\Users\Daniele Cipriano\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3320326&octid=EB_ORIGINAL_CTID&ISID=MD4C1BF03-46E7-4AE1-9ECF-D95BDF14B1E3&SearchSource=58&CUI=&UM=6&UP=SPC7363D78-F165-417D-9298-7B6C89FADDA5&q={searchTerms}&SSPV=
FF SearchPlugin: C:\Users\Daniele Cipriano\AppData\Roaming\Mozilla\Firefox\Profiles\7ypdkl8a.default\searchplugins\trovi-search.xml
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe 
C:\Program Files (x86)\IObit
C:\Users\Daniele Cipriano\AppData\Roaming\IObit
C:\ProgramData\IObit
C:\Windows\System32\Tasks\Driver Booster SkipUAC (XXXXXX XXXXXX)
C:\Program Files (x86)\PC Speed Up
C:\Program Files (x86)\Security Guard
C:\Users\Daniele Cipriano\Downloads\driver_booster_setup_1.4.0.exe
C:\temp
C:\Program Files\005
Task: {328BB5C8-5E96-4D38-B540-0478E729B49A} - System32\Tasks\{8AC09C7C-E103-4E38-A460-4F6A6BC3C208} => C:\Users\Daniele Cipriano\Downloads\Microsoft.Office.Professional.Plus.2010.Deutsch.German.English.x64.+x86\32 Bit\crack\mini-KMS_Activator_v1.2_Office2010_VL_ENG_FIXED.exe
Task: {4F70BAFB-3F9C-4504-B9C9-818B895B25A7} - System32\Tasks\{93314EA6-E64D-4617-934D-F85ECAF9B82E} => C:\Users\Daniele Cipriano\Downloads\Microsoft.Office.Professional.Plus.2010.Deutsch.German.English.x64.+x86\32 Bit\crack\mini-KMS_Activator_v1.2_Office2010_VL_ENG_FIXED.exe
Task: {46589170-D2BD-4E90-A68B-EB53448C9ADC} - \Freemium1ClickMaint No Task File <==== ATTENTION
Task: {4CB16212-5451-480A-A531-815D14E8A397} - System32\Tasks\FreeDriverScout => C:\Program Files\Covus Freemium\Free Driver Scout\1Click.exe
Task: {56A5104C-F855-4C70-A3CC-C25C4FC7DAD9} - System32\Tasks\Software Updater => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2014-02-12] ()
Task: {5BEBF03D-46F3-4323-9F13-07CBA091837D} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {79FCB93E-414A-4C12-A94D-37E4558FAF44} - System32\Tasks\{D00EDC5C-F9CA-49D6-8171-48047E4F592C} => C:\Users\Daniele Cipriano\Downloads\Microsoft.Office.Professional.Plus.2010.Deutsch.German.English.x64.+x86\32 Bit\crack\mini-KMS_Activator_v1.2_Office2010_VL_ENG_FIXED.exe
Task: {AF34E9C7-A25A-4DBC-9020-F503E362A6B3} - System32\Tasks\Driver Booster SkipUAC (Daniele Cipriano) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {C5986952-C9F2-465D-905C-F0679F19619F} - \Software Updater Ui No Task File <==== ATTENTION
C:\Program Files (x86)\IObit
C:\Program Files\SoftwareUpdater
C:\Program Files\Covus Freemium\Free Driver Scout\1Click.exe
C:\Users\Daniele Cipriano\Downloads\Microsoft.Office.Professional.Plus.2010.Deutsch.German.English.x64.+x86\32 Bit\crack\mini-KMS_Activator_v1.2_Office2010_VL_ENG_FIXED.exe
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\ProgramData\Temp:93DE1838
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
         
*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}" => Key deleted successfully.
"HKCR\CLSID\{460C3D19-B3D4-4964-A550-77D263B0CCCB}" => Key not found.
C:\Users\Daniele Cipriano\AppData\Roaming\Mozilla\Firefox\Profiles\7ypdkl8a.default\searchplugins\trovi-search.xml => Moved successfully.
LiveUpdateSvc => Service deleted successfully.
C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe => Moved successfully.
C:\Program Files (x86)\IObit => Moved successfully.
C:\Users\Daniele Cipriano\AppData\Roaming\IObit => Moved successfully.
C:\ProgramData\IObit => Moved successfully.
"C:\Windows\System32\Tasks\Driver Booster SkipUAC (XXXXXX XXXXXX)" => File/Directory not found.
C:\Program Files (x86)\PC Speed Up => Moved successfully.
C:\Program Files (x86)\Security Guard => Moved successfully.
C:\Users\XXXX XXXXX\Downloads\driver_booster_setup_1.4.0.exe => Moved successfully.
C:\temp => Moved successfully.
C:\Program Files\005 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{328BB5C8-5E96-4D38-B540-0478E729B49A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{328BB5C8-5E96-4D38-B540-0478E729B49A}" => Key deleted successfully.
C:\Windows\System32\Tasks\{8AC09C7C-E103-4E38-A460-4F6A6BC3C208} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8AC09C7C-E103-4E38-A460-4F6A6BC3C208}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F70BAFB-3F9C-4504-B9C9-818B895B25A7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F70BAFB-3F9C-4504-B9C9-818B895B25A7}" => Key deleted successfully.
C:\Windows\System32\Tasks\{93314EA6-E64D-4617-934D-F85ECAF9B82E} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{93314EA6-E64D-4617-934D-F85ECAF9B82E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{46589170-D2BD-4E90-A68B-EB53448C9ADC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46589170-D2BD-4E90-A68B-EB53448C9ADC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Freemium1ClickMaint" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4CB16212-5451-480A-A531-815D14E8A397}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CB16212-5451-480A-A531-815D14E8A397}" => Key deleted successfully.
C:\Windows\System32\Tasks\FreeDriverScout => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FreeDriverScout" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{56A5104C-F855-4C70-A3CC-C25C4FC7DAD9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56A5104C-F855-4C70-A3CC-C25C4FC7DAD9}" => Key deleted successfully.
C:\Windows\System32\Tasks\Software Updater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Software Updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5BEBF03D-46F3-4323-9F13-07CBA091837D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BEBF03D-46F3-4323-9F13-07CBA091837D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79FCB93E-414A-4C12-A94D-37E4558FAF44}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79FCB93E-414A-4C12-A94D-37E4558FAF44}" => Key deleted successfully.
C:\Windows\System32\Tasks\{D00EDC5C-F9CA-49D6-8171-48047E4F592C} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D00EDC5C-F9CA-49D6-8171-48047E4F592C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF34E9C7-A25A-4DBC-9020-F503E362A6B3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF34E9C7-A25A-4DBC-9020-F503E362A6B3}" => Key deleted successfully.
C:\Windows\System32\Tasks\Driver Booster SkipUAC (XXXXX XXXXXX) => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (XXXXXXX XXXXXXx)" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C5986952-C9F2-465D-905C-F0679F19619F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5986952-C9F2-465D-905C-F0679F19619F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Software Updater Ui" => Key deleted successfully.
"C:\Program Files (x86)\IObit" => File/Directory not found.
C:\Program Files\SoftwareUpdater => Moved successfully.
"C:\Program Files\Covus Freemium\Free Driver Scout\1Click.exe" => File/Directory not found.
"C:\Users\XXXXXXX XXXXXXX\Downloads\Microsoft.Office.Professional.Plus.2010.Deutsch.German.English.x64.+x86\32 Bit\crack\mini-KMS_Activator_v1.2_Office2010_VL_ENG_FIXED.exe" => File/Directory not found.
C:\ProgramData\Temp => ":4D066AD2" ADS removed successfully.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
C:\ProgramData\Temp => ":93DE1838" ADS removed successfully.
C:\ProgramData\Temp => ":AB689DEA" ADS removed successfully.

==== End of Fixlog ====
         

Kann sein, das einiges gar nicht gefunden wurde.
Wollte die Fixlist erneut "aktivieren", aber die Datei ist vom Desktop verschwunden.


Code:
ATTFilter
"C:\Windows\System32\Tasks\Driver Booster SkipUAC (XXXXXX XXXXXX)" => File/Directory not found.
         
Code:
ATTFilter
"C:\Program Files (x86)\IObit" => File/Directory not found.
         
Code:
ATTFilter
"C:\Program Files\Covus Freemium\Free Driver Scout\1Click.exe" => File/Directory not found.
         
Code:
ATTFilter
"C:\Users\XXXXXXX XXXXXXX\Downloads\Microsoft.Office.Professional.Plus.2010.Deutsch.German.English.x64.+x86\32 Bit\crack\mini-KMS_Activator_v1.2_Office2010_VL_ENG_FIXED.exe" => File/Directory not found.
         
Soll ich dennoch weitermachen??

Geändert von magigstar (02.08.2014 um 09:17 Uhr)

Alt 02.08.2014, 23:01   #10
Bootsektor
/// TB-Ausbilder
 
Free Driver Scout - Zusatzprogramme - Standard

Free Driver Scout - Zusatzprogramme



Zitat:
Ich hab doch noch gar nicht Malwarebytes laufen lassen.
Ok.

Zitat:
Kann sein, das einiges gar nicht gefunden wurde.
Doch, die sind weg

Alle ausser der Office-Crack. Komisch. Das KMS hattest du bevor oder nach dem FRST log entfernt?

Zitat:
Gibt es denn irgendwie die Möglichkeit, DriverScout zu installieren, ohne den ganzen Sch*** mit zu installlieren?
Nunja, irgendwo mit muss sich Freeware ja auch finanzieren, das ist das Problem.
Ich habs nun nicht getestet, aber hattest du bei der Installation darauf geachtet, wirklich alles abzuwählen, was dir dort angeboten wird? Meistens gibt es eine erweiterte Installationsroutine und auch da kann man meist noch fleissig abwählen.

Die Fixlist wird automatisch gelöscht nach dem Fix, das ist normal.

Mach einfach weiter

Alt 04.08.2014, 14:17   #11
magigstar
 
Free Driver Scout - Zusatzprogramme - Standard

Free Driver Scout - Zusatzprogramme



Ich glaube, das KMS habe ich schon vorher gelöscht.

Ja, zumindest bei einem Programm von diesen zwei konnte ich abwählen. Darauf habe ich nicht geachtet.

Ich werde also weiter machen.

Alt 04.08.2014, 21:51   #12
Bootsektor
/// TB-Ausbilder
 
Free Driver Scout - Zusatzprogramme - Standard

Free Driver Scout - Zusatzprogramme



Ok, dann warte ich hier auf die restlichen Logs.

Alt 05.08.2014, 19:11   #13
magigstar
 
Free Driver Scout - Zusatzprogramme - Standard

Free Driver Scout - Zusatzprogramme



Schritt 2

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 05.08.2014
Suchlauf-Zeit: 15:09:40
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.05.03
Rootkit Datenbank: v2014.08.04.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: XXXX XXXXX

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 359942
Verstrichene Zeit: 20 Min, 31 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 10
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, In Quarantäne, [8077fac81f5c41f5fa4ce5b789798977], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, In Quarantäne, [6f8849798bf0cd6971d659437989629e], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, In Quarantäne, [1add685ab9c20c2a2ab13a613ac88a76], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, In Quarantäne, [6f88982af4873ff7aa5433cb79897a86], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent, In Quarantäne, [c730bb076d0eb38345efb376bb49d030], 
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DatamngrCoordinator.exe, In Quarantäne, [8572487abcbfea4c4713f9ddf90953ad], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, In Quarantäne, [47b008baa1da64d238c610ee1de5b64a], 
PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\WOW6432NODE\InstallIQ, In Quarantäne, [ee09efd33942241263c46a8eb64cd42c], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent, In Quarantäne, [8572cbf79eddc86e0430d158d82c52ae], 
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DatamngrCoordinator.exe, In Quarantäne, [db1c16acfb8058de3c1e54824fb315eb], 

Registrierungswerte: 2
PUP.Optional.Iminent.A, HKU\S-1-5-21-1242904208-471078349-2963378918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, Löschen bei Neustart, [1add685ab9c20c2a2ab13a613ac88a76], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-1242904208-471078349-2963378918-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, In Quarantäne, [2ccbf7cb4833f83ef9e2900b04fead53], 

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 5
PUP.Optional.Iminent.A, C:\Users\XXXXX XXXXX\AppData\Local\Temp\Iminent, In Quarantäne, [30c7ab170d6e79bd8edc872858aacd33], 
PUP.Optional.Zapp.A, C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ilhln8u2.default\extensions\{e985a5d2-3bc5-4638-b711-f46b25050696}, In Quarantäne, [32c5d1f11863c57118274880d230b947], 
PUP.Optional.Zapp.A, C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ilhln8u2.default\extensions\{e985a5d2-3bc5-4638-b711-f46b25050696}\chrome, In Quarantäne, [32c5d1f11863c57118274880d230b947], 
PUP.Optional.Zapp.A, C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ilhln8u2.default\extensions\{e985a5d2-3bc5-4638-b711-f46b25050696}\components, In Quarantäne, [32c5d1f11863c57118274880d230b947], 
PUP.Optional.Zapp.A, C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ilhln8u2.default\extensions\{e985a5d2-3bc5-4638-b711-f46b25050696}\plugins, In Quarantäne, [32c5d1f11863c57118274880d230b947], 

Dateien: 16
PUP.Optional.Conduit.A, C:\Users\XXXXX XXXXX\AppData\Local\Temp\nsvCB2F.exe, In Quarantäne, [698e4280fb8050e6db497a12738ebc44], 
PUP.Optional.Conduit.A, C:\Users\XXXXX XXXXX\AppData\Local\Temp\nsvDA5B.exe, In Quarantäne, [6691596983f8e74f8b992567837ec838], 
PUP.Optional.Conduit.A, C:\Users\XXXXX XXXXX\AppData\Local\Temp\nsa1473.exe, In Quarantäne, [25d2a31fc2b9ff3736ee187431d0d828], 
PUP.Optional.SearchProtect.A, C:\Users\XXXXX XXXXX\AppData\Local\Temp\nsf850A.tmp, In Quarantäne, [5b9c4e7494e76ec83d0ce0b67190669a], 
PUP.Optional.Conduit.A, C:\Users\XXXXX XXXXX\AppData\Local\Temp\nsfBBB.exe, In Quarantäne, [aa4d9e246b1083b36bb9b0dc1ce58f71], 
PUP.Optional.Conduit.A, C:\Users\XXXXX XXXXX\AppData\Local\Temp\nsfD04E.exe, In Quarantäne, [8f68d1f16c0f6bcbf232eba1a65b17e9], 
PUP.Optional.Iminent.A, C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Local Storage\chrome-extension_jdkokpcldhneihjdhigfjmoeojkdcbmg_0.localstorage, In Quarantäne, [946322a038438babdb72ffd7cc36ed13], 
PUP.Optional.CertifiedTB.A, C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Local Storage\chrome-extension_jlkealnllhajodlnhmfjfmnhelpbaaem_0.localstorage, In Quarantäne, [7483a61c027978be202ac513f70be719], 
PUP.Optional.Iminent.A, C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage, In Quarantäne, [c631952d3744f44212991ccb798929d7], 
PUP.Optional.Zapp.A, C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ilhln8u2.default\extensions\{e985a5d2-3bc5-4638-b711-f46b25050696}\chrome.manifest, In Quarantäne, [32c5d1f11863c57118274880d230b947], 
PUP.Optional.Zapp.A, C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ilhln8u2.default\extensions\{e985a5d2-3bc5-4638-b711-f46b25050696}\install.js, In Quarantäne, [32c5d1f11863c57118274880d230b947], 
PUP.Optional.Zapp.A, C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ilhln8u2.default\extensions\{e985a5d2-3bc5-4638-b711-f46b25050696}\install.rdf, In Quarantäne, [32c5d1f11863c57118274880d230b947], 
PUP.Optional.Zapp.A, C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ilhln8u2.default\extensions\{e985a5d2-3bc5-4638-b711-f46b25050696}\pop.htm, In Quarantäne, [32c5d1f11863c57118274880d230b947], 
PUP.Optional.Zapp.A, C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ilhln8u2.default\extensions\{e985a5d2-3bc5-4638-b711-f46b25050696}\chrome\Zapp_24069.jar, In Quarantäne, [32c5d1f11863c57118274880d230b947], 
PUP.Optional.Zapp.A, C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ilhln8u2.default\extensions\{e985a5d2-3bc5-4638-b711-f46b25050696}\components\wtb_complete.js, In Quarantäne, [32c5d1f11863c57118274880d230b947], 
PUP.Optional.Zapp.A, C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ilhln8u2.default\extensions\{e985a5d2-3bc5-4638-b711-f46b25050696}\plugins\npwiddit.dll, In Quarantäne, [32c5d1f11863c57118274880d230b947], 

Physische Sektoren: 0
(No malicious items detected)


(end)
         

Schritt 3 folgt...

Alt 05.08.2014, 23:09   #14
Bootsektor
/// TB-Ausbilder
 
Free Driver Scout - Zusatzprogramme - Standard

Free Driver Scout - Zusatzprogramme





Ok.

Alt 06.08.2014, 00:26   #15
magigstar
 
Free Driver Scout - Zusatzprogramme - Standard

Free Driver Scout - Zusatzprogramme



Schritt 3:

ESET:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=58449cc18ee8504882955fd4081431d5
# engine=14439
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-17 11:41:03
# local_time=2013-07-18 01:41:03 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 26403 119867483 19179 0
# compatibility_mode=5893 16776573 100 94 25735 125734313 0 0
# scanned=235967
# found=1
# cleaned=0
# scan_time=18894
sh=CA90ACF968B180D26904EECBD06FAF4C35E644E4 ft=0 fh=0000000000000000 vn="a variant of MSIL/Injector.ZW trojan" ac=I fn="C:\Users\XXXXXX XXXXXX\FrostWire\Torrent Data\MICROSOFT OFFICE 2010 PRO crack key serial LATEST.rar"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=58449cc18ee8504882955fd4081431d5
# engine=15512
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-16 07:59:30
# local_time=2013-10-16 09:59:30 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1799 16775165 100 96 5220 127716590 0 0
# compatibility_mode=5893 16776574 100 94 7553052 133583420 0 0
# scanned=77
# found=0
# cleaned=0
# scan_time=26
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=58449cc18ee8504882955fd4081431d5
# engine=15512
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-16 11:56:19
# local_time=2013-10-17 01:56:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1799 16775165 100 96 19429 127730799 12219 0
# compatibility_mode=5893 16776574 100 94 7567261 133597629 0 0
# scanned=251300
# found=0
# cleaned=0
# scan_time=10980
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=58449cc18ee8504882955fd4081431d5
# engine=17564
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-23 03:32:52
# local_time=2014-03-23 04:32:52 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1799 16775165 100 96 40137 141308592 11315 0
# compatibility_mode=5893 16776573 100 94 18704 147175422 0 0
# scanned=243187
# found=0
# cleaned=0
# scan_time=12527
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=58449cc18ee8504882955fd4081431d5
# engine=18540
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-04 04:12:08
# local_time=2014-06-04 06:12:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 36934 146354301 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 36107 153484977 0 0
# scanned=221252
# found=21
# cleaned=0
# scan_time=29381
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\DANIEL~1\AppData\Local\Temp\OCS\ocs_v71a.exe.vir"
sh=2CC64DA195A4B077AB3C8B553B7980C10FD480A2 ft=1 fh=9721e1d2f88978fc vn="Variante von MSIL/HackTool.IdleKMS.B potenziell unsichere Anwendung" ac=I fn="C:\Program Files\KMSpico\AutoPico.exe"
sh=3BB379BD40AAAD1290F98179D7A508E34E0BD07A ft=1 fh=62a6fb9317d87525 vn="Variante von MSIL/HackTool.IdleKMS.B potenziell unsichere Anwendung" ac=I fn="C:\Program Files\KMSpico\KMSELDI.exe"
sh=61C8A75F4512EE4E2662F1E8720A704296E53BAE ft=1 fh=42286d9c0fe3c35b vn="Variante von MSIL/HackTool.IdleKMS.B potenziell unsichere Anwendung" ac=I fn="C:\Program Files\KMSpico\Service_KMS.exe"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=81C2C3354F11ECE49D7667538CEFE9F2B2395319 ft=1 fh=cca4b3788ffc60aa vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnIC.dll"
sh=99DD33D629341F95D9853B1E63FCE454EC654560 ft=1 fh=08803d4e54260720 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnToolbarInstaller.exe"
sh=AAC20AA5A24E6D5258A9EEACF399A09EC63DC9B4 ft=1 fh=761f52bbd8f193b0 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\FrostWire 5\frostwire-installer.exe"
sh=319FE9AEB7F8B207BCC2A32FC5EC550229787614 ft=1 fh=dd0ae81fb3bff5ae vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\MediaHuman\YouTube to MP3 Converter\OCSetupHlp.dll"
sh=F90B3223684DEAAE59E0D371CCA318834695FEBE ft=1 fh=e2bb850c8e277c01 vn="Variante von Win32/RemoteAdmin.RemoteExec.AA potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\SIW\siw.exe"
sh=B896DEDCC410A84E9D794EB28ADB30E4CE0FC1C7 ft=1 fh=0d280081a7b58c5c vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\XXXXXX XXXXXX\.frostwire5\updates\frostwire-5.6.2.windows.exe"
sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXXX XXXXXX\Desktop\aufräumen, was geht\Ordner\Neuer Ordner (3)\Neuer Ordner1\alte Dateien\Tresor alter Computer\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-203.dll"
sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXXX XXXXXX\Desktop\aufräumen, was geht\Ordner\Neuer Ordner (3)\Neuer Ordner1\alte Dateien\Tresor alter Computer\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll"
sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXXX XXXXXX\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_neueDateien\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-203.dll"
sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXXX XXXXXX\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_neueDateien\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll"
sh=1D570FE34A0188FF61A50203610256F623E2E617 ft=0 fh=0000000000000000 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\XXXXXX XXXXXX\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_Sicherung_2\Notfall-CD-2.2.iso"
sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXXX XXXXXX\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_Sicherung_2\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-203.dll"
sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXXX XXXXXX\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_Sicherung_2\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll"
sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXXX\Downloads\cbsidlm-tr1_13-Free_Audio_Cutter-ORG-75444480.exe"
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=58449cc18ee8504882955fd4081431d5
# engine=18558
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-04 08:43:11
# local_time=2014-06-04 10:43:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 9985 146413765 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 326 153544441 0 0
# scanned=554
# found=1
# cleaned=0
# scan_time=47
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\DANIEL~1\AppData\Local\Temp\OCS\ocs_v71a.exe.vir"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=58449cc18ee8504882955fd4081431d5
# engine=18558
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-05 12:00:07
# local_time=2014-06-05 02:00:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 21801 146425581 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 12142 153556257 0 0
# scanned=265235
# found=21
# cleaned=0
# scan_time=11759
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\DANIEL~1\AppData\Local\Temp\OCS\ocs_v71a.exe.vir"
sh=2CC64DA195A4B077AB3C8B553B7980C10FD480A2 ft=1 fh=9721e1d2f88978fc vn="Variante von MSIL/HackTool.IdleKMS.B potenziell unsichere Anwendung" ac=I fn="C:\Program Files\KMSpico\AutoPico.exe"
sh=3BB379BD40AAAD1290F98179D7A508E34E0BD07A ft=1 fh=62a6fb9317d87525 vn="Variante von MSIL/HackTool.IdleKMS.B potenziell unsichere Anwendung" ac=I fn="C:\Program Files\KMSpico\KMSELDI.exe"
sh=61C8A75F4512EE4E2662F1E8720A704296E53BAE ft=1 fh=42286d9c0fe3c35b vn="Variante von MSIL/HackTool.IdleKMS.B potenziell unsichere Anwendung" ac=I fn="C:\Program Files\KMSpico\Service_KMS.exe"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=81C2C3354F11ECE49D7667538CEFE9F2B2395319 ft=1 fh=cca4b3788ffc60aa vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnIC.dll"
sh=99DD33D629341F95D9853B1E63FCE454EC654560 ft=1 fh=08803d4e54260720 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnToolbarInstaller.exe"
sh=AAC20AA5A24E6D5258A9EEACF399A09EC63DC9B4 ft=1 fh=761f52bbd8f193b0 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\FrostWire 5\frostwire-installer.exe"
sh=319FE9AEB7F8B207BCC2A32FC5EC550229787614 ft=1 fh=dd0ae81fb3bff5ae vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\MediaHuman\YouTube to MP3 Converter\OCSetupHlp.dll"
sh=F90B3223684DEAAE59E0D371CCA318834695FEBE ft=1 fh=e2bb850c8e277c01 vn="Variante von Win32/RemoteAdmin.RemoteExec.AA potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\SIW\siw.exe"
sh=B896DEDCC410A84E9D794EB28ADB30E4CE0FC1C7 ft=1 fh=0d280081a7b58c5c vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\XXXXXX XXXXXX\.frostwire5\updates\frostwire-5.6.2.windows.exe"
sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXXX XXXXXX\Desktop\aufräumen, was geht\Ordner\Neuer Ordner (3)\Neuer Ordner1\alte Dateien\Tresor alter Computer\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-203.dll"
sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXXX XXXXXX\Desktop\aufräumen, was geht\Ordner\Neuer Ordner (3)\Neuer Ordner1\alte Dateien\Tresor alter Computer\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll"
sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXXX XXXXXX\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_neueDateien\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-203.dll"
sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXXX XXXXXX\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_neueDateien\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll"
sh=1D570FE34A0188FF61A50203610256F623E2E617 ft=0 fh=0000000000000000 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\XXXXXX XXXXXX\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_Sicherung_2\Notfall-CD-2.2.iso"
sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXXX XXXXXX\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_Sicherung_2\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-203.dll"
sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXXX XXXXXX\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_Sicherung_2\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll"
sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXXX\Downloads\cbsidlm-tr1_13-Free_Audio_Cutter-ORG-75444480.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=58449cc18ee8504882955fd4081431d5
# engine=19515
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-05 10:47:31
# local_time=2014-08-06 12:47:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 31345 151778025 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 50702 158908701 0 0
# scanned=262212
# found=29
# cleaned=0
# scan_time=11883
sh=C84182A0079B88D923BF936CC788C5B4B46AF482 ft=1 fh=ce39f3e3774c393e vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1242904208-471078349-2963378918-1000\$R7TUY4P.exe"
sh=F4BD5BA3AB807D9A9A51C89983A2EB69953F213F ft=1 fh=8eb3ddfa8b1727ca vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1242904208-471078349-2963378918-1000\$RHBY00X.exe"
sh=5370F1DF889F220A7EE55C6BC9031DF0AC3EAF99 ft=1 fh=dac1a9482b9a423d vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1242904208-471078349-2963378918-1000\$RVIM1QM.exe"
sh=E2C028A886AA7352539DEE32CBB38770C529A76E ft=1 fh=d2aeb2930bcba9f7 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1242904208-471078349-2963378918-1000\$RXRI5PV.exe"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll"
sh=FFA8B6510D624A55F3EB7FFD6D5221A44944681C ft=1 fh=3386eb0d6ed0e5e1 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnstub.exe"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=81C2C3354F11ECE49D7667538CEFE9F2B2395319 ft=1 fh=cca4b3788ffc60aa vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnIC.dll"
sh=FDC2005CED8ACF86C68FE1B86B0698D0539E8CE0 ft=1 fh=1aa6a68885750335 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnStub.exe"
sh=99DD33D629341F95D9853B1E63FCE454EC654560 ft=1 fh=08803d4e54260720 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnToolbarInstaller.exe"
sh=AAC20AA5A24E6D5258A9EEACF399A09EC63DC9B4 ft=1 fh=761f52bbd8f193b0 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\FrostWire 5\frostwire-installer.exe"
sh=319FE9AEB7F8B207BCC2A32FC5EC550229787614 ft=1 fh=dd0ae81fb3bff5ae vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\MediaHuman\YouTube to MP3 Converter\OCSetupHlp.dll"
sh=F90B3223684DEAAE59E0D371CCA318834695FEBE ft=1 fh=e2bb850c8e277c01 vn="Variante von Win32/RemoteAdmin.RemoteExec.AA potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\SIW\siw.exe"
sh=B896DEDCC410A84E9D794EB28ADB30E4CE0FC1C7 ft=1 fh=0d280081a7b58c5c vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\XXXXXX XXXXXX\.frostwire5\updates\frostwire-5.6.2.windows.exe"
sh=0413DFB5B9A5E38972CEC7EACCBB63C69B4BDE5A ft=1 fh=6cfe987acef383a7 vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXXX XXXXXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3KBE0ZJ3\free+driver+scout_1.0[1].exe"
sh=E4A6189BA841AA4945E6CBD8A4CADD150D05BC6C ft=1 fh=866f3549b1322cfa vn="Variante von Win32/AdWare.Agent.NFF Anwendung" ac=I fn="C:\Users\XXXXXX XXXXXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3KBE0ZJ3\IScreenySetup[1].exe"
sh=BE16E90B414BB068DE614C57CEE7375900EE5312 ft=1 fh=9ae5afe136a6fdbd vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXXX XXXXXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JCJ9VJ2X\SPSetup[1].exe"
sh=1ADB4E8893319DCA1777A54BE4F540E41BF54593 ft=1 fh=0b0ee2a76fb65c8f vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXXX XXXXXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JVLUSIW2\spstub[1].exe"
sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXXX XXXXXX\Desktop\aufräumen, was geht\Ordner\Neuer Ordner (3)\Neuer Ordner1\alte Dateien\Tresor alter Computer\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-203.dll"
sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXXX XXXXXX\Desktop\aufräumen, was geht\Ordner\Neuer Ordner (3)\Neuer Ordner1\alte Dateien\Tresor alter Computer\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll"
sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXXX XXXXXX\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_neueDateien\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-203.dll"
sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXXX XXXXXX\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_neueDateien\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll"
sh=1D570FE34A0188FF61A50203610256F623E2E617 ft=0 fh=0000000000000000 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\XXXXXX XXXXXX\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_Sicherung_2\Notfall-CD-2.2.iso"
sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXXX XXXXXX\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_Sicherung_2\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-203.dll"
sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXXX XXXXXX\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_Sicherung_2\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll"
sh=B9A970B675C78E75FBBFADF6D6DA33AAB30E0CD2 ft=0 fh=0000000000000000 vn="Variante von MSIL/HackTool.IdleKMS.D potenziell unsichere Anwendung" ac=I fn="C:\Users\XXXXXX XXXXXX\Downloads\KMSpico_8.7_Final.zip"
sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\XXXXXX\Downloads\cbsidlm-tr1_13-Free_Audio_Cutter-ORG-75444480.exe"
sh=CC167E2123ED77BA8172639D633EE177C3C466D1 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Windows\Installer\176cfda.msi"
         

Einige davon scheinen schon irgendwie in einer Quarantäne vorzuliegen. Andere kann ich mir nicht erklären. Vor allem, weil ich ja mit Trojaner-Board nicht seit heute zusammen arbeite. Warum gibt es da immer noch was?
Und, warum darf ich das ganze hier nicht entfernen?

Antwort

Themen zu Free Driver Scout - Zusatzprogramme
msil/hacktool.idlekms.b, msil/hacktool.idlekms.d, msil/injector.zw, pup.optional.certifiedtb.a, pup.optional.conduit.a, pup.optional.datamangr.a, pup.optional.iminent.a, pup.optional.installbrain.a, pup.optional.searchprotect.a, pup.optional.zapp.a, security guard, win32/adware.agent.nff, win32/bundled.toolbar.ask, win32/bundled.toolbar.ask.d, win32/bundled.toolbar.ask.g, win32/clientconnect.a, win32/downloadadmin.g, win32/downloadguide.a, win32/downloadsponsor.a, win32/installmonetizer.aq, win32/remoteadmin.remoteexec.aa, win32/toolbar.conduit.b



Ähnliche Themen: Free Driver Scout - Zusatzprogramme


  1. Ads By Temperature Scout entfernen
    Anleitungen, FAQs & Links - 15.09.2015 (2)
  2. Win7 bootet nicht/ driver aswrvrt.sys / driver CLASSPNP.SYS
    Log-Analyse und Auswertung - 08.01.2015 (31)
  3. Spy Scout entfernen
    Anleitungen, FAQs & Links - 28.06.2014 (2)
  4. Adware Securita Scout.exe!
    Plagegeister aller Art und deren Bekämpfung - 18.04.2014 (2)
  5. Graphics Driver
    Log-Analyse und Auswertung - 22.09.2013 (19)
  6. Warnung vor Free Driver Scout, dieser installiert Malware! plushd.exe
    Log-Analyse und Auswertung - 13.07.2013 (1)
  7. TR/Crypt.XPACK.Gen2 in 'C:\Program Files (x86)\DVDVideoSoft\Free Studio\Free Disc Burner\FreeDiscBurner.exe' gefunden
    Log-Analyse und Auswertung - 25.02.2013 (11)
  8. Driver Turbo
    Alles rund um Windows - 17.01.2013 (1)
  9. Driver Turbo #2
    Mülltonne - 17.01.2013 (0)
  10. AVG Free Antivirus vs. Avira AntiVir Personal - FREE Antivirus
    Antiviren-, Firewall- und andere Schutzprogramme - 17.05.2012 (23)
  11. Bugcode Usb Driver Win XP Sp 3
    Netzwerk und Hardware - 05.08.2009 (1)
  12. Driver Device
    Plagegeister aller Art und deren Bekämpfung - 30.11.2008 (4)
  13. X icon auf C driver
    Mülltonne - 03.02.2008 (1)
  14. Bad DirectSound Driver...
    Alles rund um Windows - 30.04.2006 (2)
  15. Getarnt als HP driver???
    Plagegeister aller Art und deren Bekämpfung - 02.06.2005 (1)

Zum Thema Free Driver Scout - Zusatzprogramme - Guten Abend, ich hab einen völlig dummen Fehler gemacht. Ich habe Free Driver Scout installiert, und die ganzen Zusatzprogramme ebenso. Nun habe ich trovi search und startweb als Suchfenster. Desweiteren - Free Driver Scout - Zusatzprogramme...
Archiv
Du betrachtest: Free Driver Scout - Zusatzprogramme auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.