Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: qogunit.exe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.10.2014, 08:31   #1
samsum54
 
qogunit.exe - Standard

qogunit.exe



Hallo zusammen,
ich glaube ich habe mir gestern ein Virus eingefangen, indem ich aus Versehen eine Emial mit einer wave-Datei geöffnet habe. Leider habe ich die Datei inzwischen komplett gelöscht, sodass ich darüber nichts mehr posten kann. Ich öffnete die wave-Datei, aber nichts geschah, d.h. keine Musik oder Video wurden abgespielt!

Seit ich diese Datei geöffnet habe, kann ich im Taskmanager sehen, wie laufend neue Dateien mit dem Namen qogunit.exe geöffnet werden. In der Beschreibung steht "Masrukafa Visatl Studie 2010". Die Programme benutzen teilweise über 200.000 kB Arbeitsspeicher. Wenn ich den Prozess beende odersie lösche bzw. die Prozessstruktur beende, komme die Dateien nach kurzer Zeit wieder. Der Prozesspfad führt auf einen versteckten Ordner, den ich auch schon gelöscht und gschreddert habe. Er hat sich aber sofort wieder eingerichtet. Dateipfad: .../AppData/Roaming/Huytiku.
Gestern habe ich mit einem externen Experten von Ariva meinen Rechner gewartet. Dananch wurde kein Virus mehr von der Ariva-Software festgestellt. Der Experte meint, das Programm sei ein Windows-Programm und ich müsste mir darüber keine Sorgen machen. Mache ich mir aber trotzdem, da die Arbeitsleistung meines Laptops strak eingeschränkt ist (u.e. Internet-Zugriff: Langsam). Einmal ist mir der Rechner auch schon abgestürzt (Blue Screen!).
Was kann ich tun? Wer kann mir helfer, das Programm endgültig von meinem Rechner zu bekommen? Derzeit beendet ich von Zeit zu Zeit immer wieder diese Programme im Taskmanager. Das kann aber keine Lösung sein!
Vielen Dank im Voraus!
samsum54

Alt 09.10.2014, 08:41   #2
schrauber
/// the machine
/// TB-Ausbilder
 

qogunit.exe - Standard

qogunit.exe



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 09.10.2014, 12:07   #3
samsum54
 
qogunit.exe - Standard

qogunit.exe



Zitat:
Zitat von schrauber Beitrag anzeigen
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)
Vielen Dank für die schnelle Antwort. Defogger hat offensichtlich nichts gefunden. Farbar scannt gerade. Poste das Ergebnis dann.
Noch einmal vielen Dank!
samsum54

Hallo Schrauber,
hier sind die txt-Dateien von dem Scan.
Code:
ATTFilter
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8926 seconds with 2820 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz
Percentage of memory in use: 53%
Total physical RAM: 3036.61 MB
Available physical RAM: 1402.09 MB
Total Pagefile: 6069.46 MB
Available Pagefile: 3862.9 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:99.78 GB) (Free:12.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:185.31 GB) (Free:113.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 7407B56E)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=99.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=185.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-10-2014 01
Ran by FAROD at 2014-10-09 09:44:26
Running from C:\Users\FAROD\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.4518.1014 - Microsoft Corporation)
6000 Series Tools (HKLM\...\{6100BF65-2F58-4D50-8B43-197875D4435D}) (Version: 5.3 - Ihr Firmenname)
AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (Version: 7.1.0 - Adobe Systems) Hidden
Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch (HKLM\...\Adobe Acrobat 7.0 Professional - EFG) (Version: 7.1.0 - Adobe Systems)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.1.0805 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{763031D0-1BD7-2605-151B-B6B2C6A941CF}) (Version: 3.0.804.0 - ATI Technologies, Inc.)
ATI Catalyst Registration (Version: 3.00.0000 - ATI Technologies Inc.) Hidden
ATI Stream SDK v2 Developer (HKLM\...\{86B247F9-1D5E-CCC6-3280-71486D9A4E70}) (Version: 2.3.0.0 - ATI Technologies Inc.)
Avira (HKLM\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Avira System Speedup (HKLM\...\AviraSpeedup) (Version: 1.3.1.9970 - Avira System Speedup)
AVM FRITZ!Box Dokumentation (HKLM\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.10 (HKLM\...\DPP) (Version: 3.10.0.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM\...\EOS Sample Music) (Version: 1.0.0.204 - Canon Inc.)
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 2.10.0.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
Catalyst Control Center InstallProxy (Version: 2010.1125.2142.38865 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2010.1125.2142.38865 - ATI) Hidden
CCC Help English (Version: 2010.1125.2141.38865 - ATI) Hidden
ccc-core-static (Version: 2010.1125.2142.38865 - Ihr Firmenname) Hidden
ccc-utility (Version: 2010.1125.2142.38865 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Citrix Online Launcher (HKLM\...\{E1B40232-F73B-4BF9-A819-E352CCC1EDEF}) (Version: 1.0.122 - Citrix)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
e-Saver version 3.1 (HKLM\...\{C97CA73D-E96B-4B42-830E-D0F7BD780FB8}_is1) (Version: 3.1 - AOC)
Eumex 704PC LAN (HKLM\...\{FB1B3775-A733-4EE1-8FBE-0C59998CBB54}) (Version: 1.0.26.316 - Telekom)
File Type Assistant (HKLM\...\Trusted Software Assistant_is1) (Version: 2014.5.6.0 - ) <==== ATTENTION
Firefox Free Download Packages (HKCU\...\Firefox Free Download Packages) (Version:  - ) <==== ATTENTION
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GoToAssist Corporate (HKLM\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)
GoToMeeting 5.9.0.1207 (HKCU\...\GoToMeeting) (Version: 5.9.0.1207 - CitrixOnline)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
MAGIX Foto Manager 2006 (D) (HKLM\...\MAGIX Foto Manager 2006 D) (Version: 3.0.1.84 - MAGIX AG)
MAGIX Foto Manager 9 (HKLM\...\MAGIX Foto Manager 9 D) (Version: 7.0.0.97 - MAGIX AG)
MAGIX Music Manager (D) (HKLM\...\MAGIX Music Manager D) (Version: 1.1.1.692 - MAGIX AG)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 10.70.3.3 - Marvell)
MATLAB R2010a (HKLM\...\MatlabR2010a) (Version: 7.10 - The MathWorks, Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.0 (HKLM\...\{00F93853-D9D3-4795-A89E-84CCBA0205C9}) (Version: 8.0.225.0 - Microsoft)
Microsoft Interop Forms Redistributable Package 2.0a (HKLM\...\{76D1AA2B-A434-4D63-BE2C-80286F23C223}) (Version: 2.0.0 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XML Parser (Version: 8.0.7820.0 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 de) (HKLM\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Namuga 1.3M Webcam (HKLM\...\{71A51B59-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation)
Netzmanager (Version: 1.071 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden
NVIDIA PhysX (HKLM\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
PManager (HKLM\...\PManager) (Version:  - )
QuickTime Free Download Packages (HKCU\...\QuickTime Free Download Packages) (Version:  - ) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6201 - Realtek Semiconductor Corp.)
Remote Utilities - Host (HKLM\...\{0D3BB12F-9903-4D4A-A062-97947D2AB44E}) (Version: 5.255.6006 - Usoris Systems LLC)
Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.)
Risen (HKLM\...\{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}) (Version: 1.00.0000 - Deep Silver)
Samsung Network PC Fax (HKLM\...\{80078570-6C67-486C-8CF0-B0D778FC69B5}) (Version: 1.4.29.0 - Samsung Electronics Co., Ltd.)
Scan Assistant (HKLM\...\{BF6CF460-40C3-49BA-800A-4B934B6498B1}) (Version: 1.01.013 - Samsung Electronics Co., Ltd.)
SEPA Account Converter (HKLM\...\{1C3147A7-4810-45FC-AD89-064D8023A514}) (Version: 1.23.1 - Star Finanz GmbH)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Sid Meier's Civilization 4 - Beyond the Sword (HKLM\...\{32E4F0D2-C135-475E-A841-1D59A0D22989}) (Version: 3.19 - Firaxis Games)
Sid Meier's Civilization 4 Complete (HKLM\...\{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}) (Version: 1.74 - Firaxis Games)
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
SmarThru 4 (HKLM\...\{90F1943D-EA4A-4460-B59F-30023F3BA69A}) (Version:  - Samsung Electronics Co., Ltd.)
Sony Ericsson Update Engine (HKLM\...\Update Engine) (Version: 2.13.4.20 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.155 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.155 - Sony)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steuer-Spar-Erklärung 2012 (HKLM\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.13 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.12.92 - Akademische Arbeitsgemeinschaft)
Storage Device Manager (HKLM\...\{D34899DD-971D-4C7F-9ACD-A282C0ADBFD2}) (Version: 1.0.1.9 - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated)
Toolbar 3.0 der Telekom (HKLM\...\Toolbar3_is1) (Version: 3.0.3 - Deutsche Telekom AG)
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.342 - TuneUp Software) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wartung Samsung CLX-3180 Series (HKLM\...\Samsung CLX-3180 Series) (Version:  - Samsung Electronics Co., Ltd.)
Windows 7 Upgrade Advisor (HKLM\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WMV9/VC-1 Video Playback (Version: 1.0.51125.2159 - ATI Technologies Inc.) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\FAROD\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{00b0ee2c-59c1-43be-ba76-d9a2a0f13d67}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{012bd195-3e39-43b8-aa5f-3eec93e970e7}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{02975081-fce6-477a-a71f-f80f792b5ca3}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{0470cf12-af8c-4e9f-8d90-b5df5bffae4a}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{05622b83-d5c9-4b3a-80e3-cbe74d577b5e}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{05b02656-ba14-413d-86aa-c0fcfc5b9c06}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{05bf3e13-e003-44b7-9e17-c57377279610}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{05dcd034-3e9b-47dd-b6fa-f0eb4918cc6f}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{0a994305-2b1a-4057-a0e0-59261f15aadc}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{0b0567e3-73f9-4cce-982d-74628a5a9ebd}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{0bbb58db-7f28-46dd-a606-3c69f90cfa89}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{0C57F534-B38F-47B9-88E9-9052D8133598}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{0E0065CE-F66B-4A7E-9AA2-630CAE4280C0}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{0fb4692d-a642-4a8d-8645-3ebfadc64f12}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{1021e753-9c90-4106-bf5a-9b23ffc592a0}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{10f1dca6-7512-47d1-9d13-f0d4a56d26ff}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{12F20937-8629-4fb4-AF78-B98F62887354}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{1449ec32-4280-4a42-a5aa-d6df162dcb6c}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{14a26521-c26a-43a6-858c-fadf0435e762}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\NPTS5We.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{14f3e336-e64b-4be4-a2ab-70c00d0fd417}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{153e2ff3-0e7e-429c-9f80-7bbdef0c38df}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{15942cb0-f6c0-4590-95e3-61ef3c0c5c02}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{16f855f3-2b7f-4030-8f83-6e935ef4e02d}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{1872b0cb-bb08-4ce4-a11e-5f405392b47b}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{18e64eb8-f0b0-4529-81cd-3e105f78e6bb}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{18e92e10-a6f9-440d-90ec-17db4018bbd7}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{1909cade-a60d-4d3f-b7da-a7608f448a24}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{19ecab69-193f-48be-962e-4b5c1c03a0a0}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{1c59c0f0-6159-4338-ba1f-233b5bae9439}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{1d2953c1-2e83-4876-9c24-13445c330257}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafltso.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{1f7d218c-e4dc-48d2-9856-4dfe1beaa3ea}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{2054f758-3079-471e-b9f8-d86e9cdabcc6}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{236bafdd-28d9-49ee-b9d2-45e75d849b49}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{237bc814-510f-4859-98c4-b5dbc94deb8d}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{2426a78d-2148-475b-adff-f310da056d1d}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{253afca5-1903-4d1e-a333-c6ea40fb2646}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{281FB083-FBCF-441E-A10D-6988C0510D7A}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{2a3d9961-6e65-48f8-8bd4-8c5825582f93}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{2a996f89-f686-4f5f-ae4b-200c3ae40eff}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{2b2aba1b-43c0-47b3-9fb7-53d9316ce24e}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{2b936313-63ed-41a0-aa23-d594f82148ce}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{2cd8be61-134a-43f7-a4be-f0cbfc647d3a}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{2ceef935-f011-459d-ad59-e06d33c29fd6}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{2ee1b1ff-f119-4334-bf61-0ef45a2e5627}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{30536F12-5AB4-401B-A29E-7A540791DBB3}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{31F52CB0-76DB-49e1-AB10-263BC84BEF30}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\NPTS5We.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{3281e363-296c-4fca-b01a-0e1ff7b257d9}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{33461d16-4789-4ce7-a412-21f399ade20e}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{34C14FD4-341D-4C4E-84C8-5A8220D89E8B}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{36398f96-b1a8-4b0f-8cec-78cbf15ae18f}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{390C2C1F-D1AE-4690-B6AD-DAE31D707A10}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{39243e3f-b9b6-47d9-ba72-628ca8355d13}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{3a6c42c1-139d-42b2-9c2e-9a6d8944b7a8}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{3C1282D5-607D-428A-BD9C-A966881763D1}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{3c8cc751-5cd7-4f75-87ef-c11845882093}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{3dec6fd2-77f2-4fc0-935f-74ed3bde9768}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{42218562-e3f8-4918-a63b-0757e5ead097}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{42dc7249-0cf2-412a-b036-b1f2dddfa026}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{42F69FFF-1928-4505-BF18-F8B7BA1DA4EE}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{43c51ba0-b5e2-4595-81e7-859e18250092}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{443070d0-0754-49da-8d47-d8bf39689abc}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{4AA11109-6BCB-4EFE-8813-3D3FD64A9D6F}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{4bfe0e36-20f5-4c95-b3ea-7109107921ab}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{4e1a4ad3-4b2d-4fdb-b103-cf45d52f55f7}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{506B7C49-70BB-40C8-B86F-6D2E2C534D13}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{53113c0e-6120-4069-9780-2c1bf90403a6}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{535caa5b-90de-41c8-825a-54bb4d6aa699}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{553b619e-74de-4b0f-9bf1-849635b7b8fa}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{558A2603-7D7B-466C-8695-8326F88076B0}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{567bff96-ff29-4259-b0e5-e44c9146af70}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{5782d2c9-1bc1-41f7-8dd1-0716dfb4ae9e}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{57B7C71B-4DD9-49A2-A63C-06792875C4DD}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{581ce547-68ae-45c8-96a8-c0ed9180bd2b}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{59E0BA74-EC6F-4E27-B184-1FB63E1B6B08}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{59EC2554-75DD-4FCF-B137-FA7A2ACD8630}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{5a7a02c3-f206-4fee-839e-c2e24a3bb246}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{5c2cf47a-0041-4b36-b36a-33590ee74438}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{5c4e953f-8449-40ed-a27a-f7dad261d778}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{5d0b943d-84dd-480d-9ad1-e61655fdf508}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{643f30e5-d854-4aa4-8e38-202bea1d74aa}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{6651ed86-c709-4f71-9a62-279f51ceef82}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{66ae6ee0-5ce3-4306-9454-693691e2853c}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{66ce58b3-90e7-4f1e-85f7-421857c7f0ab}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{6743ab95-0470-4d05-bc89-9f8bd8ebb3b1}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{676127e2-b374-447b-a038-e8754f8ea152}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{690d6816-0320-4477-a267-93c8471ec45d}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{693c1a21-4f43-4877-a97d-f4de32268500}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{69DDE904-81FE-4CDB-89C4-23819412753E}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{6A0724FC-C92D-4F77-9D34-82BB69098D92}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{6a982573-9f1b-4a8e-aa93-9d7942255552}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{6b07ec8b-bf99-44ee-bf48-d385a43d852d}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{6be3842c-75c4-420f-ad97-bc21f0e7d1cd}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{6d39efb7-d2e9-4dde-bcfe-3fd05aac8f76}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{6ef9c186-6a3f-41bb-8f72-c9a77c26d2f8}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{716fe29c-eb0f-4379-837d-2c7b84dc8d81}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{71b1f93a-80be-45be-b86a-fcfa4006def1}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{7561EFE8-AB22-47F8-B094-EF9D66CD746C}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{766c5c32-30fc-41cc-b33b-f8b4e80828a4}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafltso.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{77f1de51-8e39-497b-875a-003d06611373}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{7ae727fc-f522-4727-aff7-d89279a03fec}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{7b3d1cde-566c-4506-a3b4-d3142c6f4ea5}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafltso.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{7c0bc72e-8696-4ac8-b4c8-2d5855dbe6d4}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{7d1ce77d-85d4-44f9-82ec-3b362e78b1a2}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{83727aa9-47a2-420e-8d80-b4b46c86defa}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{841129DF-1161-4622-B275-36FC8F0ED0B6}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1082\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{857cd71e-f510-4ae1-80c5-ff82848c59a5}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{859E0E86-1A29-49E5-A840-D16D01E718DE}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{8606057d-e586-4622-a818-fad6ff3c7751}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{86bebae0-2886-4a11-9821-7c0074b812fa}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{86e38458-63a8-47c5-b64d-9b0b1b0ed20d}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{86f33a5d-178c-4085-b6e9-2f535619821c}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{880111A3-4539-48AA-AFE7-AD7EB2290989}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{8aa17c4e-0b4f-425b-8623-6beb2c5365b3}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{8b04e59a-989e-4870-ad41-5305dab1b820}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{8c0d3fc1-ea27-411e-85c2-bd659673e5b9}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{8C4E53B3-7080-4FD5-9578-E377CB03C02E}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{8DCF78D5-37B4-49B9-B523-313792F62940}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{90570b26-a31e-4df3-855b-fc9e06ee08f3}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{90e1a762-dc43-4c40-b673-dbc94150150d}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{922c49dd-67e7-41ff-a88e-c80bc770889f}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{9522bd09-aae7-417b-a696-3be1d17243ad}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{9680ad55-9305-437a-a6da-559bcc54f7ed}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{9a4774f4-e1a6-4acc-82d1-ea33e75f0557}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{9a741cdc-85f3-40c9-a3f8-bcb6ab078c95}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{9a8b11c4-1b47-41e8-9d52-7d5f6f3b550a}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{9AA2AC43-59E0-4BFF-A56B-1B2E52E7C459}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{9b9578b1-3a41-482d-ac4f-9e0396d356a3}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{9efd67db-12e0-4715-abf0-4db16ed6deba}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{a04c89c7-ac16-4612-95ff-62634dc1c4a6}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{a2ce977c-b1cb-40cc-9df6-5c17ebd61ffb}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{A2CF613D-47E5-4AA4-88A1-5E92FE7C73E8}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{A4BC9939-988D-45F4-8895-8EE632F95162}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{a8dc19c9-b4e9-48e1-8234-673a3fde9e64}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{a909db7b-63a6-457a-84e0-9d0080c2bdc9}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{abe2740f-fda8-4013-a22d-cff81ddd43bd}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{ace92cbc-012a-4a11-8554-c421783284c1}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{aeb3748a-be24-4513-b602-b09b0cced891}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{af1e5d46-a457-4eb0-9985-21655c5429a7}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{B2B2638A-970C-44e9-AD04-6FEA1464DBB0}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{b3815392-7195-4563-b665-0f3f0f1f2024}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{b556e84f-5ccb-4bf8-8b6a-6dc852c80fb1}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{b71c65d9-4770-49b1-9596-ad648480d54a}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\NPTS5We.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{b8b084fe-6f23-4d86-b5df-5d824d3053eb}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{B93685FD-8BB3-478A-B556-A76B29A23388}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{BA79A720-29BF-4131-AB35-957170FCC787}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{BAC1DD60-5218-4864-87B6-23C034052D72}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{bc590c84-c184-4470-a7f9-e5608933817a}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{BC7CDB29-F836-46E0-AAE1-0C5ED1CEDE00}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{BF3B5551-4F12-45C3-99E8-17B6D1BC855D}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{bfd72d08-f4c5-4d41-94ce-68bcda840a5b}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{c4fd8a3c-4f38-4c22-b89f-8dc8a0a1c9cd}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{c5be0582-f0bb-4dc1-a196-ed2a49306247}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{c702bd8a-674b-448b-b942-cb5c1851eab5}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{c7d967e7-b7bb-4222-bf8e-2db96653378d}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{c8418ed3-2a3e-4a37-9492-708b8779b70d}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{c8544b1f-2e66-470d-a8cc-05db6ae97b87}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{cd03d49c-91fc-44d7-90eb-b24490b1e0fd}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{CD362280-6362-40A8-95BB-22BD276C225C}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{ce0bcadf-033d-4f34-a8c3-35016b3c28ca}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{cefb769f-f45e-45ab-b8ad-4baf516fddc6}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{cf02bf0e-2f14-4679-bf07-c1616b25fde5}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{CF90C009-D182-477A-BAFE-F7369C3B1214}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{d0b567b6-6583-4333-afce-71473e9c6f34}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{d0d54c31-1ea8-4a6b-95e9-479ed4cb7049}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{D137584D-912A-4661-AD6D-136263FAA7CC}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{d1c7546c-ce93-4a51-ac0f-1be109831484}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{d1df2f2d-92d3-46da-b186-d949d606dc33}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{d2d8aabe-60fc-4980-8fcf-6ba265e6c037}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{d4093cf2-8274-4dd5-b13c-722073f07c9c}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{d46f6937-1143-47a3-bd00-fb426f491976}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{d5612537-c106-4df7-b96f-cd17dae22dc5}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{d5961eea-b3c8-4f7e-95c0-3ee0d12f2de8}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{d608f606-8e79-40b3-906c-81f254281182}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{D825ABA2-2A79-4E23-A3C8-6ABF231CF8A3}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{d83bcf3d-5cbe-4b4a-85f6-ab111845d75a}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{da3108d3-9ae8-4b74-946d-86f550fdadd1}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{dca7fa4b-dbe4-405e-9950-f14ec9f55861}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{dcf77455-a2c0-4d96-b3e0-3f223df6d4c2}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{E03BFE68-27E3-4390-ACC0-0F92741519C2}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{e0662552-43c0-4fa0-9abc-1d448a169886}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{E0D42F45-B87D-470b-A8B8-7114DE90F376}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{e0e57326-6830-4876-9a3a-3d30e7ac93aa}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{e2a97f6a-87c4-4ef7-865d-b89805423f54}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{e2d6102f-73da-4586-b90e-7aca891f73a0}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{e5b2623a-1f6e-4e40-a0d0-4b0a76d5f22f}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{e85570b4-b6ae-48ba-a03e-14b2223b58fe}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{ec006915-33ce-46a4-8f82-0ed969821d15}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{ec740246-b885-4bf7-997c-d5913c62a389}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{ecf93d87-71d0-4888-abd8-76750f7a316b}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{ed004054-bba9-4bf8-a040-bb7af962fef1}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{ed6db247-08fe-43a5-9111-0a364ad50140}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{ee435c57-c501-40b8-9406-de93209bfba4}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{EE706FA5-697B-4702-BBB7-408A56BC50B4}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{ef43392c-a66b-4af2-a8bf-7a2b793e0b4b}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\NPTS5We.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{f5549980-68c3-485d-97ab-17b4b1704130}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{f85b09b1-583c-4498-a4b2-bc9dbff6fdfc}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{F9C0126F-C3A0-45AD-910D-B76893787EEF}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{f9f377a9-a668-49ee-bd9c-1e9588869b3b}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\NPTS5We.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{fadd96ed-33a1-4a41-9fe3-92c51fb02f7f}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{fd639f94-a5fd-44ce-973a-432c84938fca}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{fd947993-d348-4e4c-8a22-eb73c9b35b99}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{fdff2fd5-5a94-473f-b2c7-53d11da057fd}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{fe6aa108-8d2a-40f6-b54a-eac1ec9d1237}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{FE8B9AD2-39B8-420D-B8E1-9403E47D5F74}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{FF12BBD2-1DA6-41C6-B12C-EC6709805865}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npequilla.dll (Tradesignal GmbH)
CustomCLSID: HKU\S-1-5-21-2661125413-2364787433-991423230-1000_Classes\CLSID\{FFDC998A-64E9-451E-A364-FE19C7EB88E3}\InprocServer32 -> C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}\plugins\npafl.dll (Tradesignal GmbH)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01C4DA5C-68ED-452F-8915-500B7CAB7C8A} - System32\Tasks\{8632E0F9-D54C-4582-9071-D3E0C5C821E9} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/de/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-installed;madedefault
Task: {01E6FDB2-29BA-4DF1-81B1-B4C7F2EE18BD} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {040F0E76-F8D8-4D17-BB20-A0A714211C67} - System32\Tasks\{DCE26D8E-9B9A-488C-8AF6-11E60AFEA0C2} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/de/privacy
Task: {120C5AA9-38D3-48C8-9CE8-B1C01F238128} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {12A7A081-E714-4BA8-BCA2-CC4F65BE6B9B} - System32\Tasks\{4A9981AB-C2C0-4DB9-9925-1CA439A58BF9} => C:\Windows.old\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe [2006-05-16] (Adobe Systems Incorporated)
Task: {1365F703-FD2B-4B7D-92FE-D65F60445CDE} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6c7324f656f2 => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-16] (Google Inc.)
Task: {13B438A1-D164-4398-A755-C3A332EE0B90} - System32\Tasks\{AEDA0F36-A187-40D3-BC4F-C92CFBA1E89C} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/de/privacy
Task: {15BDAF89-5B79-4EF3-84F7-118F117ADEFE} - System32\Tasks\{37737147-2A16-46CD-A360-8D65E5543EDD} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/de/privacy
Task: {1BCD143A-3A9F-40E1-A391-2ECEC6D57EFF} - System32\Tasks\{B88AE28D-AE25-4F51-BF91-320C2A6CD37F} => C:\TIMM\TimmMeasure\TIMMME~4.EXE [2008-11-22] ()
Task: {20D9F846-3525-46F1-BE41-3F405B5305FF} - System32\Tasks\{DC479117-6841-42CD-84AB-79A98005AB87} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/de/privacy
Task: {20E57EC8-2A4C-4667-BF5E-D59E9104690A} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files\File Type Assistant\tsasetup.exe [2014-05-06] (                                                            ) <==== ATTENTION
Task: {26EE9779-BB61-4BBA-B4E7-8F7EA4685F9A} - System32\Tasks\{23FEF2A8-FF07-4E40-A810-63911933CB0E} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/de/eula
Task: {2E57DDB1-715B-41B5-BB2B-48A648A13A1B} - System32\Tasks\RunAsStdUser Task => D:\Programme\Matlab Sead\MATLAB R2010a.lnk [2013-11-16] ()
Task: {357BE8E7-9FB6-4605-808C-3739D3C2D9E0} - System32\Tasks\{374E56C1-EA98-4805-9613-7A02605A1AEF} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/de/privacy
Task: {3DBFDF79-5684-4AC6-AE2A-AB6BDEFB45B9} - System32\Tasks\{69948C31-6341-4EDA-B6E7-136DD92966B7} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/de/privacy
Task: {44F07F0A-ED40-4C6D-B74B-A1B3BCBDADCB} - System32\Tasks\{3E2598E2-AD29-44C8-B909-426FFB176F18} => C:\Windows.old\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe [2006-05-16] (Adobe Systems Incorporated)
Task: {51052220-5B1F-4E60-8FE8-8141D0EDE56E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {60E7468E-9427-40AF-BA30-71F78E63EEC7} - System32\Tasks\{E417CEB4-78F9-4B07-B743-EAAF76A37CA8} => C:\Program Files\Mozilla Firefox\plugin-container.exe [2014-09-24] (Mozilla Corporation)
Task: {6797A6A0-8B79-48AE-A94C-305E0AB727E5} - System32\Tasks\{8D467F1D-37D5-453C-B52C-D6AE8EBCD36E} => Firefox.exe hxxp://ui.skype.com/ui/0/6.7.60.102/de/abandoninstall?page=tsMain
Task: {6D911190-E064-4CEA-BD90-178BD530D7F6} - System32\Tasks\Security Center Update - 1126216227 => C:\Users\FAROD\AppData\Roaming\Huytiku\qogunit.exe [2014-10-08] (Masrukafa Corporatien) <==== ATTENTION
Task: {73024369-CC58-495E-96BC-22E84065749B} - System32\Tasks\{20B9F748-7A83-4124-B558-12AA0C450841} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/de/eula
Task: {7593A81A-E254-4F61-9518-8B43EC209DA7} - System32\Tasks\{42F9DC97-7337-4740-8D24-DE6E692AC5BE} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/de/privacy
Task: {7D605483-1372-4C66-A571-CBD9A9124E83} - System32\Tasks\{900DF275-2A9D-4861-9E82-69A18220B927} => C:\Windows.old\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe [2006-05-16] (Adobe Systems Incorporated)
Task: {8392EA65-15DD-4971-B6C7-373DF4D61B1E} - System32\Tasks\{28CFC7CB-6A12-448E-B6B4-F74B55A50042} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/de/privacy
Task: {8F1D4795-7AD5-45AD-84ED-9654AB524B57} - System32\Tasks\{0A9D5856-52C0-4CBF-A242-3B2BB3F2DDC8} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/de/privacy
Task: {93CA90B5-5CE1-4DC2-9C2A-7A6064DD8BC6} - System32\Tasks\{7669C149-9EE1-4CAF-915D-D87B029E5155} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/de/eula
Task: {98D55435-7950-46F7-96A6-645A116F00DD} - System32\Tasks\ProgramUpdateCheck => C:\Program Files\File Type Assistant\TSAssist.exe [2014-05-06] (FTA ApS) <==== ATTENTION
Task: {9B456E32-B7E4-4A21-886D-0460B6705D13} - System32\Tasks\{AE3C2A7F-2544-405E-AA50-DAFB7142A9A5} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/de/privacy
Task: {B0235A1C-467B-4959-B98E-4F9C5EA54464} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {B1219878-2EA7-4E50-9F80-C9F5D42F133F} - System32\Tasks\{FD3225FF-EE1B-4792-979F-671F13CD6F31} => C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE [2006-10-27] (Microsoft Corporation)
Task: {B5061FC8-15AA-411D-9523-AF2EF645BA38} - System32\Tasks\Java(TM) Platform SE Auto Updater => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-07-25] (Oracle Corporation)
Task: {CBF2D49B-1387-4FD5-8259-CD44DF1ED616} - System32\Tasks\{BB999DB3-818D-48C4-B3AA-B49F4889741A} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/de/privacy
Task: {DB6D7798-8864-4D23-8E2B-789B1C6F9B3B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-16] (Google Inc.)
Task: {DCFB8487-BAD0-45B1-99D9-250B90DD716B} - System32\Tasks\{40D65CEE-0CAF-407D-B790-3EBED4E39692} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/de/eula
Task: {E457521B-8799-40EB-A8C0-C3226DB1B4E5} - System32\Tasks\AviraSpeedup => C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe [2014-10-09] (Avira)
Task: {EFC94C78-31D4-462A-A711-66228A8120AB} - System32\Tasks\{44589D35-039A-4477-AA46-1EA0140EF6D4} => C:\Windows.old\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe [2006-05-16] (Adobe Systems Incorporated)
Task: {F07D3FE0-58D4-4560-8224-29AED7B26738} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: {F38E0618-8D92-4964-B1FD-3A6380D48EF0} - System32\Tasks\{15B81D52-1EB6-4239-B8DE-A00E31FF010F} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/de/privacy

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6c7324f656f2.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Security Center Update - 1126216227.job => C:\Users\FAROD\AppData\Roaming\Huytiku\qogunit.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2010-04-26 18:42 - 2006-01-12 22:20 - 01265664 _____ () C:\Program Files\Adobe\Acrobat 7.0\Distillr\adistres.DEU
2014-06-10 11:45 - 2013-05-18 21:51 - 00055040 _____ () C:\Windows\System32\ruppm.dll
2011-06-22 10:43 - 2011-06-22 10:43 - 00024064 _____ () C:\Windows\System32\sst2cl3.dll
2011-01-19 17:24 - 2011-06-22 10:42 - 00540672 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\sst2cdu.dll
2011-01-19 17:24 - 2010-06-07 12:17 - 00618496 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2014-10-09 08:26 - 2014-10-09 08:26 - 00043008 _____ () c:\users\farod\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkxt2ev.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\FAROD\AppData\Roaming\Dropbox\bin\libcef.dll
2014-09-24 21:22 - 2014-09-24 21:22 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-10-09 09:35 - 2014-10-09 09:35 - 00050477 _____ () C:\Users\FAROD\Downloads\Defogger.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)



HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Acrobat Assistant 7.0 => "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: updateMgr => C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_1_0 -reboot 1

========================= Accounts: ==========================

Administrator (S-1-5-21-2661125413-2364787433-991423230-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2661125413-2364787433-991423230-1004 - Limited - Enabled)
FAROD (S-1-5-21-2661125413-2364787433-991423230-1000 - Administrator - Enabled) => C:\Users\FAROD
Gast (S-1-5-21-2661125413-2364787433-991423230-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2661125413-2364787433-991423230-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/09/2014 09:44:30 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (10/09/2014 09:44:30 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (10/09/2014 09:06:41 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Users\FAROD\AppData\Local\Temp\AviraSetup2517731.exe /update; Beschreibung = Avira System Speedup(1.3.1.9970); Fehler = 0x80042302).

Error: (10/09/2014 09:06:41 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "GetProviderMgmtInterface" ist ein unerwarteter Fehler aufgetreten. hr = 0x8004230f, Unerwarteter Fehler beim Schattenkopieanbieter bei dem Versuch, den angegebenen Vorgang zu verarbeiten.
.

Error: (10/09/2014 09:06:41 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Anbieterverwaltungsschnittstelle wird abgerufen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {00000000-0000-0000-0000-000000000000}
   Snapshotkontext: -1
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (10/09/2014 09:06:41 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Anbieterverwaltungsschnittstelle wird abgerufen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {00000000-0000-0000-0000-000000000000}
   Snapshotkontext: -1
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (10/09/2014 09:05:35 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\TEMP\RarSFX0\setup.exe /install; Beschreibung = Avira System Speedup(1.3.1.9930); Fehler = 0x80042302).

Error: (10/09/2014 09:05:35 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "GetProviderMgmtInterface" ist ein unerwarteter Fehler aufgetreten. hr = 0x8004230f, Unerwarteter Fehler beim Schattenkopieanbieter bei dem Versuch, den angegebenen Vorgang zu verarbeiten.
.

Error: (10/09/2014 09:05:35 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Anbieterverwaltungsschnittstelle wird abgerufen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {00000000-0000-0000-0000-000000000000}
   Snapshotkontext: -1
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (10/09/2014 09:05:35 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Anbieterverwaltungsschnittstelle wird abgerufen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {00000000-0000-0000-0000-000000000000}
   Snapshotkontext: -1
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}


System errors:
=============
Error: (10/09/2014 09:29:00 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (10/09/2014 09:12:32 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (10/09/2014 08:27:13 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (10/09/2014 08:27:13 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (10/09/2014 08:27:05 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
FNETURPX

Error: (10/09/2014 08:25:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Volumeschattenkopie" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (10/09/2014 08:25:54 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Volumeschattenkopie erreicht.

Error: (10/09/2014 08:25:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%20

Error: (10/09/2014 08:14:21 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (10/09/2014 08:13:43 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
FNETURPX


Microsoft Office Sessions:
=========================
Error: (10/04/2014 05:40:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 851 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/29/2014 07:01:08 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 36916 seconds with 9000 seconds of active time.  This session ended with a crash.

Error: (02/07/2014 10:46:25 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3588 seconds with 1560 seconds of active time.  This session ended with a crash.

Error: (01/28/2014 10:58:24 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1059 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (12/04/2013 04:50:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6985 seconds with 1860 seconds of active time.  This session ended with a crash.

Error: (05/27/2013 09:49:48 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4697 seconds with 1260 seconds of active time.  This session ended with a crash.

Error: (05/23/2013 09:27:47 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 20259 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (05/21/2013 08:46:37 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 254 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (04/18/2013 11:41:59 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11939 seconds with 1320 seconds of active time.  This session ended with a crash.

Error: (04/16/2013 10:48:25 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8926 seconds with 2820 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz
Percentage of memory in use: 53%
Total physical RAM: 3036.61 MB
Available physical RAM: 1402.09 MB
Total Pagefile: 6069.46 MB
Available Pagefile: 3862.9 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:99.78 GB) (Free:12.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:185.31 GB) (Free:113.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 7407B56E)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=99.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=185.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Hallo Schrauber,
vielen Dank für den Tipp mit Malwarebytes. Es scheint geholfen zu haben. Das Programm hat ca. 10 Subjekte gefunden (ZBots), die von anderen Programmen (McAfee, Ariva) nicht erkannt wurden. Ich werde den Scan jetzt noch einmal durchlaufen lassen, um sicher zu sein. Aber der Taskmanager ist wieder sauber.
Der Experte von Ariva hatte lediglich meinen Rechner mit CCleaner gesäubert und noch einmal das Ariva Antivirus-Programm laufen lassen. Aber das Problem mit qogunit.exe leider ignoriert. Wichtig ist auf jeden Fall, dass der Rechner jetzt wieder sauber zu sein scheint. Sollte dies nicht der Fall sein, würde ich mich gerne noch einmal melden.
__________________

Alt 09.10.2014, 20:03   #4
schrauber
/// the machine
/// TB-Ausbilder
 

qogunit.exe - Standard

qogunit.exe



Was für ein Tipp?

FRST.txt fehlt noch. WIr sind auf keinen Fall fertig.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.10.2014, 07:47   #5
samsum54
 
qogunit.exe - Standard

qogunit.de



Hallo Schrauber,
mit dem Tipp habe ich etwas verwechselt.
Hier ist die fehlende Datei, Offensichtlich habe ich zweimal die gleiche Datei gesendet (das macht der Stress, wenn der Computer Probleme macht):
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-10-2014 01
Ran by FAROD (administrator) on FAROD-PC on 09-10-2014 09:41:51
Running from C:\Users\FAROD\Downloads
Loaded Profile: FAROD (Available profiles: FAROD)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Two Pilots) C:\Windows\VPDAgent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Dropbox, Inc.) C:\Users\FAROD\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Masrukafa Corporatien) C:\Users\FAROD\AppData\Roaming\Huytiku\qogunit.exe
() C:\Users\FAROD\Downloads\Defogger.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Masrukafa Corporatien) C:\Users\FAROD\AppData\Roaming\Huytiku\qogunit.exe
(Masrukafa Corporatien) C:\Users\FAROD\AppData\Roaming\Huytiku\qogunit.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\ssmmgr.exe [618496 2010-06-07] ()
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-09-24] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Run: [Kimufa] => C:\Users\FAROD\AppData\Roaming\Huytiku\qogunit.exe [281300 2014-10-08] (Masrukafa Corporatien)
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Run: [AviraSpeedup] => C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe [5395192 2014-10-09] (Avira)
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\MountPoints2: {75ce76c2-68d3-11e0-a899-00245402c3ca} - F:\Startme.exe
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\MountPoints2: {79a0bff8-14f1-11df-894a-00245402c3ca} - F:\Startme.exe
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\MountPoints2: {9cd638f1-f3d8-11de-a0af-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-18\...\Run: [AviraSpeedup] => C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe [5395192 2014-10-09] (Avira)
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\Users\FAROD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\FAROD\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\FAROD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
SearchScopes: HKCU - DefaultScope {50D204F7-744D-4AB1-80BE-44A747C9AC1A} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE0D20140110&p={SearchTerms}
SearchScopes: HKCU - {3BD301D9-747C-40B4-BC62-285CC3E648E8} URL = hxxp://dict.leo.org/ende?lp=ende&search={searchTerms}
SearchScopes: HKCU - {50D204F7-744D-4AB1-80BE-44A747C9AC1A} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE0D20140110&p={SearchTerms}
SearchScopes: HKCU - {53A2F6DD-7B14-453A-8DBA-991ADB68FBF9} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tweb&q={searchTerms}&dia=tie8
SearchScopes: HKCU - {595E0C25-C644-4F7D-9987-28F67BBD4E56} URL = hxxp://dict.leo.org/frde?lp=frde&search={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
SearchScopes: HKCU - {73421E9D-ED96-498B-B243-7A70460AA933} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=twiki&q={searchTerms}&dia=tie8
SearchScopes: HKCU - {82E66277-302E-4678-B359-07F7BB20C081} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_16_ff&cd=2XzuyEtN2Y1L1QzutDtDtAtDyEtB0F0F0F0DtDtCyCtBtAyDtN0D0Tzu0SzztAzytN1L2XzutBtFtCzztFtBtFyBtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyB0CyBtC0FyCzy0AtGzzyEyB0BtGtCyCtD0EtGtByD0B0BtGyC0AtBtAtCyD0FtD0C0BtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAtByC0AtBzyzztG0Azz0ByCtGzyzz0BzztGtA0C0BtAtGtD0A0FyDzz0Azy0EtAyCyBtB2Q&cr=539097578&ir=
SearchScopes: HKCU - {84A765DC-8137-4ADB-9DB1-7D4224CC92CB} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tportal&q={searchTerms}&dia=tie8
SearchScopes: HKCU - {85500CB3-C2C6-40B6-AE42-EAF32E8A9FE9} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {B41F44C9-8C0D-44C0-9B77-EF1392D37EF0} URL = hxxp://preisvergleich.t-online.de/angebote/{searchTerms}?soid=42534758
SearchScopes: HKCU - {C38CA9EB-8E41-4C47-9A41-29D547233F7E} URL = hxxp://dict.leo.org/esde?lp=esde&search={searchTerms}
SearchScopes: HKCU - {DC50C121-78BE-4071-8A7C-070868147D2A} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tonline-browser_toolbar3_search-21&index=blended&linkCode=ur2
SearchScopes: HKCU - {FD45522D-7F25-4E01-8E60-242DCFE016C9} URL = hxxp://rover.ebay.com/rover/1/707-1403-42072-3/4?satitle={searchTerms}
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} ->  No File
BHO: Toolbar 3.0 der Telekom Browserhilfsobjekt -> {C9603180-FA5C-4DB0-A013-ADC60309AF82} -> C:\Program Files\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Toolbar 3.0 der Telekom - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - C:\Program Files\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Toolbar 3.0 der Telekom - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - C:\Program Files\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default
FF NewTab: https://safesearch.avira.com/#?source=newtab
FF DefaultSearchEngine: Sichere Suche
FF SearchEngineOrder.1: Sichere Suche
FF SelectedSearchEngine: Sichere Suche
FF Homepage: about:home
FF Keyword.URL: https://de.search.yahoo.com/search?fr=mcafee&type=B111DE0D20140110&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\FAROD\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF user.js: detected! => C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\searchplugins\ixquick-custom-search.xml
FF SearchPlugin: C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\searchplugins\ixquick-https---deutsch.xml
FF SearchPlugin: C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\Extensions\abs@avira.com [2014-10-08]
FF Extension: Avira SafeSearch - C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\Extensions\safesearch@avira.com [2014-10-08]
FF Extension: Tradesignal Online Chart - C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\Extensions\{1acd747e-8470-11db-96a9-00e08161165f} [2014-09-02]
FF Extension: Cliqz Beta - C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\Extensions\cliqz@cliqz.com.xpi [2014-10-06]
FF Extension: Adblock Plus - C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-20]
FF Extension: QuickJava - C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2014-06-20]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-24]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\cliqz@cliqz.com

Chrome: 
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S4 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2010-01-20] (Adobe Systems) [File not signed]
R2 Agent; C:\Windows\VPDAgent.exe [203008 2013-05-18] (Two Pilots)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]
S2 RManService; C:\Program Files\Remote Utilities - Host\rutserv.exe [6063360 2014-02-12] (Usoris Systems LLC)
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [165888 2010-03-08] (Samsung Electronics Co., Ltd.) [File not signed]
S4 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [101904 2010-11-30] (ATI Technologies, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-09-03] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 CAPI20; C:\Windows\system32\Drivers\CAPI20.sys [974040 2005-09-09] (DeTeWe Berlin) [File not signed]
S3 CH341SER; C:\Windows\System32\Drivers\CH341SER.SYS [39696 2011-11-04] (www.winchiphead.com)
R2 DETEWECP; C:\Windows\System32\drivers\detewecp.sys [37696 2005-09-09] (DeTeWe Berlin) [File not signed]
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2009-07-13] (Samsung Electronics Co., Ltd.) [File not signed]
R3 dtwmnic5; C:\Windows\System32\DRIVERS\dtwmnic5.sys [198118 2005-09-09] (DeTeWe Berlin) [File not signed]
R2 ei2c; C:\Windows\system32\drivers\ei2c.sys [18224 2013-09-30] (Nicomsoft Ltd.)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [63464 2013-02-13] (FTDI Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-09-03] ()
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-11-04] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-11-04] (McAfee, Inc.)
R2 mi2c; C:\Windows\system32\drivers\mi2c.sys [18224 2013-10-13] (Nicomsoft Ltd.)
R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21520 2010-07-21] (Microsoft Corporation)
R3 rtl819xp; C:\Windows\System32\DRIVERS\rtl819xp.sys [557088 2010-02-01] (Realtek Semiconductor Corporation                           )
S3 s1029bus; C:\Windows\System32\DRIVERS\s1029bus.sys [90280 2009-05-25] (MCCI Corporation)
S3 s1029mdfl; C:\Windows\System32\DRIVERS\s1029mdfl.sys [15016 2009-05-25] (MCCI Corporation)
S3 s1029mdm; C:\Windows\System32\DRIVERS\s1029mdm.sys [122280 2009-05-25] (MCCI Corporation)
S3 s1029mgmt; C:\Windows\System32\DRIVERS\s1029mgmt.sys [115880 2009-05-25] (MCCI Corporation)
S3 s1029nd5; C:\Windows\System32\DRIVERS\s1029nd5.sys [26024 2009-05-25] (MCCI Corporation)
S3 s1029obex; C:\Windows\System32\DRIVERS\s1029obex.sys [111912 2009-05-25] (MCCI Corporation)
S3 s1029unic; C:\Windows\System32\DRIVERS\s1029unic.sys [116904 2009-05-25] (MCCI Corporation)
S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [124016 2009-11-19] (MCCI Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-09-24] (Avira GmbH)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-07-12] (Samsung Electronics) [File not signed]
S3 TelekomNM3; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
S3 ulisa; C:\Windows\System32\Drivers\ulisa.sys [120732 2005-09-09] (DeTeWe Berlin) [File not signed]
R3 VMC326; C:\Windows\System32\Drivers\VMC326.sys [237696 2009-08-10] (Vimicro Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 ADDMEM; \??\C:\Users\FAROD\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [X]
S3 cpuz132; \??\C:\Users\FAROD\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X]
S1 FNETURPX; System32\drivers\FNETURPX.SYS [X]
U5 Opaplpt; C:\Windows\System32\Drivers\Opaplpt.sys [39520 2001-09-12] (Oki Data Corporation) [File not signed]
U0 SR; No ImagePath
U2 srservice; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-09 09:41 - 2014-10-09 09:44 - 00029736 _____ () C:\Users\FAROD\Downloads\FRST.txt
2014-10-09 09:41 - 2014-10-09 09:42 - 00000000 ____D () C:\FRST
2014-10-09 09:41 - 2014-10-09 09:41 - 01101312 _____ (Farbar) C:\Users\FAROD\Downloads\FRST.exe
2014-10-09 09:36 - 2014-10-09 09:40 - 00000472 _____ () C:\Users\FAROD\Downloads\defogger_disable.log
2014-10-09 09:36 - 2014-10-09 09:36 - 00000000 _____ () C:\Users\FAROD\defogger_reenable
2014-10-09 09:35 - 2014-10-09 09:35 - 00050477 _____ () C:\Users\FAROD\Downloads\Defogger.exe
2014-10-09 09:06 - 2014-10-09 09:06 - 00000000 ____D () C:\Users\FAROD\AppData\Local\AviraSpeedup
2014-10-09 09:05 - 2014-10-09 09:06 - 00001161 _____ () C:\Users\FAROD\Desktop\Avira System Speedup.lnk
2014-10-09 09:05 - 2014-10-09 09:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2014-10-08 21:53 - 2014-10-09 08:25 - 00000504 _____ () C:\Windows\setupact.log
2014-10-08 21:53 - 2014-10-09 08:12 - 00001498 _____ () C:\Windows\PFRO.log
2014-10-08 21:53 - 2014-10-08 21:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-08 20:33 - 2014-10-08 20:33 - 00001230 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-10-08 20:33 - 2014-10-08 20:33 - 00000000 ____D () C:\Users\FAROD\AppData\Local\VS Revo Group
2014-10-08 20:33 - 2014-10-08 20:33 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-10-08 20:33 - 2014-10-08 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-10-08 20:33 - 2014-10-08 20:33 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-10-08 20:33 - 2009-12-30 11:21 - 00027192 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-10-08 20:09 - 2014-10-08 20:09 - 00000965 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-08 20:09 - 2014-10-08 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-08 20:09 - 2014-10-08 20:09 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-08 20:02 - 2014-10-08 20:02 - 00120520 _____ () C:\Users\FAROD\Desktop\John G - Avira Answers.htm
2014-10-08 19:34 - 2014-10-09 08:13 - 00000000 ____D () C:\Users\FAROD\AppData\Local\LogMeIn Rescue Applet
2014-10-08 19:34 - 2014-10-08 19:34 - 01528640 _____ (LogMeIn, Inc.) C:\Users\FAROD\Downloads\Support-LogMeInRescue.exe
2014-10-08 18:34 - 2014-10-08 18:34 - 00000000 ____D () C:\Users\FAROD\AppData\Roaming\Avira
2014-10-08 18:31 - 2014-09-24 12:44 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-08 18:31 - 2014-09-24 12:44 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-08 18:31 - 2014-09-24 12:44 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-10-08 18:31 - 2014-09-24 12:44 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-10-08 18:30 - 2014-10-09 09:05 - 00000000 ____D () C:\Program Files\Avira
2014-10-08 18:30 - 2014-10-08 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-08 18:30 - 2014-10-08 18:31 - 00000000 ____D () C:\ProgramData\Avira
2014-10-08 18:30 - 2014-10-08 18:30 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-08 18:29 - 2014-10-08 18:29 - 04714656 _____ (Avira Operations GmbH & Co. KG) C:\Users\FAROD\Downloads\avira_de_av___ws.exe
2014-10-08 18:29 - 2014-10-08 18:29 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-08 15:14 - 2014-10-09 09:00 - 00000804 _____ () C:\Windows\Tasks\Security Center Update - 1126216227.job
2014-10-08 15:14 - 2014-10-08 18:08 - 00000000 ____D () C:\Users\FAROD\AppData\Roaming\Huytiku
2014-10-05 16:05 - 2014-10-05 16:05 - 01101648 _____ () C:\Users\FAROD\Downloads\CHIP Online Windows Starter Kit - CHIP-Installer.exe
2014-10-05 15:51 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\system32\dhRichClient3.dll
2014-10-05 15:51 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\system32\sqlite36_engine.dll
2014-10-05 15:50 - 2014-10-05 15:50 - 00000000 ____D () C:\Users\FAROD\Downloads\MyHash
2014-10-05 15:44 - 2014-10-05 15:45 - 01101648 _____ () C:\Users\FAROD\Downloads\HashMyFiles - CHIP-Installer.exe
2014-10-02 20:00 - 2014-10-02 20:01 - 03602664 _____ () C:\Users\FAROD\Downloads\aquasuite_setup.exe
2014-10-01 12:07 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-29 09:08 - 2014-09-29 09:08 - 19364912 _____ () C:\Users\FAROD\Desktop\20140930 Indulor_ZPA.pptx
2014-09-28 11:44 - 2014-09-28 11:44 - 00000000 ____D () C:\Users\FAROD\AppData\Roaming\AVG
2014-09-28 11:41 - 2014-10-08 20:46 - 00000000 ____D () C:\Users\FAROD\AppData\Local\AvgSetupLog
2014-09-28 11:41 - 2014-10-08 20:46 - 00000000 ____D () C:\ProgramData\Avg
2014-09-28 11:41 - 2014-10-08 20:46 - 00000000 ____D () C:\Program Files\AVG
2014-09-28 11:41 - 2014-10-05 16:25 - 00000000 ____D () C:\Users\FAROD\AppData\Local\Avg
2014-09-28 11:40 - 2014-09-28 11:40 - 15722368 _____ (AVG Technologies) C:\Users\FAROD\Downloads\avg_gse_stb_all_329p1_96.exe
2014-09-24 21:22 - 2014-09-24 21:22 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-24 09:52 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-10 20:34 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 20:34 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 20:34 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 20:34 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 20:34 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 20:34 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 20:34 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 20:34 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 20:34 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 20:34 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 20:34 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 20:34 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 20:34 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 20:34 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 20:34 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 20:34 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 20:34 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 20:34 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 20:34 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 20:34 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 20:34 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 20:34 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 20:34 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 20:34 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 20:34 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 20:34 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 20:34 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 20:34 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 20:34 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 20:34 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 20:33 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 08:45 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 08:45 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 08:41 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 08:41 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 08:41 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 08:41 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-09 09:43 - 2009-12-28 19:47 - 01501262 _____ () C:\Windows\WindowsUpdate.log
2014-10-09 09:36 - 2009-12-28 20:03 - 00000000 ____D () C:\Users\FAROD
2014-10-09 08:59 - 2012-03-30 08:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-09 08:45 - 2014-05-10 19:13 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6c7324f656f2.job
2014-10-09 08:34 - 2009-07-14 06:34 - 00019968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-09 08:34 - 2009-07-14 06:34 - 00019968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-09 08:26 - 2012-01-23 22:21 - 00000000 ___RD () C:\Users\FAROD\Dropbox
2014-10-09 08:26 - 2012-01-23 22:19 - 00000000 ____D () C:\Users\FAROD\AppData\Roaming\Dropbox
2014-10-09 08:25 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-08 20:49 - 2011-10-22 20:24 - 00000000 ____D () C:\Program Files\Common Files\Mcafee
2014-10-08 20:49 - 2009-12-29 22:55 - 00000000 ____D () C:\Program Files\McAfee
2014-10-08 20:49 - 2009-12-28 20:23 - 00000000 ____D () C:\ProgramData\McAfee
2014-10-08 20:21 - 2011-03-05 19:49 - 00000000 ____D () C:\Windows\Minidump
2014-10-08 20:21 - 2009-12-29 04:43 - 00000000 ____D () C:\Windows\Panther
2014-10-08 19:08 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-08 14:39 - 2013-07-11 14:37 - 00000000 ____D () C:\Program Files\File Type Assistant
2014-10-06 13:46 - 2011-01-19 17:31 - 00012267 _____ () C:\Users\FAROD\AppData\Roaming\SmarThruOptions.xml
2014-10-05 11:14 - 2009-10-20 16:18 - 00000000 ____D () C:\Users\FAROD\Documents\Steuerfälle
2014-10-04 18:05 - 2009-09-12 19:00 - 00000000 ____D () C:\Users\FAROD\Desktop\Sonstiges
2014-09-29 09:08 - 2009-09-23 10:35 - 00000000 ____D () C:\Users\FAROD\Desktop\AMT
2014-09-28 17:06 - 2009-12-30 11:55 - 00000000 ____D () C:\Users\FAROD\Desktop\Utilities
2014-09-28 11:57 - 2010-11-26 21:30 - 00000000 ____D () C:\Program Files\Steam
2014-09-28 11:57 - 2009-12-30 12:28 - 00000000 ____D () C:\Users\FAROD\AppData\Roaming\Skype
2014-09-28 11:57 - 2009-12-29 18:54 - 00000000 ____D () C:\Users\FAROD\AppData\Local\Microsoft Help
2014-09-28 11:57 - 2009-09-09 18:55 - 00000000 ____D () C:\Users\FAROD\Documents\Youcam
2014-09-27 18:47 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-25 20:41 - 2012-04-26 08:17 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-25 08:19 - 2009-12-28 20:23 - 01671768 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-24 14:00 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-24 08:59 - 2012-03-30 08:00 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 08:59 - 2011-05-19 18:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-18 17:25 - 2013-07-12 08:37 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-18 08:21 - 2012-01-23 22:20 - 00000000 ____D () C:\Users\FAROD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-15 09:06 - 2009-12-28 20:35 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-11 10:52 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-10 20:33 - 2013-07-21 12:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 20:27 - 2014-05-06 19:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 20:27 - 2009-12-28 20:57 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.5972.dll


Some content of TEMP:
====================
C:\Users\FAROD\AppData\Local\Temp\avgnt.exe
C:\Users\FAROD\AppData\Local\Temp\AviraSetup2517731.exe
C:\Users\FAROD\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkxt2ev.dll
C:\Users\FAROD\AppData\Local\Temp\UpdateFlashPlayer_50efb138.exe
C:\Users\FAROD\AppData\Local\Temp\UpdateFlashPlayer_de7d54a4.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-27 18:36

==================== End Of Log ============================
         
--- --- ---


Noch einmal vielen Dank für Deine Hilfe!
samsum54


Alt 10.10.2014, 19:25   #6
schrauber
/// the machine
/// TB-Ausbilder
 

qogunit.exe - Standard

qogunit.exe



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    File Type Assistant

    Firefox Free Download Packages (HKCU\...\Firefox Free Download Packages) (Version: - ) <==== ATTENTION

    QuickTime Free Download Packages (HKCU\...\QuickTime Free Download Packages) (Version: - ) <==== ATTENTION


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> qogunit.exe

Alt 11.10.2014, 16:31   #7
samsum54
 
qogunit.exe - Standard

qogunit.exe



Hallo Schrauber,
hofentlich habe ich alles richtig gemacht. MBAM hatte ich bereits gestern angwendet. Es hatte ca. 10 Zbots gefunden, danach waren zumindest die offensichtlichen Probleme beseitigt. Für die heutigen Aufgaben habe ich Revo Uninstaller Pro in englisch verwendet. Die Datei File Type Assistant konnte der Uninstaller nicht finden.
Hier ist das Ergebnis des AdwCleaner:
Code:
ATTFilter
# AdwCleaner v3.311 - Bericht erstellt am 11/10/2014 um 16:50:16
# Aktualisiert 30/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : FAROD - FAROD-PC
# Gestartet von : C:\Users\FAROD\Downloads\AdwCleaner_3.311.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\WinMaximizer
Ordner Gelöscht : C:\Program Files\MyPC Backup
Ordner Gelöscht : C:\Program Files\WinMaximizer
Ordner Gelöscht : C:\Users\FAROD\AppData\Local\FileTypeAssistant
Ordner Gelöscht : C:\Users\FAROD\AppData\Roaming\Systweak
Datei Gelöscht : C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\invalidprefs.js
Datei Gelöscht : C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\user.js

***** [ Tasks ] *****

Task Gelöscht : ProgramRefresh-ATFST
Task Gelöscht : ProgramUpdateCheck

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BrowseMark_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BrowseMark_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\plus-hd-2_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\plus-hd-2_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseMark_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseMark_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{87BEF026-9269-413C-A5B3-11F35451380E}
Schlüssel Gelöscht : HKCU\Software\distromatic
Schlüssel Gelöscht : HKCU\Software\FileTypeAssistant
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\SecuredDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\lyrixeeker
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-0409-0000-0000000FF1CE}

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.3 (x86 de)

[ Datei : C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\prefs.js ]

Zeile gelöscht : user_pref("avira.safe_search.prev_newtab", "hxxps://safesearch.avira.com/#?source=newtab");
Zeile gelöscht : user_pref("browser.newtab.url", "hxxps://safesearch.avira.com/#?source=newtab");
Zeile gelöscht : user_pref("extensions.irmysearch.aflt", "ir_14_16_ff");
Zeile gelöscht : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutDtDtAtDyEtB0F0F0F0DtDtCyCtBtAyDtN0D0Tzu0SzztAzytN1L2XzutBtFtCzztFtBtFyBtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyB0CyBtC0FyCzy0AtGzzyEyB0Bt[...]
Zeile gelöscht : user_pref("extensions.irmysearch.cr", "539097578");
Zeile gelöscht : user_pref("extensions.irmysearch.instlRef", "140305_c");

*************************

AdwCleaner[R0].txt - [4183 octets] - [11/10/2014 16:46:08]
AdwCleaner[S0].txt - [4104 octets] - [11/10/2014 16:50:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4164 octets] ##########
         
Hier von JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.2 (10.09.2014:1)
OS: Windows 7 Home Premium x86
Ran by FAROD on 11.10.2014 at 17:04:55,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{82E66277-302E-4678-B359-07F7BB20C081}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\FAROD\AppData\Roaming\mozilla\firefox\profiles\9l3j02fa.default\searchplugins\avira-safesearch.xml
Successfully deleted: [Folder] C:\Users\FAROD\AppData\Roaming\mozilla\firefox\profiles\9l3j02fa.default\extensions\safesearch@avira.com
Successfully deleted the following from C:\Users\FAROD\AppData\Roaming\mozilla\firefox\profiles\9l3j02fa.default\prefs.js

user_pref("avira.safe_search.search_was_active", "false");
user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"148f099e146b9-08858d60f6ed1e8-7f6c1535-0-148f099e147100\"");
user_pref("extensions.safesearch.SAUTH_expires_at", "1413399821");
user_pref("extensions.safesearch.SAUTH_rndsnr", "\"35bc3137b27e51a01daac37dbbdd0742feb19ca7\"");
user_pref("extensions.safesearch.SAUTH_userid", "4431828609");
user_pref("extensions.safesearch.SAUTH_utoken", "\"32ef194d873449e123f3918c76a0c8cf6ad9e107\"");
user_pref("extensions.safesearch.install", "1412785889615");
user_pref("extensions.safesearch@avira.com.install-event-fired", true);
Emptied folder: C:\Users\FAROD\AppData\Roaming\mozilla\firefox\profiles\9l3j02fa.default\minidumps [380 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.10.2014 at 17:06:54,24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Hier das neue Frst-File:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-10-2014 01
Ran by FAROD (administrator) on FAROD-PC on 11-10-2014 17:13:23
Running from C:\Users\FAROD\Downloads
Loaded Profile: FAROD (Available profiles: FAROD)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Two Pilots) C:\Windows\VPDAgent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Usoris Systems LLC) C:\Program Files\Remote Utilities - Host\rutserv.exe
(Usoris Systems LLC) C:\Program Files\Remote Utilities - Host\rfusclient.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Usoris Systems LLC) C:\Program Files\Remote Utilities - Host\rfusclient.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dropbox, Inc.) C:\Users\FAROD\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\ssmmgr.exe [618496 2010-06-07] ()
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-09-24] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\MountPoints2: E - E:\auto.exe
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\MountPoints2: {75ce76c2-68d3-11e0-a899-00245402c3ca} - F:\Startme.exe
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\MountPoints2: {79a0bff8-14f1-11df-894a-00245402c3ca} - F:\Startme.exe
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\MountPoints2: {9cd638f1-f3d8-11de-a0af-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\Users\FAROD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\FAROD\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\FAROD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKCU - {3BD301D9-747C-40B4-BC62-285CC3E648E8} URL = hxxp://dict.leo.org/ende?lp=ende&search={searchTerms}
SearchScopes: HKCU - {50D204F7-744D-4AB1-80BE-44A747C9AC1A} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE0D20140110&p={SearchTerms}
SearchScopes: HKCU - {53A2F6DD-7B14-453A-8DBA-991ADB68FBF9} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tweb&q={searchTerms}&dia=tie8
SearchScopes: HKCU - {595E0C25-C644-4F7D-9987-28F67BBD4E56} URL = hxxp://dict.leo.org/frde?lp=frde&search={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
SearchScopes: HKCU - {73421E9D-ED96-498B-B243-7A70460AA933} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=twiki&q={searchTerms}&dia=tie8
SearchScopes: HKCU - {84A765DC-8137-4ADB-9DB1-7D4224CC92CB} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tportal&q={searchTerms}&dia=tie8
SearchScopes: HKCU - {85500CB3-C2C6-40B6-AE42-EAF32E8A9FE9} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {B41F44C9-8C0D-44C0-9B77-EF1392D37EF0} URL = hxxp://preisvergleich.t-online.de/angebote/{searchTerms}?soid=42534758
SearchScopes: HKCU - {C38CA9EB-8E41-4C47-9A41-29D547233F7E} URL = hxxp://dict.leo.org/esde?lp=esde&search={searchTerms}
SearchScopes: HKCU - {DC50C121-78BE-4071-8A7C-070868147D2A} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tonline-browser_toolbar3_search-21&index=blended&linkCode=ur2
SearchScopes: HKCU - {FD45522D-7F25-4E01-8E60-242DCFE016C9} URL = hxxp://rover.ebay.com/rover/1/707-1403-42072-3/4?satitle={searchTerms}
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Toolbar 3.0 der Telekom Browserhilfsobjekt -> {C9603180-FA5C-4DB0-A013-ADC60309AF82} -> C:\Program Files\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Toolbar 3.0 der Telekom - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - C:\Program Files\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Toolbar 3.0 der Telekom - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - C:\Program Files\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default
FF DefaultSearchEngine: Sichere Suche
FF SearchEngineOrder.1: Sichere Suche
FF SelectedSearchEngine: Sichere Suche
FF Homepage: about:home
FF Keyword.URL: https://de.search.yahoo.com/search?fr=mcafee&type=B111DE0D20140110&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\FAROD\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\searchplugins\ixquick-custom-search.xml
FF SearchPlugin: C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\searchplugins\ixquick-https---deutsch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\Extensions\abs@avira.com [2014-10-08]
FF Extension: Tradesignal Online Chart - C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\Extensions\{1acd747e-8470-11db-96a9-00e08161165f} [2014-09-02]
FF Extension: Cliqz Beta - C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\Extensions\cliqz@cliqz.com.xpi [2014-10-06]
FF Extension: Adblock Plus - C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-20]
FF Extension: QuickJava - C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2014-06-20]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-24]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\cliqz@cliqz.com

Chrome: 
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S4 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2010-01-20] (Adobe Systems) [File not signed]
R2 Agent; C:\Windows\VPDAgent.exe [203008 2013-05-18] (Two Pilots)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]
R2 RManService; C:\Program Files\Remote Utilities - Host\rutserv.exe [6063360 2014-02-12] (Usoris Systems LLC)
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [165888 2010-03-08] (Samsung Electronics Co., Ltd.) [File not signed]
S4 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [101904 2010-11-30] (ATI Technologies, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-09-03] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 CAPI20; C:\Windows\system32\Drivers\CAPI20.sys [974040 2005-09-09] (DeTeWe Berlin) [File not signed]
S3 CH341SER; C:\Windows\System32\Drivers\CH341SER.SYS [39696 2011-11-04] (www.winchiphead.com)
R2 DETEWECP; C:\Windows\System32\drivers\detewecp.sys [37696 2005-09-09] (DeTeWe Berlin) [File not signed]
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2009-07-13] (Samsung Electronics Co., Ltd.) [File not signed]
R3 dtwmnic5; C:\Windows\System32\DRIVERS\dtwmnic5.sys [198118 2005-09-09] (DeTeWe Berlin) [File not signed]
R2 ei2c; C:\Windows\system32\drivers\ei2c.sys [18224 2013-09-30] (Nicomsoft Ltd.)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [63464 2013-02-13] (FTDI Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-09-03] ()
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-11-04] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-11-04] (McAfee, Inc.)
R2 mi2c; C:\Windows\system32\drivers\mi2c.sys [18224 2013-10-13] (Nicomsoft Ltd.)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21520 2010-07-21] (Microsoft Corporation)
R3 rtl819xp; C:\Windows\System32\DRIVERS\rtl819xp.sys [557088 2010-02-01] (Realtek Semiconductor Corporation                           )
S3 s1029bus; C:\Windows\System32\DRIVERS\s1029bus.sys [90280 2009-05-25] (MCCI Corporation)
S3 s1029mdfl; C:\Windows\System32\DRIVERS\s1029mdfl.sys [15016 2009-05-25] (MCCI Corporation)
S3 s1029mdm; C:\Windows\System32\DRIVERS\s1029mdm.sys [122280 2009-05-25] (MCCI Corporation)
S3 s1029mgmt; C:\Windows\System32\DRIVERS\s1029mgmt.sys [115880 2009-05-25] (MCCI Corporation)
S3 s1029nd5; C:\Windows\System32\DRIVERS\s1029nd5.sys [26024 2009-05-25] (MCCI Corporation)
S3 s1029obex; C:\Windows\System32\DRIVERS\s1029obex.sys [111912 2009-05-25] (MCCI Corporation)
S3 s1029unic; C:\Windows\System32\DRIVERS\s1029unic.sys [116904 2009-05-25] (MCCI Corporation)
S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [124016 2009-11-19] (MCCI Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-09-24] (Avira GmbH)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-07-12] (Samsung Electronics) [File not signed]
S3 TelekomNM3; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
S3 ulisa; C:\Windows\System32\Drivers\ulisa.sys [120732 2005-09-09] (DeTeWe Berlin) [File not signed]
R3 VMC326; C:\Windows\System32\Drivers\VMC326.sys [237696 2009-08-10] (Vimicro Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 ADDMEM; \??\C:\Users\FAROD\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [X]
S3 cpuz132; \??\C:\Users\FAROD\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X]
S1 FNETURPX; System32\drivers\FNETURPX.SYS [X]
U5 Opaplpt; C:\Windows\System32\Drivers\Opaplpt.sys [39520 2001-09-12] (Oki Data Corporation) [File not signed]
U0 SR; No ImagePath
U2 srservice; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-11 17:06 - 2014-10-11 17:07 - 00002232 _____ () C:\Users\FAROD\Desktop\JRT.txt
2014-10-11 17:04 - 2014-10-11 17:04 - 01705755 _____ (Thisisu) C:\Users\FAROD\Downloads\JRT.exe
2014-10-11 17:04 - 2014-10-11 17:04 - 00000000 ____D () C:\Windows\ERUNT
2014-10-11 16:58 - 2014-10-11 16:58 - 00004244 _____ () C:\Users\FAROD\Desktop\AdwCleaner[S0].txt
2014-10-11 16:46 - 2014-10-11 16:50 - 00000000 ____D () C:\AdwCleaner
2014-10-11 16:44 - 2014-10-11 16:44 - 01375089 _____ () C:\Users\FAROD\Downloads\AdwCleaner_3.311.exe
2014-10-11 16:41 - 2014-10-11 16:41 - 00001061 _____ () C:\Users\FAROD\Desktop\Scan MBAM.txt
2014-10-09 14:18 - 2014-10-09 14:18 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-09 12:05 - 2014-10-11 16:25 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-09 12:04 - 2014-10-09 12:04 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-09 12:04 - 2014-10-09 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-10-09 12:04 - 2014-10-09 12:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-09 12:04 - 2014-10-09 12:04 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-10-09 12:04 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-09 12:04 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-09 12:04 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-09 12:03 - 2014-10-09 12:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\FAROD\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-09 09:44 - 2014-10-09 09:46 - 00101575 _____ () C:\Users\FAROD\Downloads\Addition.txt
2014-10-09 09:41 - 2014-10-11 17:13 - 00027908 _____ () C:\Users\FAROD\Downloads\FRST.txt
2014-10-09 09:41 - 2014-10-11 17:13 - 00000000 ____D () C:\FRST
2014-10-09 09:41 - 2014-10-09 09:41 - 01101312 _____ (Farbar) C:\Users\FAROD\Downloads\FRST.exe
2014-10-09 09:36 - 2014-10-09 09:40 - 00000472 _____ () C:\Users\FAROD\Downloads\defogger_disable.log
2014-10-09 09:36 - 2014-10-09 09:36 - 00000000 _____ () C:\Users\FAROD\defogger_reenable
2014-10-09 09:35 - 2014-10-09 09:35 - 00050477 _____ () C:\Users\FAROD\Downloads\Defogger.exe
2014-10-09 09:06 - 2014-10-09 14:39 - 00000000 ____D () C:\Users\FAROD\AppData\Local\AviraSpeedup
2014-10-08 21:53 - 2014-10-11 17:08 - 00005018 _____ () C:\Windows\setupact.log
2014-10-08 21:53 - 2014-10-11 16:51 - 00010564 _____ () C:\Windows\PFRO.log
2014-10-08 21:53 - 2014-10-08 21:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-08 20:33 - 2014-10-08 20:33 - 00001230 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-10-08 20:33 - 2014-10-08 20:33 - 00000000 ____D () C:\Users\FAROD\AppData\Local\VS Revo Group
2014-10-08 20:33 - 2014-10-08 20:33 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-10-08 20:33 - 2014-10-08 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-10-08 20:33 - 2014-10-08 20:33 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-10-08 20:33 - 2009-12-30 11:21 - 00027192 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-10-08 20:09 - 2014-10-08 20:09 - 00000965 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-08 20:09 - 2014-10-08 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-08 20:09 - 2014-10-08 20:09 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-08 20:02 - 2014-10-08 20:02 - 00120520 _____ () C:\Users\FAROD\Desktop\John G - Avira Answers.htm
2014-10-08 19:34 - 2014-10-09 08:13 - 00000000 ____D () C:\Users\FAROD\AppData\Local\LogMeIn Rescue Applet
2014-10-08 19:34 - 2014-10-08 19:34 - 01528640 _____ (LogMeIn, Inc.) C:\Users\FAROD\Downloads\Support-LogMeInRescue.exe
2014-10-08 18:34 - 2014-10-08 18:34 - 00000000 ____D () C:\Users\FAROD\AppData\Roaming\Avira
2014-10-08 18:31 - 2014-09-24 12:44 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-08 18:31 - 2014-09-24 12:44 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-08 18:31 - 2014-09-24 12:44 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-10-08 18:31 - 2014-09-24 12:44 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-10-08 18:30 - 2014-10-09 14:39 - 00000000 ____D () C:\Program Files\Avira
2014-10-08 18:30 - 2014-10-08 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-08 18:30 - 2014-10-08 18:31 - 00000000 ____D () C:\ProgramData\Avira
2014-10-08 18:30 - 2014-10-08 18:30 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-08 18:29 - 2014-10-08 18:29 - 04714656 _____ (Avira Operations GmbH & Co. KG) C:\Users\FAROD\Downloads\avira_de_av___ws.exe
2014-10-08 18:29 - 2014-10-08 18:29 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-08 15:14 - 2014-10-09 12:48 - 00000000 ____D () C:\Users\FAROD\AppData\Roaming\Huytiku
2014-10-05 16:05 - 2014-10-05 16:05 - 01101648 _____ () C:\Users\FAROD\Downloads\CHIP Online Windows Starter Kit - CHIP-Installer.exe
2014-10-05 15:51 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\system32\dhRichClient3.dll
2014-10-05 15:51 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\system32\sqlite36_engine.dll
2014-10-05 15:50 - 2014-10-05 15:50 - 00000000 ____D () C:\Users\FAROD\Downloads\MyHash
2014-10-05 15:44 - 2014-10-05 15:45 - 01101648 _____ () C:\Users\FAROD\Downloads\HashMyFiles - CHIP-Installer.exe
2014-10-02 20:00 - 2014-10-02 20:01 - 03602664 _____ () C:\Users\FAROD\Downloads\aquasuite_setup.exe
2014-10-01 12:07 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-29 09:08 - 2014-09-29 09:08 - 19364912 _____ () C:\Users\FAROD\Desktop\20140930 Indulor_ZPA.pptx
2014-09-28 11:44 - 2014-09-28 11:44 - 00000000 ____D () C:\Users\FAROD\AppData\Roaming\AVG
2014-09-28 11:41 - 2014-10-08 20:46 - 00000000 ____D () C:\Users\FAROD\AppData\Local\AvgSetupLog
2014-09-28 11:41 - 2014-10-08 20:46 - 00000000 ____D () C:\ProgramData\Avg
2014-09-28 11:41 - 2014-10-08 20:46 - 00000000 ____D () C:\Program Files\AVG
2014-09-28 11:41 - 2014-10-05 16:25 - 00000000 ____D () C:\Users\FAROD\AppData\Local\Avg
2014-09-28 11:40 - 2014-09-28 11:40 - 15722368 _____ (AVG Technologies) C:\Users\FAROD\Downloads\avg_gse_stb_all_329p1_96.exe
2014-09-24 21:22 - 2014-09-24 21:22 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-24 09:52 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-11 17:10 - 2012-01-23 22:21 - 00000000 ___RD () C:\Users\FAROD\Dropbox
2014-10-11 17:10 - 2012-01-23 22:19 - 00000000 ____D () C:\Users\FAROD\AppData\Roaming\Dropbox
2014-10-11 17:08 - 2009-12-28 19:47 - 01613164 _____ () C:\Windows\WindowsUpdate.log
2014-10-11 17:08 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-11 16:59 - 2012-03-30 08:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-11 16:59 - 2009-07-14 06:34 - 00019968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-11 16:59 - 2009-07-14 06:34 - 00019968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-11 16:45 - 2014-05-10 19:13 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6c7324f656f2.job
2014-10-09 12:48 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\Performance
2014-10-09 11:41 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-09 11:40 - 2010-01-01 15:05 - 00000000 ____D () C:\Users\FAROD\AppData\Local\My Games
2014-10-09 11:40 - 2009-12-29 11:35 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-09 11:32 - 2009-09-10 21:31 - 00000000 ____D () C:\Users\FAROD\Documents\My Games
2014-10-09 11:31 - 2010-11-26 21:30 - 00000000 ____D () C:\Program Files\Steam
2014-10-09 09:36 - 2009-12-28 20:03 - 00000000 ____D () C:\Users\FAROD
2014-10-08 20:49 - 2011-10-22 20:24 - 00000000 ____D () C:\Program Files\Common Files\Mcafee
2014-10-08 20:49 - 2009-12-29 22:55 - 00000000 ____D () C:\Program Files\McAfee
2014-10-08 20:49 - 2009-12-28 20:23 - 00000000 ____D () C:\ProgramData\McAfee
2014-10-08 20:21 - 2011-03-05 19:49 - 00000000 ____D () C:\Windows\Minidump
2014-10-08 20:21 - 2009-12-29 04:43 - 00000000 ____D () C:\Windows\Panther
2014-10-08 19:08 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-06 13:46 - 2011-01-19 17:31 - 00012267 _____ () C:\Users\FAROD\AppData\Roaming\SmarThruOptions.xml
2014-10-05 11:14 - 2009-10-20 16:18 - 00000000 ____D () C:\Users\FAROD\Documents\Steuerfälle
2014-10-04 18:05 - 2009-09-12 19:00 - 00000000 ____D () C:\Users\FAROD\Desktop\Sonstiges
2014-09-29 09:08 - 2009-09-23 10:35 - 00000000 ____D () C:\Users\FAROD\Desktop\AMT
2014-09-28 17:06 - 2009-12-30 11:55 - 00000000 ____D () C:\Users\FAROD\Desktop\Utilities
2014-09-28 11:57 - 2009-12-30 12:28 - 00000000 ____D () C:\Users\FAROD\AppData\Roaming\Skype
2014-09-28 11:57 - 2009-12-29 18:54 - 00000000 ____D () C:\Users\FAROD\AppData\Local\Microsoft Help
2014-09-28 11:57 - 2009-09-09 18:55 - 00000000 ____D () C:\Users\FAROD\Documents\Youcam
2014-09-27 18:47 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-25 20:41 - 2012-04-26 08:17 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-25 08:19 - 2009-12-28 20:23 - 01671768 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-24 14:00 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-24 08:59 - 2012-03-30 08:00 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 08:59 - 2011-05-19 18:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-18 17:25 - 2013-07-12 08:37 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-18 08:21 - 2012-01-23 22:20 - 00000000 ____D () C:\Users\FAROD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-15 09:06 - 2009-12-28 20:35 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-11 10:52 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.5972.dll


Some content of TEMP:
====================
C:\Users\FAROD\AppData\Local\Temp\avgnt.exe
C:\Users\FAROD\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8lccon.dll
C:\Users\FAROD\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-27 18:36

==================== End Of Log ============================
         
--- --- ---


Hier das Ergebnis von MBAM:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 11.10.2014
Scan Time: 16:26:03
Logfile: Scan MBAM.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.11.05
Rootkit Database: v2014.10.08.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: FAROD

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 289778
Time Elapsed: 14 min, 52 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
         
Ich bin wirkich dankbar für Deine Bemühungen.
samsum54

Alt 12.10.2014, 13:48   #8
schrauber
/// the machine
/// TB-Ausbilder
 

qogunit.exe - Standard

qogunit.exe




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.10.2014, 18:57   #9
samsum54
 
qogunit.exe - Standard

qogunit.exe



Hallo schrauber,
hier sind die erstellten log-Dateien:
Eset
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=03cce7e3e15b0143adc8782d2d839cf6
# engine=20559
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-12 05:33:49
# local_time=2014-10-12 07:33:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 9785 1579769 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 79360 164766420 0 0
# scanned=601747
# found=0
# cleaned=0
# scan_time=8727
         
Security
Code:
ATTFilter
Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 TuneUp Utilities 2014 (de-DE)  
 CCleaner     
 Java 7 Update 67  
 Adobe Flash Player 	15.0.0.152  
 Adobe Reader XI  
 Mozilla Firefox (32.0.3) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-10-2014
Ran by FAROD (administrator) on FAROD-PC on 12-10-2014 19:51:00
Running from C:\Users\FAROD\Downloads
Loaded Profile: FAROD (Available profiles: FAROD)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Two Pilots) C:\Windows\VPDAgent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Usoris Systems LLC) C:\Program Files\Remote Utilities - Host\rutserv.exe
(Usoris Systems LLC) C:\Program Files\Remote Utilities - Host\rfusclient.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Dropbox, Inc.) C:\Users\FAROD\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe
(Usoris Systems LLC) C:\Program Files\Remote Utilities - Host\rfusclient.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\ssmmgr.exe [618496 2010-06-07] ()
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-09-24] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\MountPoints2: E - E:\auto.exe
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\MountPoints2: {75ce76c2-68d3-11e0-a899-00245402c3ca} - F:\Startme.exe
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\MountPoints2: {79a0bff8-14f1-11df-894a-00245402c3ca} - F:\Startme.exe
HKU\S-1-5-21-2661125413-2364787433-991423230-1000\...\MountPoints2: {9cd638f1-f3d8-11de-a0af-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\Users\FAROD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\FAROD\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\FAROD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKCU - {3BD301D9-747C-40B4-BC62-285CC3E648E8} URL = hxxp://dict.leo.org/ende?lp=ende&search={searchTerms}
SearchScopes: HKCU - {50D204F7-744D-4AB1-80BE-44A747C9AC1A} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE0D20140110&p={SearchTerms}
SearchScopes: HKCU - {53A2F6DD-7B14-453A-8DBA-991ADB68FBF9} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tweb&q={searchTerms}&dia=tie8
SearchScopes: HKCU - {595E0C25-C644-4F7D-9987-28F67BBD4E56} URL = hxxp://dict.leo.org/frde?lp=frde&search={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
SearchScopes: HKCU - {73421E9D-ED96-498B-B243-7A70460AA933} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=twiki&q={searchTerms}&dia=tie8
SearchScopes: HKCU - {84A765DC-8137-4ADB-9DB1-7D4224CC92CB} URL = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tportal&q={searchTerms}&dia=tie8
SearchScopes: HKCU - {85500CB3-C2C6-40B6-AE42-EAF32E8A9FE9} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {B41F44C9-8C0D-44C0-9B77-EF1392D37EF0} URL = hxxp://preisvergleich.t-online.de/angebote/{searchTerms}?soid=42534758
SearchScopes: HKCU - {C38CA9EB-8E41-4C47-9A41-29D547233F7E} URL = hxxp://dict.leo.org/esde?lp=esde&search={searchTerms}
SearchScopes: HKCU - {DC50C121-78BE-4071-8A7C-070868147D2A} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tonline-browser_toolbar3_search-21&index=blended&linkCode=ur2
SearchScopes: HKCU - {FD45522D-7F25-4E01-8E60-242DCFE016C9} URL = hxxp://rover.ebay.com/rover/1/707-1403-42072-3/4?satitle={searchTerms}
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Toolbar 3.0 der Telekom Browserhilfsobjekt -> {C9603180-FA5C-4DB0-A013-ADC60309AF82} -> C:\Program Files\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Toolbar 3.0 der Telekom - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - C:\Program Files\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Toolbar 3.0 der Telekom - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - C:\Program Files\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default
FF DefaultSearchEngine: Sichere Suche
FF SearchEngineOrder.1: Sichere Suche
FF SelectedSearchEngine: Sichere Suche
FF Homepage: about:home
FF Keyword.URL: https://de.search.yahoo.com/search?fr=mcafee&type=B111DE0D20140110&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\FAROD\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\searchplugins\ixquick-custom-search.xml
FF SearchPlugin: C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\searchplugins\ixquick-https---deutsch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\Extensions\abs@avira.com [2014-10-08]
FF Extension: Tradesignal Online Chart - C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\Extensions\{1acd747e-8470-11db-96a9-00e08161165f} [2014-09-02]
FF Extension: Cliqz Beta - C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\Extensions\cliqz@cliqz.com.xpi [2014-10-06]
FF Extension: Adblock Plus - C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-20]
FF Extension: QuickJava - C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2014-06-20]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-24]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\FAROD\AppData\Roaming\Mozilla\Firefox\Profiles\9l3j02fa.default\extensions\cliqz@cliqz.com

Chrome: 
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S4 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2010-01-20] (Adobe Systems) [File not signed]
R2 Agent; C:\Windows\VPDAgent.exe [203008 2013-05-18] (Two Pilots)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]
R2 RManService; C:\Program Files\Remote Utilities - Host\rutserv.exe [6063360 2014-02-12] (Usoris Systems LLC)
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [165888 2010-03-08] (Samsung Electronics Co., Ltd.) [File not signed]
S4 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [101904 2010-11-30] (ATI Technologies, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-09-03] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 CAPI20; C:\Windows\system32\Drivers\CAPI20.sys [974040 2005-09-09] (DeTeWe Berlin) [File not signed]
S3 CH341SER; C:\Windows\System32\Drivers\CH341SER.SYS [39696 2011-11-04] (www.winchiphead.com)
R2 DETEWECP; C:\Windows\System32\drivers\detewecp.sys [37696 2005-09-09] (DeTeWe Berlin) [File not signed]
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2009-07-13] (Samsung Electronics Co., Ltd.) [File not signed]
R3 dtwmnic5; C:\Windows\System32\DRIVERS\dtwmnic5.sys [198118 2005-09-09] (DeTeWe Berlin) [File not signed]
R2 ei2c; C:\Windows\system32\drivers\ei2c.sys [18224 2013-09-30] (Nicomsoft Ltd.)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [63464 2013-02-13] (FTDI Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-09-03] ()
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-11-04] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-11-04] (McAfee, Inc.)
R2 mi2c; C:\Windows\system32\drivers\mi2c.sys [18224 2013-10-13] (Nicomsoft Ltd.)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21520 2010-07-21] (Microsoft Corporation)
R3 rtl819xp; C:\Windows\System32\DRIVERS\rtl819xp.sys [557088 2010-02-01] (Realtek Semiconductor Corporation                           )
S3 s1029bus; C:\Windows\System32\DRIVERS\s1029bus.sys [90280 2009-05-25] (MCCI Corporation)
S3 s1029mdfl; C:\Windows\System32\DRIVERS\s1029mdfl.sys [15016 2009-05-25] (MCCI Corporation)
S3 s1029mdm; C:\Windows\System32\DRIVERS\s1029mdm.sys [122280 2009-05-25] (MCCI Corporation)
S3 s1029mgmt; C:\Windows\System32\DRIVERS\s1029mgmt.sys [115880 2009-05-25] (MCCI Corporation)
S3 s1029nd5; C:\Windows\System32\DRIVERS\s1029nd5.sys [26024 2009-05-25] (MCCI Corporation)
S3 s1029obex; C:\Windows\System32\DRIVERS\s1029obex.sys [111912 2009-05-25] (MCCI Corporation)
S3 s1029unic; C:\Windows\System32\DRIVERS\s1029unic.sys [116904 2009-05-25] (MCCI Corporation)
S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [124016 2009-11-19] (MCCI Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-09-24] (Avira GmbH)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-07-12] (Samsung Electronics) [File not signed]
S3 TelekomNM3; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
S3 ulisa; C:\Windows\System32\Drivers\ulisa.sys [120732 2005-09-09] (DeTeWe Berlin) [File not signed]
R3 VMC326; C:\Windows\System32\Drivers\VMC326.sys [237696 2009-08-10] (Vimicro Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 ADDMEM; \??\C:\Users\FAROD\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [X]
S3 cpuz132; \??\C:\Users\FAROD\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X]
S1 FNETURPX; System32\drivers\FNETURPX.SYS [X]
U5 Opaplpt; C:\Windows\System32\Drivers\Opaplpt.sys [39520 2001-09-12] (Oki Data Corporation) [File not signed]
U0 SR; No ImagePath
U2 srservice; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-12 19:50 - 2014-10-12 19:50 - 00000774 _____ () C:\Users\FAROD\Desktop\checkup Security.txt
2014-10-12 19:50 - 2014-10-12 19:50 - 00000000 ____D () C:\Users\FAROD\Downloads\FRST-OlderVersion
2014-10-12 19:42 - 2014-10-12 19:42 - 00854417 _____ () C:\Users\FAROD\Desktop\SecurityCheck.exe
2014-10-12 17:02 - 2014-10-12 17:02 - 02347384 _____ (ESET) C:\Users\FAROD\Downloads\esetsmartinstaller_deu.exe
2014-10-11 17:04 - 2014-10-11 17:04 - 01705755 _____ (Thisisu) C:\Users\FAROD\Downloads\JRT.exe
2014-10-11 17:04 - 2014-10-11 17:04 - 00000000 ____D () C:\Windows\ERUNT
2014-10-11 16:46 - 2014-10-11 16:50 - 00000000 ____D () C:\AdwCleaner
2014-10-11 16:44 - 2014-10-11 16:44 - 01375089 _____ () C:\Users\FAROD\Downloads\AdwCleaner_3.311.exe
2014-10-09 14:18 - 2014-10-09 14:18 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-09 12:05 - 2014-10-11 16:25 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-09 12:04 - 2014-10-09 12:04 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-09 12:04 - 2014-10-09 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-10-09 12:04 - 2014-10-09 12:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-09 12:04 - 2014-10-09 12:04 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-10-09 12:04 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-09 12:04 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-09 12:04 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-09 12:03 - 2014-10-09 12:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\FAROD\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-09 09:44 - 2014-10-09 09:46 - 00101575 _____ () C:\Users\FAROD\Downloads\Addition.txt
2014-10-09 09:41 - 2014-10-12 19:51 - 00027977 _____ () C:\Users\FAROD\Downloads\FRST.txt
2014-10-09 09:41 - 2014-10-12 19:51 - 00000000 ____D () C:\FRST
2014-10-09 09:41 - 2014-10-12 19:50 - 01101824 _____ (Farbar) C:\Users\FAROD\Downloads\FRST.exe
2014-10-09 09:36 - 2014-10-09 09:40 - 00000472 _____ () C:\Users\FAROD\Downloads\defogger_disable.log
2014-10-09 09:36 - 2014-10-09 09:36 - 00000000 _____ () C:\Users\FAROD\defogger_reenable
2014-10-09 09:35 - 2014-10-09 09:35 - 00050477 _____ () C:\Users\FAROD\Downloads\Defogger.exe
2014-10-09 09:06 - 2014-10-09 14:39 - 00000000 ____D () C:\Users\FAROD\AppData\Local\AviraSpeedup
2014-10-08 21:53 - 2014-10-12 10:44 - 00005410 _____ () C:\Windows\setupact.log
2014-10-08 21:53 - 2014-10-11 16:51 - 00010564 _____ () C:\Windows\PFRO.log
2014-10-08 21:53 - 2014-10-08 21:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-08 20:33 - 2014-10-08 20:33 - 00001230 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-10-08 20:33 - 2014-10-08 20:33 - 00000000 ____D () C:\Users\FAROD\AppData\Local\VS Revo Group
2014-10-08 20:33 - 2014-10-08 20:33 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-10-08 20:33 - 2014-10-08 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-10-08 20:33 - 2014-10-08 20:33 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-10-08 20:33 - 2009-12-30 11:21 - 00027192 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-10-08 20:09 - 2014-10-08 20:09 - 00000965 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-08 20:09 - 2014-10-08 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-08 20:09 - 2014-10-08 20:09 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-08 20:02 - 2014-10-08 20:02 - 00120520 _____ () C:\Users\FAROD\Desktop\John G - Avira Answers.htm
2014-10-08 19:34 - 2014-10-09 08:13 - 00000000 ____D () C:\Users\FAROD\AppData\Local\LogMeIn Rescue Applet
2014-10-08 19:34 - 2014-10-08 19:34 - 01528640 _____ (LogMeIn, Inc.) C:\Users\FAROD\Downloads\Support-LogMeInRescue.exe
2014-10-08 18:34 - 2014-10-08 18:34 - 00000000 ____D () C:\Users\FAROD\AppData\Roaming\Avira
2014-10-08 18:31 - 2014-09-24 12:44 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-08 18:31 - 2014-09-24 12:44 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-08 18:31 - 2014-09-24 12:44 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-10-08 18:31 - 2014-09-24 12:44 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-10-08 18:30 - 2014-10-09 14:39 - 00000000 ____D () C:\Program Files\Avira
2014-10-08 18:30 - 2014-10-08 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-08 18:30 - 2014-10-08 18:31 - 00000000 ____D () C:\ProgramData\Avira
2014-10-08 18:30 - 2014-10-08 18:30 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-08 18:29 - 2014-10-08 18:29 - 04714656 _____ (Avira Operations GmbH & Co. KG) C:\Users\FAROD\Downloads\avira_de_av___ws.exe
2014-10-08 18:29 - 2014-10-08 18:29 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-08 15:14 - 2014-10-09 12:48 - 00000000 ____D () C:\Users\FAROD\AppData\Roaming\Huytiku
2014-10-05 16:05 - 2014-10-05 16:05 - 01101648 _____ () C:\Users\FAROD\Downloads\CHIP Online Windows Starter Kit - CHIP-Installer.exe
2014-10-05 15:51 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\system32\dhRichClient3.dll
2014-10-05 15:51 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\system32\sqlite36_engine.dll
2014-10-05 15:50 - 2014-10-05 15:50 - 00000000 ____D () C:\Users\FAROD\Downloads\MyHash
2014-10-05 15:44 - 2014-10-05 15:45 - 01101648 _____ () C:\Users\FAROD\Downloads\HashMyFiles - CHIP-Installer.exe
2014-10-02 20:00 - 2014-10-02 20:01 - 03602664 _____ () C:\Users\FAROD\Downloads\aquasuite_setup.exe
2014-10-01 12:07 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-29 09:08 - 2014-09-29 09:08 - 19364912 _____ () C:\Users\FAROD\Desktop\20140930 Indulor_ZPA.pptx
2014-09-28 11:44 - 2014-09-28 11:44 - 00000000 ____D () C:\Users\FAROD\AppData\Roaming\AVG
2014-09-28 11:41 - 2014-10-08 20:46 - 00000000 ____D () C:\Users\FAROD\AppData\Local\AvgSetupLog
2014-09-28 11:41 - 2014-10-08 20:46 - 00000000 ____D () C:\ProgramData\Avg
2014-09-28 11:41 - 2014-10-08 20:46 - 00000000 ____D () C:\Program Files\AVG
2014-09-28 11:41 - 2014-10-05 16:25 - 00000000 ____D () C:\Users\FAROD\AppData\Local\Avg
2014-09-28 11:40 - 2014-09-28 11:40 - 15722368 _____ (AVG Technologies) C:\Users\FAROD\Downloads\avg_gse_stb_all_329p1_96.exe
2014-09-24 21:22 - 2014-09-24 21:22 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-24 09:52 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-12 19:45 - 2014-05-10 19:13 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6c7324f656f2.job
2014-10-12 19:17 - 2009-12-28 19:47 - 01629587 _____ () C:\Windows\WindowsUpdate.log
2014-10-12 18:59 - 2012-03-30 08:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-12 14:12 - 2009-07-14 06:34 - 00019968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-12 14:12 - 2009-07-14 06:34 - 00019968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-12 10:46 - 2012-01-23 22:21 - 00000000 ___RD () C:\Users\FAROD\Dropbox
2014-10-12 10:46 - 2012-01-23 22:19 - 00000000 ____D () C:\Users\FAROD\AppData\Roaming\Dropbox
2014-10-12 10:44 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-09 12:48 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\Performance
2014-10-09 11:41 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-09 11:40 - 2010-01-01 15:05 - 00000000 ____D () C:\Users\FAROD\AppData\Local\My Games
2014-10-09 11:40 - 2009-12-29 11:35 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-09 11:32 - 2009-09-10 21:31 - 00000000 ____D () C:\Users\FAROD\Documents\My Games
2014-10-09 11:31 - 2010-11-26 21:30 - 00000000 ____D () C:\Program Files\Steam
2014-10-09 09:36 - 2009-12-28 20:03 - 00000000 ____D () C:\Users\FAROD
2014-10-08 20:49 - 2011-10-22 20:24 - 00000000 ____D () C:\Program Files\Common Files\Mcafee
2014-10-08 20:49 - 2009-12-29 22:55 - 00000000 ____D () C:\Program Files\McAfee
2014-10-08 20:49 - 2009-12-28 20:23 - 00000000 ____D () C:\ProgramData\McAfee
2014-10-08 20:21 - 2011-03-05 19:49 - 00000000 ____D () C:\Windows\Minidump
2014-10-08 20:21 - 2009-12-29 04:43 - 00000000 ____D () C:\Windows\Panther
2014-10-08 19:08 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-06 13:46 - 2011-01-19 17:31 - 00012267 _____ () C:\Users\FAROD\AppData\Roaming\SmarThruOptions.xml
2014-10-05 11:14 - 2009-10-20 16:18 - 00000000 ____D () C:\Users\FAROD\Documents\Steuerfälle
2014-10-04 18:05 - 2009-09-12 19:00 - 00000000 ____D () C:\Users\FAROD\Desktop\Sonstiges
2014-09-29 09:08 - 2009-09-23 10:35 - 00000000 ____D () C:\Users\FAROD\Desktop\AMT
2014-09-28 17:06 - 2009-12-30 11:55 - 00000000 ____D () C:\Users\FAROD\Desktop\Utilities
2014-09-28 11:57 - 2009-12-30 12:28 - 00000000 ____D () C:\Users\FAROD\AppData\Roaming\Skype
2014-09-28 11:57 - 2009-12-29 18:54 - 00000000 ____D () C:\Users\FAROD\AppData\Local\Microsoft Help
2014-09-28 11:57 - 2009-09-09 18:55 - 00000000 ____D () C:\Users\FAROD\Documents\Youcam
2014-09-27 18:47 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-25 20:41 - 2012-04-26 08:17 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-25 08:19 - 2009-12-28 20:23 - 01671768 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-24 14:00 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-24 08:59 - 2012-03-30 08:00 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 08:59 - 2011-05-19 18:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-18 17:25 - 2013-07-12 08:37 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-18 08:21 - 2012-01-23 22:20 - 00000000 ____D () C:\Users\FAROD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-15 09:06 - 2009-12-28 20:35 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.5972.dll


Some content of TEMP:
====================
C:\Users\FAROD\AppData\Local\Temp\avgnt.exe
C:\Users\FAROD\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9tdchr.dll
C:\Users\FAROD\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-11 17:49

==================== End Of Log ============================
         
--- --- ---


Vielen Dank!
samsum54

Alt 13.10.2014, 14:26   #10
schrauber
/// the machine
/// TB-Ausbilder
 

qogunit.exe - Standard

qogunit.exe



Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.10.2014, 16:36   #11
samsum54
 
qogunit.exe - Standard

Vielen Dank



Hallo schrauber,
alles erledigt und Rechner läuft wieder einwandfrei.
Super Unterstützung!
Vielen Dank!

Alt 14.10.2014, 10:08   #12
schrauber
/// the machine
/// TB-Ausbilder
 

qogunit.exe - Standard

qogunit.exe



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu qogunit.exe
beendet, blue, blue screen, dateien, eingeschränkt, gelöscht, gen, hallo zusammen, keine musik, komplett, langsam, lösung, musik, namen, neue, nichts, ordner, programme, prozess, rechner, screen, taskmanager, versteckte, video, virus



Zum Thema qogunit.exe - Hallo zusammen, ich glaube ich habe mir gestern ein Virus eingefangen, indem ich aus Versehen eine Emial mit einer wave-Datei geöffnet habe. Leider habe ich die Datei inzwischen komplett gelöscht, - qogunit.exe...
Archiv
Du betrachtest: qogunit.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.