Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Win Vista: Eine bestimmte Seite lädt nicht (alle Browser) (https://www.trojaner-board.de/159102-win-vista-bestimmte-seite-laedt-alle-browser.html)

einverstande 25.09.2014 21:24
Win Vista: Eine bestimmte Seite lädt nicht (alle Browser)
 
Hallo,

Mein Laptop öffnet eine bestimmte Webseite nicht mehr, weder mit Firefox, Chrome noch mit dem IE. Nur hin und wieder, bei jedem x-ten Versuch, kann ich zumindest die Startseite öffnen. Ein Netzwerkproblem kann ich ausschließen, andere Geräte im gleichen Netzwerk können auf die Seite zugreifen.

Ich weiß nicht weiter und bitte um euren fachmännischen Rat!

cosinus 25.09.2014 22:04
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

einverstande 26.09.2014 21:56
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-09-2014
Ran by Dominik (administrator) on DOMINIK-PC on 26-09-2014 07:32:39
Running from C:\Users\Dominik\Desktop
Loaded Profile: Dominik (Available profiles: Dominik)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\chrome\chrome.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Sony DADC Austria AG.) C:\Windows\System32\UAService7.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Quanta Computer Inc.) C:\Program Files\FSC OSD Utility\OSDUtility.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATILFE.EXE
(Spotify Ltd) C:\Users\Dominik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6609440 2008-10-31] (Realtek Semiconductor)
HKLM\...\Run: [FSC OSD Utility] => c:\Program Files\FSC OSD Utility\OSDUtility.exe [737280 2008-11-20] (Quanta Computer Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [NBKeyScan] => "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\Run: [Google Update] => C:\Users\Dominik\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2010-01-11] (Google Inc.)
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATILFE.EXE [260160 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\Run: [Spotify Web Helper] => C:\Users\Dominik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-29] (Spotify Ltd)
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\MountPoints2: {252bbb41-5e7c-11de-a57e-00225f812f03} - F:\setup.exe AUTORUN=1
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\MountPoints2: {293a1067-994d-11de-b2f8-00238bae0d1b} - F:\AutoRun.exe
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\MountPoints2: {293a1068-994d-11de-b2f8-00238bae0d1b} - F:\AutoRun.exe
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\MountPoints2: {734d1826-bd65-11de-b097-00238bae0d1b} - F:\autorun.exe
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\MountPoints2: {a396976f-db58-11df-953c-00225f812f03} - H:\Startme.exe
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\MountPoints2: {ae843b4a-2c38-11df-8bb3-00238bae0d1b} - I:\autorun.exe
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\MountPoints2: {eb349a1f-934c-11de-bb72-00238bae0d1b} - F:\AutoRun.exe
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\MountPoints2: {eb349a2e-934c-11de-bb72-00238bae0d1b} - F:\AutoRun.exe
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\MountPoints2: {f1ec3485-b1ac-11df-aff0-00238bae0d1b} - H:\Startme.exe
HKU\S-1-5-18\...\Run: [Picasa Media Detector] => C:\Program Files\Picasa2\PicasaMediaDetector.exe
HKU\S-1-5-18\...\Run: [fsc-reg] => c:\fsc-reg\fscreg.exe
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dominik\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dominik\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dominik\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dominik\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: SmartFTP Drop -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\sfShellTools.dll (SmartSoft Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} -  No File
DPF: {00000130-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/ACELPACM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Hosts: Hosts file not detected in the default directory
Tcpip\..\Interfaces\{CD0D90AA-E0A7-4369-93D1-6E2AF12D9F1F}: [NameServer] 8.8.8.8,217.79.186.148

FireFox:
========
FF ProfilePath: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\ayu1jrhb.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 -> C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @rim.com/npappworld -> C:\Program Files\Research In Motion Limited\Browser-Plug-In für BlackBerry World\npappworld.dll ()
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Dominik\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Dominik\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dominik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-15]
FF HKCU\...\Firefox\Extensions: [{ad237ae1-f3b7-49d8-897a-4c6b2373011e}] - C:\Program Files\TubeSaver\130.xpi

Chrome:
=======
CHR CustomProfile: C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-19]
CHR Extension: (Google Drive) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-19]
CHR Extension: (Last updated at $time$ on $date$) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-04]
CHR Extension: (Google Search) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-19]
CHR Extension: (Ghostery) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-04-04]
CHR Extension: (Google Wallet) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-19]
CHR HKLM\...\Chrome\Extension: [ojcdnngpmbenohhjlickdajclhbcaada] - C:\Program Files\TubeSaver\130.crx []
CHR StartMenuInternet: Google Chrome - Chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 ChromeService; C:\Program Files\chrome\chrome.exe [1465344 2012-01-30] () [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75064 2010-04-19] ()
S4 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [214816 2010-05-13] ()
S3 TestHandler; C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe [384792 2010-09-24] (Fujitsu Technology Solutions)
R2 UserAccess7; C:\Windows\system32\UAService7.exe [192512 2009-06-22] (Sony DADC Austria AG.) [File not signed]
S2 Norman ZANDA; "C:\Program Files\Norman\Npm\Bin\Zanda.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [173576 2008-05-27] (AMD Technologies Inc.)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2009-12-18] ()
R3 csr_a2dp; C:\Windows\System32\drivers\bthav.sys [66952 2010-02-05] (CSR, plc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [218688 2011-06-25] (DT Soft Ltd)
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [76688 2008-04-03] (JMicron Technology Corp.)
S3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [25856 2009-07-10] (Motorola)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [495768 2009-04-30] (Logitech Inc.)
S4 RsFx0102; C:\Windows\System32\DRIVERS\RsFx0102.sys [242712 2008-07-10] (Microsoft Corporation)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [337920 2008-06-26] (Realtek Semiconductor Corporation                          )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2009-10-20] () [File not signed]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 easytether; system32\DRIVERS\easytthr.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 NPF; system32\drivers\NPF.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 sony_ssm.sys; \??\C:\Users\Dominik\AppData\Local\Temp\sony_ssm.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-26 07:33 - 2014-09-26 07:34 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Dominik\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-26 07:32 - 2014-09-26 07:34 - 00017880 _____ () C:\Users\Dominik\Desktop\FRST.txt
2014-09-26 07:32 - 2014-09-26 07:32 - 00000000 ____D () C:\FRST
2014-09-26 07:31 - 2014-09-26 07:31 - 01100288 _____ (Farbar) C:\Users\Dominik\Desktop\FRST.exe
2014-09-14 21:12 - 2014-09-14 21:12 - 00008746 _____ () C:\Users\Dominik\Desktop\Excel.xlsx
2014-09-14 21:03 - 2014-09-14 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2014-09-14 21:02 - 2014-09-14 21:02 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-09-14 20:57 - 2014-09-14 20:57 - 00000000 ____D () C:\Program Files\Microsoft Sync Framework
2014-09-14 20:52 - 2014-09-14 20:52 - 00000000 __RHD () C:\MSOCache
2014-09-08 23:02 - 2014-09-09 08:16 - 00290304 _____ (Microsoft Corporation) C:\Windows\system32\subinacl.exe
2014-09-08 23:01 - 2014-09-08 23:02 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-09-05 11:29 - 2008-03-17 15:45 - 01414440 _____ (Nero AG) C:\Windows\system32\ShellManager310E2D762.dll
2014-09-05 11:29 - 2008-03-11 20:30 - 00774144 _____ () C:\Windows\system32\NEROINSTAEC43759.DB
2014-09-05 11:28 - 2014-09-05 11:28 - 00001024 _____ () C:\Users\Dominik\.rnd
2014-09-05 11:28 - 2014-09-05 11:28 - 00000000 _____ () C:\Windows\Irremote.ini

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-26 07:32 - 2009-06-21 02:30 - 01380883 _____ () C:\Windows\WindowsUpdate.log
2014-09-26 07:29 - 2014-01-22 09:15 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-26 07:27 - 2013-03-31 23:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-26 07:23 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-26 07:23 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-26 07:23 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-25 22:55 - 2014-04-10 19:25 - 00001076 _____ () C:\Windows\bthservsdp.dat
2014-09-25 22:55 - 2006-11-02 15:01 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-25 22:53 - 2014-01-22 09:15 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-25 22:53 - 2010-01-11 02:26 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3695018469-195769397-3593371619-1000UA.job
2014-09-25 22:20 - 2013-10-30 21:20 - 00000917 _____ () C:\Windows\Tasks\EPSON XP-312 313 315 Series Update {0D5E8FE3-DE76-4A84-BFC9-6139B2B4C5E4}.job
2014-09-25 22:20 - 2013-10-30 21:20 - 00000731 _____ () C:\Windows\Tasks\EPSON XP-312 313 315 Series Invitation {0D5E8FE3-DE76-4A84-BFC9-6139B2B4C5E4}.job
2014-09-25 20:27 - 2012-06-11 14:58 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-25 20:27 - 2012-03-24 12:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-25 19:52 - 2010-01-11 02:26 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3695018469-195769397-3593371619-1000Core.job
2014-09-24 10:44 - 2011-04-21 16:54 - 00001022 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-09-22 19:42 - 2009-06-20 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-09-22 19:42 - 2009-06-20 17:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-22 14:30 - 2010-04-19 19:04 - 00000000 ____D () C:\Program Files\Wolfenstein - Enemy Territory
2014-09-22 10:40 - 2009-09-13 01:34 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\vlc
2014-09-22 08:41 - 2010-01-18 03:49 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-20 21:13 - 2014-04-11 19:22 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\Spotify
2014-09-20 18:52 - 2014-04-11 19:23 - 00000000 ____D () C:\Users\Dominik\AppData\Local\Spotify
2014-09-16 08:10 - 2009-03-02 07:08 - 00000000 ____D () C:\Google
2014-09-15 17:30 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-15 07:39 - 2012-02-20 16:56 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\uTorrent
2014-09-15 07:24 - 2009-06-20 18:01 - 00113120 _____ () C:\Users\Dominik\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-15 07:23 - 2006-11-02 14:47 - 02343008 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-15 07:22 - 2012-08-24 07:50 - 00028680 _____ () C:\Windows\PFRO.log
2014-09-14 21:49 - 2011-06-12 13:55 - 00000000 ____D () C:\Program Files\LibreOffice 3
2014-09-14 21:49 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\ShellNew
2014-09-14 21:02 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\MSBuild
2014-09-14 21:02 - 2006-11-02 13:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-09-14 20:58 - 2009-06-20 17:50 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-09-14 20:57 - 2009-06-20 17:51 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-09-14 20:17 - 2008-04-09 12:19 - 01742558 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-08 23:02 - 2013-12-04 22:43 - 00000824 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-08 22:52 - 2009-06-20 18:01 - 00000915 _____ () C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-06 11:08 - 2013-12-04 22:43 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-06 11:08 - 2013-07-22 20:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-05 17:13 - 2012-11-23 17:50 - 00000000 ____D () C:\Program Files\Convar
2014-09-05 17:13 - 2012-03-05 23:29 - 00000000 ____D () C:\Dosbox
2014-09-05 14:06 - 2008-01-11 13:51 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-09-05 14:04 - 2013-07-10 10:35 - 00000000 ____D () C:\ProgramData\Freemake
2014-09-05 14:04 - 2013-07-10 10:35 - 00000000 ____D () C:\Program Files\Freemake
2014-09-05 12:51 - 2009-11-15 01:27 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0
2014-09-05 11:35 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Microsoft Games
2014-09-05 11:30 - 2009-06-20 17:46 - 00000722 _____ () C:\Windows\system32\MsiExec.exe.log
2014-09-05 11:29 - 2009-06-20 17:45 - 00000000 ____D () C:\ProgramData\Nero
2014-09-05 11:29 - 2009-06-20 17:45 - 00000000 ____D () C:\Program Files\Common Files\Nero
2014-09-05 11:28 - 2009-06-20 17:58 - 00000000 ____D () C:\Users\Dominik
2014-09-05 11:21 - 2012-05-24 13:40 - 00000000 ___RD () C:\Users\Dominik\Dropbox
2014-09-05 11:20 - 2014-07-13 13:21 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\DropboxMaster
2014-09-05 11:20 - 2010-09-12 17:07 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\Dropbox
2014-09-05 11:20 - 2009-06-29 18:44 - 00000069 _____ () C:\Windows\NeroDigital.ini
2014-09-05 11:20 - 2009-06-20 19:19 - 00237056 _____ () C:\Users\Dominik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-02 08:51 - 2012-06-08 14:06 - 00000000 ____D () C:\Users\Dominik\Desktop\Uni
2014-09-01 14:17 - 2011-12-12 14:05 - 00000000 ____D () C:\Users\Dominik\Neuer Ordner (2)
2014-09-01 11:08 - 2009-09-25 17:20 - 00000000 ___HD () C:\Users\Dominik\.mediaclient

Files to move or delete:
====================
C:\Users\Dominik\xobglu16.dll
C:\Users\Dominik\xobglu32.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-26 07:35

==================== End Of Log ============================
--- --- ---

--- --- ---


Addition
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-09-2014
Ran by Dominik at 2014-09-26 07:34:36
Running from C:\Users\Dominik\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
AAC Decoder (HKLM\...\{AEF9DC35ADDF4825B049ACBFD1C6EB37}) (Version: 7.1.0 - DivX, Inc.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Anchor Service CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe CSI CS4 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Output Module (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (HKLM\...\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop CS4 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader 9 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Search for Help (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)
Adobe Type Support CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe Widget Browser (HKLM\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Adobe Widget Browser (Version: 2.0.230 - Adobe Systems Incorporated.) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (Version: 2.0 - Adobe Systems Incorporated) Hidden
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research in Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research in Motion Ltd.) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brothers In Arms (HKLM\...\BrothersInArms) (Version:  - Ubisoft)
Browser-Plug-In für BlackBerry World (HKLM\...\{DC926085-6D34-4D95-B5D8-558C1FC2911F}) (Version: 10.2.168.12 - Research In Motion Limited)
CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM\...\Dev-C++) (Version:  - )
DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.5 - DivX, Inc.)
DivX Player (HKLM\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.2.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.2 - DivX, Inc.)
DivX Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.5.0 - DivX,Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Druckerdeinstallation für EPSON XP-312 313 315 Series (HKLM\...\EPSON XP-312 313 315 Series) (Version:  - SEIKO EPSON Corporation)
Epson Event Manager (HKLM\...\{2970697F-2A11-4588-8B7F-97322D1CCF3C}) (Version: 3.10.0017 - Seiko Epson Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
EPSON-Handbücher (HKLM\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.30.0.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
FIFA 11 (HKLM\...\{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}) (Version: 1.0.0.0 - Electronic Arts)
Free AVI Video Converter version 5.0.31.1125 (HKLM\...\Free AVI Video Converter_is1) (Version: 5.0.31.1125 - DVDVideoSoft Ltd.)
FSC OSD Utility (HKLM\...\InstallShield_{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}) (Version: 1.2.1.4 - Quanta Computer Inc.)
FSC OSD Utility (Version: 1.2.1.4 - Quanta Computer Inc.) Hidden
Fujitsu Siemens Computers Recovery (HKLM\...\{AFC454ED-A26F-4816-826B-C35129D82E1F}) (Version: 1.3.9 - Fujitsu Siemens Computers)
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
H.264 Decoder (HKLM\...\{A96E97134CA649888820BCDE5E300BBD}) (Version: 1.1.0 - DivX, Inc.)
IL Download Manager (HKLM\...\IL Download Manager) (Version:  - Image-Line bvba)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java Auto Updater (Version: 2.0.7.2 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 37 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.370 - Oracle)
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
Medal of Honor Allied Assault (HKLM\...\{0DEA94ED-915A-4834-A87E-388D012C8E02}) (Version:  - )
MedienManager 1.5.1 (HKLM\...\8781-9705-0578-2960) (Version: 1.5.1 - A1 Telekom Austria AG)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM\...\Age of Empires 2.0) (Version:  - )
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.2.0223.1 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.2.223.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Native Client (HKLM\...\{C91C4EF4-63E1-41EE-AE6A-5152628FDC21}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{A106D33E-6B43-42C0-9BFC-D03303261FA7}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Setup Support Files (English) (HKLM\...\{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008-Browser (HKLM\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch) (HKLM\...\{738B0934-6676-44F6-AB52-32F4E60DCA7F}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{D074DC76-F6C9-440E-A1D0-1DE958417FDB}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu (HKLM\...\{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}) (Version: 3.5.30729 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (HKLM\...\{044F9133-B8D7-4d11-BF39-803FA20F5C8B}) (Version: 6.1.5295.17011 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden
MKV Splitter (HKLM\...\{AAC389499AEF40428987B3D30CFC76C9}) (Version: 1.0.1 - DivX, Inc.)
MotoHelper MergeModules (Version: 1.0.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 4.9.0 (HKLM\...\{C7C7C686-8479-4173-9570-F4B350D91B37}) (Version: 4.9.0 - Motorola Inc.)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MySQL Connector/ODBC 3.51 (HKLM\...\{0CB3C535-1171-4A20-B549-E2CB5DEB9723}) (Version: 3.51.12 - MySQL AB)
neroxml (Version: 1.0.0 - Nero AG) Hidden
Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Oblivion - BTmod 2.20 (HKLM\...\BTmod) (Version: 2.20 - Beider & Tikigod)
PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
QuickTime (HKLM\...\{8DC42D05-680B-41B0-8878-6C14D24602DB}) (Version: 7.55.90.70 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - Realtek Semiconductor Corp.)
Return to Castle Wolfenstein (HKLM\...\Return to Castle Wolfenstein) (Version: 1.0 - Activision, Inc.)
SmartFTP Client (HKLM\...\{2B7B47E1-B482-4D3A-ABFD-2FF8E077ECA6}) (Version: 4.0.1048.0 - SmartSoft Ltd.)
Software Updater (HKLM\...\{82DEE0F4-18DB-4C49-89A4-0BEE4597DF45}) (Version: 4.1.5 - SEIKO EPSON CORPORATION)
Spotify (HKCU\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
Sql Server Customer Experience Improvement Program (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Stellarium 0.10.6.1 (HKLM\...\Stellarium_is1) (Version:  - )
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
SWR3 RauchFrei Version 1.2 (HKLM\...\SWR3 RauchFrei_is1) (Version: 1.1 - Oliver Reuther und SWR3)
System Requirements Lab CYRI (HKLM\...\{1F77C418-2C90-459C-BD33-B56A4182B9FA}) (Version: 4.4.26.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM\...\{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}) (Version: 4.4.24.0 - Husdawg, LLC)
SystemDiagnostics (HKLM\...\{80B0B731-5FAE-475D-8844-20F46373780D}) (Version: 3.02.0010 - Fujitsu Technology Solutions)
TuneUp Utilities Language Pack (de-DE) (Version: 13.0.2020.4 - TuneUp Software) Hidden
Ubuntu (HKLM\...\Wubi) (Version: 11.10-rev241 - Ubuntu)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 1.0.1 (HKLM\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
Wolfenstein - Enemy Territory (HKLM\...\Wolfenstein - Enemy Territory) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Dominik\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Dominik\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Dominik\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Dominik\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Dominik\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Dominik\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Dominik\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Dominik\AppData\Local\Google\Chrome\Application\37.0.2062.124\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Dominik\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Dominik\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Dominik\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Dominik\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Dominik\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Dominik\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Dominik\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Dominik\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Dominik\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dominik\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dominik\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dominik\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dominik\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Dominik\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================

14-09-2014 19:11:24 Removed LibreOffice 3.3
14-09-2014 19:41:47 Removed LibreOffice 3.3
15-09-2014 15:34:13 Windows Update
16-09-2014 08:10:33 Geplanter Prüfpunkt
17-09-2014 18:26:37 Geplanter Prüfpunkt
18-09-2014 17:48:19 Geplanter Prüfpunkt
19-09-2014 06:18:53 Geplanter Prüfpunkt
19-09-2014 17:24:22 Windows Update
20-09-2014 12:59:15 Geplanter Prüfpunkt
21-09-2014 17:38:50 Geplanter Prüfpunkt
23-09-2014 05:51:02 Windows Update

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {414D2C15-4B0C-47A1-A1D8-BD59CCE2D9D1} - System32\Tasks\{F66B6BE2-5BAE-4BDA-BE68-147305C2E318} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.0.107/de/abandoninstall?page=tsProgressBar
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {4A1E38A5-77C0-460F-B225-7103D74B3D10} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3695018469-195769397-3593371619-1000UA => C:\Users\Dominik\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-11] (Google Inc.)
Task: {5D976771-3190-49F1-ACA1-13F766A8AAE1} - System32\Tasks\EPSON XP-312 313 315 Series Update {0D5E8FE3-DE76-4A84-BFC9-6139B2B4C5E4} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLFE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {693717BC-DE55-4B57-A16A-271BE3D5D40A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3695018469-195769397-3593371619-1000Core => C:\Users\Dominik\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-11] (Google Inc.)
Task: {79B7D8AD-3659-4E7E-A09B-80AD2BA72C8B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-25] (Adobe Systems Incorporated)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {B4FCA376-E359-45D3-9A4D-3D370D244F9D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.)
Task: {BA9DB32E-1963-46F7-AAA7-9B39E8518F69} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.)
Task: {D7DDA650-F117-4E48-AEF8-CFD5A167E50F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {DB95275E-F78D-4C29-9AD9-EC1FD7390D1B} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-16] (Google)
Task: {E3069A51-E3C3-4769-867F-92424D411499} - System32\Tasks\EPSON XP-312 313 315 Series Invitation {0D5E8FE3-DE76-4A84-BFC9-6139B2B4C5E4} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLFE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F57EB32E-14B2-45CD-A799-B7087A02F982} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EPSON XP-312 313 315 Series Invitation {0D5E8FE3-DE76-4A84-BFC9-6139B2B4C5E4}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLFE.EXE
Task: C:\Windows\Tasks\EPSON XP-312 313 315 Series Update {0D5E8FE3-DE76-4A84-BFC9-6139B2B4C5E4}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLFE.EXE
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3695018469-195769397-3593371619-1000Core.job => C:\Users\Dominik\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3695018469-195769397-3593371619-1000UA.job => C:\Users\Dominik\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-30 01:26 - 2012-01-30 01:26 - 01465344 _____ () C:\Program Files\chrome\chrome.exe
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-09-25 08:01 - 2014-09-23 06:07 - 08577864 _____ () C:\Users\Dominik\AppData\Local\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-25 08:01 - 2014-09-23 06:07 - 00331592 _____ () C:\Users\Dominik\AppData\Local\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-25 08:01 - 2014-09-23 06:06 - 01660232 _____ () C:\Users\Dominik\AppData\Local\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
AlternateDataStreams: C:\Users\Dominik\Downloads\2012-05-19 18.11.29.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Dominik\Downloads\306031031.avi:TOC.WMV
AlternateDataStreams: C:\Users\Dominik\Downloads\Bamfmichaela001.avi:TOC.WMV
AlternateDataStreams: C:\Users\Dominik\Downloads\Lime_green_jade.avi:TOC.WMV

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Blackberry Device Manager => 3
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: FreemakeVideoCapture => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Nero BackItUp Scheduler 3 => 2
MSCONFIG\Services: PnkBstrA => 2
MSCONFIG\Services: PnkBstrB => 2
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: Sony Ericsson PCCompanion => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\startupfolder: C:^Users^Dominik^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EasyTether => "C:\Program Files\Mobile Stream\EasyTether\easytthr.exe"
MSCONFIG\startupreg: FSCRecovery => c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe
MSCONFIG\startupreg: Google EULA Launcher => c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
MSCONFIG\startupreg: Google Update => "C:\Users\Dominik\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iCloudServices => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "D:\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KFWebServer => G:\server\bin\kfwsmon.exe
MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: MSSE => "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Norman ZANDA => "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
MSCONFIG\startupreg: NPCTray => C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD
MSCONFIG\startupreg: Optimizer Pro => C:\Program Files\Optimizer Pro\OptProLauncher.exe
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: Sony Ericsson PC Companion => "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: Spotify => "C:\Users\Dominik\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Dominik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
MSCONFIG\startupreg: TrojanScanner => C:\Program Files\Trojan Remover\Trjscan.exe /boot
MSCONFIG\startupreg: UnifiedRemoteServer => C:\Program Files\Relmtech\Unified Remote\UnifiedRemoteServer.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\Dominik\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-3695018469-195769397-3593371619-500 - Disabled - Status: Degraded)
Dominik (S-1-5-21-3695018469-195769397-3593371619-1000 - Enabled - Status: OK) => C:\Users\Dominik
Gast (S-1-5-21-3695018469-195769397-3593371619-501 - Disabled - Status: Degraded)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/26/2014 07:35:41 AM) (Source: chrome.exe) (EventID: 0) (User: )
Description:

Error: (09/26/2014 07:35:11 AM) (Source: chrome.exe) (EventID: 0) (User: )
Description:

Error: (09/26/2014 07:34:41 AM) (Source: chrome.exe) (EventID: 0) (User: )
Description:

Error: (09/26/2014 07:34:11 AM) (Source: chrome.exe) (EventID: 0) (User: )
Description:

Error: (09/26/2014 07:33:41 AM) (Source: chrome.exe) (EventID: 0) (User: )
Description:

Error: (09/26/2014 07:33:11 AM) (Source: chrome.exe) (EventID: 0) (User: )
Description:

Error: (09/26/2014 07:32:41 AM) (Source: chrome.exe) (EventID: 0) (User: )
Description:

Error: (09/26/2014 07:32:10 AM) (Source: chrome.exe) (EventID: 0) (User: )
Description:

Error: (09/26/2014 07:31:40 AM) (Source: chrome.exe) (EventID: 0) (User: )
Description:

Error: (09/26/2014 07:31:10 AM) (Source: chrome.exe) (EventID: 0) (User: )
Description:


System errors:
=============
Error: (09/26/2014 07:34:10 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (09/26/2014 07:34:10 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (09/26/2014 07:34:10 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (09/26/2014 07:34:10 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (09/26/2014 07:31:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (09/26/2014 07:31:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (09/26/2014 07:31:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (09/26/2014 07:31:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (09/26/2014 07:31:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (09/26/2014 07:31:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058


Microsoft Office Sessions:
=========================
Error: (09/26/2014 07:35:41 AM) (Source: chrome.exe) (EventID: 0) (User: )
Description:

Error: (09/26/2014 07:35:11 AM) (Source: chrome.exe) (EventID: 0) (User: )
Description:

Error: (09/26/2014 07:34:41 AM) (Source: chrome.exe) (EventID: 0) (User: )
Description:

Error: (09/26/2014 07:34:11 AM) (Source: chrome.exe) (EventID: 0) (User: )
Description:

Error: (09/26/2014 07:33:41 AM) (Source: chrome.exe) (EventID: 0) (User: )
Description:

Error: (09/26/2014 07:33:11 AM) (Source: chrome.exe) (EventID: 0) (User: )
Description:

Error: (09/26/2014 07:32:41 AM) (Source: chrome.exe) (EventID: 0) (User: )
Description:

Error: (09/26/2014 07:32:10 AM) (Source: chrome.exe) (EventID: 0) (User: )
Description:

Error: (09/26/2014 07:31:40 AM) (Source: chrome.exe) (EventID: 0) (User: )
Description:

Error: (09/26/2014 07:31:10 AM) (Source: chrome.exe) (EventID: 0) (User: )
Description:


CodeIntegrity Errors:
===================================
  Date: 2014-08-23 18:55:18.298
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-23 18:55:18.100
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-23 18:55:17.896
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-23 18:55:17.714
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-06 08:24:10.458
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-06 08:24:10.189
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-06 08:24:09.922
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-06 08:24:09.648
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-06 08:24:06.662
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-06 08:24:06.362
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 56%
Total physical RAM: 2907.68 MB
Available physical RAM: 1276.32 MB
Total Pagefile: 7225.88 MB
Available Pagefile: 5314.6 MB
Total Virtual: 3071.88 MB
Available Virtual: 2921.54 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:92.21 GB) (Free:27.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATEN) (Fixed) (Total:197.09 GB) (Free:150.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 7C24A688)
Partition 1: (Not Active) - (Size=8.8 GB) - (Type=27)
Partition 2: (Active) - (Size=92.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=197.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Emsi
Code:
Emsisoft Anti-Malware - Version 9.0
Letztes Update: 26.09.2014 20:40:58
Benutzerkonto: Dominik-PC\Dominik

Scan Einstellungen:

Scan Methode: Smart Scan
Objekte: Rootkits, Speicher, Traces, C:\Windows\, C:\Program Files\

PUPs-Erkennung: Aus
Archiv Scan: Aus
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn:        26.09.2014 21:20:13
C:\Users\Dominik\AppData\Local\genienext        gefunden: Application.AdGenie (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MOBOGENIEADD        gefunden: Application.AdGenie (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\OJCDNNGPMBENOHHJLICKDAJCLHBCAADA        gefunden: Application.WebExt (A)
C:\ProgramData\WPM        gefunden: Application.AdSome (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\SUPWPM        gefunden: Application.AdSome (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WPM        gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IEPLUGINSERVICE        gefunden: Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WPM        gefunden: Application.AdShort (A)
C:\Program Files\morpheus        gefunden: Adware.Win32.Shopper (A)
Value: HKEY_USERS\S-1-5-21-3695018469-195769397-3593371619-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR        gefunden: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-3695018469-195769397-3593371619-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS        gefunden: Setting.DisableRegistryTools (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}        gefunden: Application.AdGenie (A)

Gescannt        174788
Gefunden        12

Scan Ende:        26.09.2014 22:36:54
Scan Zeit:        1:16:41
Avira
Code:
26.09.2014,07:47:46 [INFO] ---------------------------------------------------------
26.09.2014,07:47:46 [INFO] Engine-Version:  8.3.24.12
26.09.2014,07:47:46 [INFO] VDF-Version:  8.11.165.190
26.09.2014,07:47:46 [INFO] APC-Version:  2.7.1.3
26.09.2014,07:47:46 [INFO] RDF-Version:  14.0.4.42
26.09.2014,07:47:46 [INFO] Echtzeit-Scanner-Version: 14.00.06.522
26.09.2014,07:48:07 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet!
26.09.2014,07:48:40 [INFO] Verwendete Konfiguration der Echtzeit-Scanner:
      - Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen
      - Geprüfte Dateien: Dateierweiterungsliste verwenden: .386 .?HT* .ACM .ADE .ADP .ANI .APK .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DEX .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XAR .XL* .XML .XXX .ZIP
      - Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen
      - Aktion: Benutzer fragen
      - Archive durchsuchen: Deaktiviert
      - Makrovirenheuristik: Aktiviert
      - Win32 Dateiheuristik: Erkennungsstufe mittel
      - Protokollierungsstufe: Standard
26.09.2014,07:48:44 [INFO] Online-Dienste stehen zur Verfügung.
26.09.2014,07:48:44 [INFO] Verwendete Konfiguration der Echtzeit-Scanner:
      - Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen
      - Geprüfte Dateien: Dateierweiterungsliste verwenden: .386 .?HT* .ACM .ADE .ADP .ANI .APK .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DEX .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XAR .XL* .XML .XXX .ZIP
      - Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen
      - Aktion: Benutzer fragen
      - Archive durchsuchen: Deaktiviert
      - Makrovirenheuristik: Aktiviert
      - Win32 Dateiheuristik: Erkennungsstufe mittel
      - Protokollierungsstufe: Standard
26.09.2014,08:10:54 [INFO] Der Avira Free Antivirus Dienst wurde beendet!
26.09.2014,08:14:05 [INFO] ---------------------------------------------------------
26.09.2014,08:14:05 [INFO] Engine-Version:  8.3.24.12
26.09.2014,08:14:05 [INFO] VDF-Version:  8.11.165.190
26.09.2014,08:14:05 [INFO] APC-Version:  2.7.1.3
26.09.2014,08:14:05 [INFO] RDF-Version:  14.0.4.42
26.09.2014,08:14:05 [INFO] Echtzeit-Scanner-Version: 14.00.06.522
26.09.2014,08:14:13 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet!
26.09.2014,08:14:37 [INFO] Verwendete Konfiguration der Echtzeit-Scanner:
      - Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen
      - Geprüfte Dateien: Dateierweiterungsliste verwenden: .386 .?HT* .ACM .ADE .ADP .ANI .APK .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DEX .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XAR .XL* .XML .XXX .ZIP
      - Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen
      - Aktion: Benutzer fragen
      - Archive durchsuchen: Deaktiviert
      - Makrovirenheuristik: Aktiviert
      - Win32 Dateiheuristik: Erkennungsstufe mittel
      - Protokollierungsstufe: Standard
26.09.2014,08:14:40 [INFO] Online-Dienste stehen zur Verfügung.
26.09.2014,08:16:47 [WARNUNG] Ein verdächtiger Zugriff auf die Registry wurde blockiert!
26.09.2014,08:57:53 [INFO] Der Avira Free Antivirus Dienst wurde beendet!
26.09.2014,18:11:37 [INFO] ---------------------------------------------------------
26.09.2014,18:11:37 [INFO] Engine-Version:  8.3.24.12
26.09.2014,18:11:37 [INFO] VDF-Version:  8.11.165.190
26.09.2014,18:11:37 [INFO] APC-Version:  2.7.1.3
26.09.2014,18:11:37 [INFO] RDF-Version:  14.0.4.42
26.09.2014,18:11:37 [INFO] Echtzeit-Scanner-Version: 14.00.06.522
26.09.2014,18:11:42 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet!
26.09.2014,18:11:58 [INFO] Verwendete Konfiguration der Echtzeit-Scanner:
      - Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen
      - Geprüfte Dateien: Dateierweiterungsliste verwenden: .386 .?HT* .ACM .ADE .ADP .ANI .APK .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DEX .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XAR .XL* .XML .XXX .ZIP
      - Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen
      - Aktion: Benutzer fragen
      - Archive durchsuchen: Deaktiviert
      - Makrovirenheuristik: Aktiviert
      - Win32 Dateiheuristik: Erkennungsstufe mittel
      - Protokollierungsstufe: Standard
26.09.2014,18:12:01 [INFO] Online-Dienste stehen zur Verfügung.
26.09.2014,18:22:13 [INFO] Update-Auftrag gestartet!
26.09.2014,18:22:41 [INFO] ---------------------------------------------------------
26.09.2014,18:22:41 [INFO] Engine-Version:  8.3.24.30
26.09.2014,18:22:41 [INFO] VDF-Version:  8.11.165.190
26.09.2014,18:22:41 [INFO] APC-Version:  2.7.1.3
26.09.2014,18:22:41 [INFO] RDF-Version:  14.0.4.46
26.09.2014,18:22:41 [INFO] Echtzeit-Scanner-Version: 14.00.06.522
26.09.2014,20:36:04 [WARNUNG] Ein verdächtiger Zugriff auf die Registry wurde blockiert!
26.09.2014,20:44:21 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,20:44:23 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,20:44:26 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVSCAN-20140926-203803-C7E12531\AVSCAN-00000004.vir
26.09.2014,20:44:29 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\tbsUd.exe.vir
26.09.2014,20:44:31 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVSCAN-20140926-203803-C7E12531\AVSCAN-00000005.vir
26.09.2014,20:44:37 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,20:44:37 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\tbsUd.exe.vir
26.09.2014,20:44:38 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,20:44:39 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\tbsUd.exe.vir
26.09.2014,20:45:34 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\tbsUd.exe.vir
26.09.2014,20:45:38 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,20:45:39 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\tbsUd.exe.vir
26.09.2014,20:45:47 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,20:45:47 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\tbsUd.exe.vir
26.09.2014,20:45:47 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,20:45:48 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\tbsUd.exe.vir
26.09.2014,20:45:50 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,20:45:53 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,20:45:54 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,20:45:54 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\tbsUd.exe.vir
26.09.2014,21:17:26 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,21:17:27 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\tbsUd.exe.vir
26.09.2014,21:18:27 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,21:18:29 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,21:18:36 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVSCAN-20140926-211729-AB8FB06D\AVSCAN-00000002.vir
26.09.2014,21:18:56 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\tbsUd.exe.vir
26.09.2014,21:18:57 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,21:18:57 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\tbsUd.exe.vir
26.09.2014,21:18:58 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,21:19:00 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,21:19:02 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,21:19:28 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,21:19:36 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVSCAN-20140926-211856-F52A9D19\AVSCAN-00000002.vir
26.09.2014,21:19:36 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\tbsUd.exe.vir
26.09.2014,21:19:38 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVSCAN-20140926-211856-F52A9D19\AVSCAN-00000003.vir
26.09.2014,21:19:38 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\tbsUd.exe.vir
26.09.2014,21:19:47 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,21:19:58 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,21:20:00 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,21:20:02 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,21:20:05 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,21:20:07 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,21:20:07 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\tbsUd.exe.vir
26.09.2014,21:20:42 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,21:20:43 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,21:20:51 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVSCAN-20140926-212009-34332C04\AVSCAN-00000002.vir
26.09.2014,21:20:51 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\tbsUd.exe.vir
26.09.2014,21:20:52 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVSCAN-20140926-212009-34332C04\AVSCAN-00000003.vir
26.09.2014,21:20:53 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\tbsUd.exe.vir
26.09.2014,21:20:55 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\tbsUd.exe.vir
26.09.2014,21:20:56 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,21:20:57 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\tbsUd.exe.vir
26.09.2014,21:20:57 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,21:20:59 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,21:21:00 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,21:21:00 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\tbsUd.exe.vir
26.09.2014,21:21:01 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,21:21:02 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\tbsUd.exe.vir
26.09.2014,21:21:41 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\tbsUd.exe.vir
26.09.2014,21:21:41 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,21:21:42 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\tbsUd.exe.vir
26.09.2014,21:21:51 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,21:21:51 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\tbsUd.exe.vir
26.09.2014,21:21:51 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,21:21:54 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,21:21:56 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,21:21:56 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\tbsUd.exe.vir
26.09.2014,21:22:40 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,21:23:05 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVSCAN-20140926-212146-86567D0A\AVSCAN-00000002.vir
26.09.2014,21:23:05 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\tbsUd.exe.vir
26.09.2014,21:23:09 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVSCAN-20140926-212146-86567D0A\AVSCAN-00000003.vir
26.09.2014,21:23:09 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\tbsUd.exe.vir
26.09.2014,21:23:57 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,21:24:07 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,21:24:30 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVSCAN-20140926-212330-DF4F4510\AVSCAN-00000002.vir
26.09.2014,21:24:30 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\tbsUd.exe.vir
26.09.2014,21:24:31 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVSCAN-20140926-212330-DF4F4510\AVSCAN-00000003.vir
26.09.2014,21:24:32 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\tbsUd.exe.vir
26.09.2014,21:25:18 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,21:25:20 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,21:25:35 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVSCAN-20140926-212454-27245052\AVSCAN-00000002.vir
26.09.2014,21:25:35 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\tbsUd.exe.vir
26.09.2014,21:25:37 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVSCAN-20140926-212454-27245052\AVSCAN-00000003.vir
26.09.2014,21:25:37 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\tbsUd.exe.vir
26.09.2014,22:09:17 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,22:09:21 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.dll.vir
26.09.2014,22:09:43 [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen!
  C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVSCAN-20140926-220746-BA1B6BEF\AVSCAN-00000002.vir
26.09.2014,22:09:44 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\tbsUd.exe.vir
26.09.2014,22:09:45 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\tbsUd.exe.vir
26.09.2014,22:09:46 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVSCAN-20140926-220746-BA1B6BEF\AVSCAN-00000003.vir
26.09.2014,22:45:05 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\ADWCLEANER\QUARANTINE\C\PROGRAM FILES\TUBESAVER\TBSUD.EXE.VIR
26.09.2014,22:50:16 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\ADWCLEANER\QUARANTINE\C\PROGRAM FILES\TUBESAVER\TBSUD.EXE.VIR
26.09.2014,22:50:19 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\ADWCLEANER\QUARANTINE\C\PROGRAM FILES\TUBESAVER\TBSUD.EXE.VIR
26.09.2014,22:50:26 [FUND] Enthält Erkennungsmuster der Adware ADWARE/AddLyrics.H.26!
  C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVSCAN-20140926-224935-1795833D\AVSCAN-00000002.VIR

cosinus 26.09.2014 22:13
Adware/Junkware/Toolbars entfernen

1. Schritt: Malwarebytes

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

2. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



3. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




4. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


einverstande 28.09.2014 11:48
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 28.09.2014
Suchlauf-Zeit: 12:09:29
Logdatei:
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.28.02
Rootkit Datenbank: v2014.09.19.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: Dominik

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 347595
Verstrichene Zeit: 29 Min, 47 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.3 (09.27.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Dominik on 28.09.2014 at 12:02:35,75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Dominik\AppData\Roaming\mozilla\firefox\profiles\ayu1jrhb.default\minidumps [9 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.09.2014 at 12:07:35,88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AdwCleaner Logfile:
Code:
# AdwCleaner v3.310 - Bericht erstellt am 28/09/2014 um 11:54:53
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Dominik - DOMINIK-PC
# Gestartet von : C:\Users\Dominik\Desktop\AdwCleaner_3.310.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\ProgramData\SecTaskMan
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Users\Dominik\AppData\Local\genienext
Ordner Gelöscht : C:\Users\Dominik\Documents\Mobogenie
Datei Gelöscht : C:\Users\Dominik\daemonprocess.txt
Datei Gelöscht : C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage
Datei Gelöscht : C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage-journal

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ojcdnngpmbenohhjlickdajclhbcaada
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Optimizer Pro v3.2
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Re_Markit
Schlüssel Gelöscht : HKLM\SOFTWARE\supWPM
Schlüssel Gelöscht : HKLM\SOFTWARE\Wpm

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16443


-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\ayu1jrhb.default\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}

*************************

AdwCleaner[R0].txt - [3952 octets] - [26/08/2013 20:01:36]
AdwCleaner[R1].txt - [1798 octets] - [16/02/2014 18:56:36]
AdwCleaner[R2].txt - [2333 octets] - [28/09/2014 11:39:44]
AdwCleaner[S0].txt - [4107 octets] - [26/08/2013 20:03:19]
AdwCleaner[S1].txt - [1863 octets] - [16/02/2014 18:59:40]
AdwCleaner[S2].txt - [2323 octets] - [28/09/2014 11:54:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2383 octets] ##########
--- --- ---



FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-09-2014
Ran by Dominik (administrator) on DOMINIK-PC on 28-09-2014 12:44:16
Running from C:\Users\Dominik\Desktop
Loaded Profiles: Dominik &  (Available profiles: Dominik)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Sony DADC Austria AG.) C:\Windows\System32\UAService7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Quanta Computer Inc.) C:\Program Files\FSC OSD Utility\OSDUtility.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATILFE.EXE
(Spotify Ltd) C:\Users\Dominik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6609440 2008-10-31] (Realtek Semiconductor)
HKLM\...\Run: [FSC OSD Utility] => c:\Program Files\FSC OSD Utility\OSDUtility.exe [737280 2008-11-20] (Quanta Computer Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [NBKeyScan] => "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Picasa Media Detector] => C:\Program Files\Picasa2\PicasaMediaDetector.exe
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [fsc-reg] => c:\fsc-reg\fscreg.exe
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\Run: [Google Update] => C:\Users\Dominik\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2010-01-11] (Google Inc.)
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATILFE.EXE [260160 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\Run: [Spotify Web Helper] => C:\Users\Dominik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-27] (Spotify Ltd)
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\MountPoints2: {252bbb41-5e7c-11de-a57e-00225f812f03} - F:\setup.exe AUTORUN=1
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\MountPoints2: {293a1067-994d-11de-b2f8-00238bae0d1b} - F:\AutoRun.exe
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\MountPoints2: {293a1068-994d-11de-b2f8-00238bae0d1b} - F:\AutoRun.exe
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\MountPoints2: {734d1826-bd65-11de-b097-00238bae0d1b} - F:\autorun.exe
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\MountPoints2: {a396976f-db58-11df-953c-00225f812f03} - H:\Startme.exe
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\MountPoints2: {ae843b4a-2c38-11df-8bb3-00238bae0d1b} - I:\autorun.exe
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\MountPoints2: {eb349a1f-934c-11de-bb72-00238bae0d1b} - F:\AutoRun.exe
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\MountPoints2: {eb349a2e-934c-11de-bb72-00238bae0d1b} - F:\AutoRun.exe
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\MountPoints2: {f1ec3485-b1ac-11df-aff0-00238bae0d1b} - H:\Startme.exe
HKU\S-1-5-21-3695018469-195769397-3593371619-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3695018469-195769397-3593371619-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Dominik\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2010-01-11] (Google Inc.)
HKU\S-1-5-21-3695018469-195769397-3593371619-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3695018469-195769397-3593371619-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATILFE.EXE [260160 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3695018469-195769397-3593371619-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Dominik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-27] (Spotify Ltd)
HKU\S-1-5-21-3695018469-195769397-3593371619-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {252bbb41-5e7c-11de-a57e-00225f812f03} - F:\setup.exe AUTORUN=1
HKU\S-1-5-21-3695018469-195769397-3593371619-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {293a1067-994d-11de-b2f8-00238bae0d1b} - F:\AutoRun.exe
HKU\S-1-5-21-3695018469-195769397-3593371619-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {293a1068-994d-11de-b2f8-00238bae0d1b} - F:\AutoRun.exe
HKU\S-1-5-21-3695018469-195769397-3593371619-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {734d1826-bd65-11de-b097-00238bae0d1b} - F:\autorun.exe
HKU\S-1-5-21-3695018469-195769397-3593371619-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a396976f-db58-11df-953c-00225f812f03} - H:\Startme.exe
HKU\S-1-5-21-3695018469-195769397-3593371619-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ae843b4a-2c38-11df-8bb3-00238bae0d1b} - I:\autorun.exe
HKU\S-1-5-21-3695018469-195769397-3593371619-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {eb349a1f-934c-11de-bb72-00238bae0d1b} - F:\AutoRun.exe
HKU\S-1-5-21-3695018469-195769397-3593371619-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {eb349a2e-934c-11de-bb72-00238bae0d1b} - F:\AutoRun.exe
HKU\S-1-5-21-3695018469-195769397-3593371619-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f1ec3485-b1ac-11df-aff0-00238bae0d1b} - H:\Startme.exe
HKU\S-1-5-18\...\Run: [Picasa Media Detector] => C:\Program Files\Picasa2\PicasaMediaDetector.exe
HKU\S-1-5-18\...\Run: [fsc-reg] => c:\fsc-reg\fscreg.exe
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dominik\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dominik\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dominik\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dominik\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: SmartFTP Drop -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\sfShellTools.dll (SmartSoft Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} -  No File
DPF: {00000130-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/ACELPACM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Hosts: Hosts file not detected in the default directory
Tcpip\..\Interfaces\{CD0D90AA-E0A7-4369-93D1-6E2AF12D9F1F}: [NameServer] 8.8.8.8,217.79.186.148

FireFox:
========
FF ProfilePath: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\ayu1jrhb.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 -> C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @rim.com/npappworld -> C:\Program Files\Research In Motion Limited\Browser-Plug-In für BlackBerry World\npappworld.dll ()
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Dominik\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Dominik\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dominik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\ayu1jrhb.default\Extensions\abs@avira.com [2014-09-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-15]
FF HKCU\...\Firefox\Extensions: [{ad237ae1-f3b7-49d8-897a-4c6b2373011e}] - C:\Program Files\TubeSaver\130.xpi

Chrome:
=======
CHR CustomProfile: C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-19]
CHR Extension: (Google Drive) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-19]
CHR Extension: (Last updated at $time$ on $date$) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-04]
CHR Extension: (Google Search) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-19]
CHR Extension: (Ghostery) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-04-04]
CHR Extension: (Google Wallet) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-19]
CHR StartMenuInternet: Google Chrome - Chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [161016 2014-09-17] (Avira Operations GmbH & Co. KG)
S4 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75064 2010-04-19] ()
S4 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [214816 2010-05-13] ()
S3 TestHandler; C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe [384792 2010-09-24] (Fujitsu Technology Solutions)
R2 UserAccess7; C:\Windows\system32\UAService7.exe [192512 2009-06-22] (Sony DADC Austria AG.) [File not signed]
S2 Norman ZANDA; "C:\Program Files\Norman\Npm\Bin\Zanda.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [173576 2008-05-27] (AMD Technologies Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-08-15] (Avira Operations GmbH & Co. KG)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2009-12-18] ()
R3 csr_a2dp; C:\Windows\System32\drivers\bthav.sys [66952 2010-02-05] (CSR, plc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [218688 2011-06-25] (DT Soft Ltd)
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [76688 2008-04-03] (JMicron Technology Corp.)
S3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [25856 2009-07-10] (Motorola)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [495768 2009-04-30] (Logitech Inc.)
S4 RsFx0102; C:\Windows\System32\DRIVERS\RsFx0102.sys [242712 2008-07-10] (Microsoft Corporation)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [337920 2008-06-26] (Realtek Semiconductor Corporation                          )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2009-10-20] () [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-08-15] (Avira GmbH)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]
S1 dsmwumpe; \??\C:\Windows\system32\drivers\dsmwumpe.sys [X]
S3 easytether; system32\DRIVERS\easytthr.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S1 MpKsld1c321f2; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DBB9CA1C-E611-43FB-946F-B9B9689523B3}\MpKsld1c321f2.sys [X]
S1 mrbijvya; \??\C:\Windows\system32\drivers\mrbijvya.sys [X]
S3 NPF; system32\drivers\NPF.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 qohnlouh; \??\C:\Windows\system32\drivers\qohnlouh.sys [X]
S1 ruwhhavu; \??\C:\Windows\system32\drivers\ruwhhavu.sys [X]
S3 sony_ssm.sys; \??\C:\Users\Dominik\AppData\Local\Temp\sony_ssm.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-28 12:44 - 2014-09-28 12:44 - 00022629 _____ () C:\Users\Dominik\Desktop\FRST.txt
2014-09-28 12:42 - 2014-09-28 12:42 - 00000163 _____ () C:\Users\Dominik\Desktop\s.txt
2014-09-28 12:07 - 2014-09-28 12:07 - 00000769 _____ () C:\Users\Dominik\Desktop\JRT.txt
2014-09-28 11:54 - 2014-09-28 12:08 - 00003250 _____ () C:\Users\Dominik\Desktop\Neues Textdokument.txt
2014-09-28 11:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-28 11:38 - 2014-09-28 11:38 - 01100288 _____ (Farbar) C:\Users\Dominik\Desktop\FRST.exe
2014-09-27 10:48 - 2014-09-27 10:48 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\Avira
2014-09-27 09:38 - 2014-08-15 10:30 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-09-27 09:38 - 2014-08-15 10:30 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-09-27 09:38 - 2014-08-15 10:30 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-09-27 09:38 - 2014-08-15 10:30 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-09-26 08:56 - 2014-09-26 08:56 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-09-26 08:03 - 2014-09-27 09:25 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-09-26 07:41 - 2014-09-26 07:41 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-09-26 07:36 - 2014-09-27 09:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-26 07:36 - 2014-09-27 09:38 - 00000000 ____D () C:\ProgramData\Avira
2014-09-26 07:36 - 2014-09-27 09:38 - 00000000 ____D () C:\Program Files\Avira
2014-09-26 07:36 - 2014-09-26 07:36 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-26 07:32 - 2014-09-28 12:44 - 00000000 ____D () C:\FRST
2014-09-14 21:12 - 2014-09-14 21:12 - 00008746 _____ () C:\Users\Dominik\Desktop\Excel.xlsx
2014-09-14 21:03 - 2014-09-14 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2014-09-14 21:02 - 2014-09-14 21:02 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-09-14 20:57 - 2014-09-14 20:57 - 00000000 ____D () C:\Program Files\Microsoft Sync Framework
2014-09-14 20:52 - 2014-09-14 20:52 - 00000000 __RHD () C:\MSOCache
2014-09-14 20:13 - 2014-09-14 20:13 - 03688224 _____ () C:\Users\Dominik\Downloads\Der.Bulle.von.Toelz.S06E02.Toedliches.Dreieck.GERMAN.1996.FS.DVDRip.XviD-aWake.avi.part
2014-09-08 23:02 - 2014-09-09 08:16 - 00290304 _____ (Microsoft Corporation) C:\Windows\system32\subinacl.exe
2014-09-08 23:01 - 2014-09-08 23:02 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-09-05 11:29 - 2008-03-17 15:45 - 01414440 _____ (Nero AG) C:\Windows\system32\ShellManager310E2D762.dll
2014-09-05 11:29 - 2008-03-11 20:30 - 00774144 _____ () C:\Windows\system32\NEROINSTAEC43759.DB
2014-09-05 11:28 - 2014-09-05 11:28 - 00001024 _____ () C:\Users\Dominik\.rnd
2014-09-05 11:28 - 2014-09-05 11:28 - 00000000 _____ () C:\Windows\Irremote.ini

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-28 12:27 - 2013-03-31 23:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-28 12:20 - 2013-10-30 21:20 - 00000917 _____ () C:\Windows\Tasks\EPSON XP-312 313 315 Series Update {0D5E8FE3-DE76-4A84-BFC9-6139B2B4C5E4}.job
2014-09-28 12:20 - 2013-10-30 21:20 - 00000731 _____ () C:\Windows\Tasks\EPSON XP-312 313 315 Series Invitation {0D5E8FE3-DE76-4A84-BFC9-6139B2B4C5E4}.job
2014-09-28 12:11 - 2009-06-21 02:30 - 01786659 _____ () C:\Windows\WindowsUpdate.log
2014-09-28 11:59 - 2014-01-22 09:15 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-28 11:58 - 2012-08-24 07:50 - 00297316 _____ () C:\Windows\PFRO.log
2014-09-28 11:58 - 2006-11-02 15:01 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-28 11:58 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-28 11:58 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-28 11:58 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-28 11:57 - 2014-04-10 19:25 - 00001076 _____ () C:\Windows\bthservsdp.dat
2014-09-28 11:55 - 2013-08-26 20:01 - 00000000 ____D () C:\AdwCleaner
2014-09-28 11:54 - 2009-06-20 17:58 - 00000000 ____D () C:\Users\Dominik
2014-09-28 11:53 - 2014-01-22 09:15 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-28 11:52 - 2010-01-11 02:26 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3695018469-195769397-3593371619-1000UA.job
2014-09-28 00:00 - 2014-04-11 19:22 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\Spotify
2014-09-27 19:52 - 2010-01-11 02:26 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3695018469-195769397-3593371619-1000Core.job
2014-09-27 19:11 - 2014-04-11 19:23 - 00000000 ____D () C:\Users\Dominik\AppData\Local\Spotify
2014-09-27 10:44 - 2011-04-21 16:54 - 00001022 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-09-26 08:08 - 2012-02-08 18:22 - 00000000 ____D () C:\Program Files\chrome
2014-09-26 07:43 - 2012-01-23 21:29 - 00000510 _____ () C:\Windows\WORDPAD.INI
2014-09-25 20:27 - 2012-06-11 14:58 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-25 20:27 - 2012-03-24 12:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-22 19:42 - 2009-06-20 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-09-22 19:42 - 2009-06-20 17:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-22 14:30 - 2010-04-19 19:04 - 00000000 ____D () C:\Program Files\Wolfenstein - Enemy Territory
2014-09-22 10:40 - 2009-09-13 01:34 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\vlc
2014-09-22 08:41 - 2010-01-18 03:49 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-16 08:10 - 2009-03-02 07:08 - 00000000 ____D () C:\Google
2014-09-15 17:30 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-15 07:39 - 2012-02-20 16:56 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\uTorrent
2014-09-15 07:24 - 2009-06-20 18:01 - 00113120 _____ () C:\Users\Dominik\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-15 07:23 - 2006-11-02 14:47 - 02343008 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-14 21:49 - 2011-06-12 13:55 - 00000000 ____D () C:\Program Files\LibreOffice 3
2014-09-14 21:49 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\ShellNew
2014-09-14 21:02 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\MSBuild
2014-09-14 21:02 - 2006-11-02 13:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-09-14 20:58 - 2009-06-20 17:50 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-09-14 20:57 - 2009-06-20 17:51 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-09-14 20:17 - 2008-04-09 12:19 - 01742558 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-08 23:02 - 2013-12-04 22:43 - 00000824 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-08 22:52 - 2009-06-20 18:01 - 00000915 _____ () C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-06 11:08 - 2013-12-04 22:43 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-06 11:08 - 2013-07-22 20:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-05 17:13 - 2012-11-23 17:50 - 00000000 ____D () C:\Program Files\Convar
2014-09-05 17:13 - 2012-03-05 23:29 - 00000000 ____D () C:\Dosbox
2014-09-05 14:06 - 2008-01-11 13:51 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-09-05 14:04 - 2013-07-10 10:35 - 00000000 ____D () C:\ProgramData\Freemake
2014-09-05 14:04 - 2013-07-10 10:35 - 00000000 ____D () C:\Program Files\Freemake
2014-09-05 12:51 - 2009-11-15 01:27 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0
2014-09-05 11:35 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Microsoft Games
2014-09-05 11:30 - 2009-06-20 17:46 - 00000722 _____ () C:\Windows\system32\MsiExec.exe.log
2014-09-05 11:29 - 2009-06-20 17:45 - 00000000 ____D () C:\ProgramData\Nero
2014-09-05 11:29 - 2009-06-20 17:45 - 00000000 ____D () C:\Program Files\Common Files\Nero
2014-09-05 11:21 - 2012-05-24 13:40 - 00000000 ___RD () C:\Users\Dominik\Dropbox
2014-09-05 11:20 - 2014-07-13 13:21 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\DropboxMaster
2014-09-05 11:20 - 2010-09-12 17:07 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\Dropbox
2014-09-05 11:20 - 2009-06-29 18:44 - 00000069 _____ () C:\Windows\NeroDigital.ini
2014-09-05 11:20 - 2009-06-20 19:19 - 00237056 _____ () C:\Users\Dominik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-02 08:51 - 2012-06-08 14:06 - 00000000 ____D () C:\Users\Dominik\Desktop\Uni
2014-09-01 14:17 - 2011-12-12 14:05 - 00000000 ____D () C:\Users\Dominik\Neuer Ordner (2)
2014-09-01 11:08 - 2009-09-25 17:20 - 00000000 ___HD () C:\Users\Dominik\.mediaclient

Files to move or delete:
====================
C:\Users\Dominik\xobglu16.dll
C:\Users\Dominik\xobglu32.dll


Some content of TEMP:
====================
C:\Users\Dominik\AppData\Local\Temp\avgnt.exe
C:\Users\Dominik\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-28 12:10

==================== End Of Log ============================
--- --- ---

cosinus 28.09.2014 13:04
Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png

einverstande 28.09.2014 13:17

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-09-2014
Ran by Dominik (administrator) on DOMINIK-PC on 28-09-2014 14:10:29
Running from C:\Users\Dominik\Desktop
Loaded Profiles: Dominik &  (Available profiles: Dominik)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Sony DADC Austria AG.) C:\Windows\System32\UAService7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Quanta Computer Inc.) C:\Program Files\FSC OSD Utility\OSDUtility.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATILFE.EXE
(Spotify Ltd) C:\Users\Dominik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2858302-v2-x86.exe
(Microsoft Corporation) D:\00cfcc7a6de04ee926\Setup.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6609440 2008-10-31] (Realtek Semiconductor)
HKLM\...\Run: [FSC OSD Utility] => c:\Program Files\FSC OSD Utility\OSDUtility.exe [737280 2008-11-20] (Quanta Computer Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [NBKeyScan] => "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Picasa Media Detector] => C:\Program Files\Picasa2\PicasaMediaDetector.exe
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [fsc-reg] => c:\fsc-reg\fscreg.exe
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\Run: [Google Update] => C:\Users\Dominik\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2010-01-11] (Google Inc.)
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATILFE.EXE [260160 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\Run: [Spotify Web Helper] => C:\Users\Dominik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-27] (Spotify Ltd)
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\MountPoints2: {252bbb41-5e7c-11de-a57e-00225f812f03} - F:\setup.exe AUTORUN=1
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\MountPoints2: {293a1067-994d-11de-b2f8-00238bae0d1b} - F:\AutoRun.exe
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\MountPoints2: {293a1068-994d-11de-b2f8-00238bae0d1b} - F:\AutoRun.exe
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\MountPoints2: {734d1826-bd65-11de-b097-00238bae0d1b} - F:\autorun.exe
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\MountPoints2: {a396976f-db58-11df-953c-00225f812f03} - H:\Startme.exe
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\MountPoints2: {ae843b4a-2c38-11df-8bb3-00238bae0d1b} - I:\autorun.exe
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\MountPoints2: {eb349a1f-934c-11de-bb72-00238bae0d1b} - F:\AutoRun.exe
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\MountPoints2: {eb349a2e-934c-11de-bb72-00238bae0d1b} - F:\AutoRun.exe
HKU\S-1-5-21-3695018469-195769397-3593371619-1000\...\MountPoints2: {f1ec3485-b1ac-11df-aff0-00238bae0d1b} - H:\Startme.exe
HKU\S-1-5-21-3695018469-195769397-3593371619-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3695018469-195769397-3593371619-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Dominik\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2010-01-11] (Google Inc.)
HKU\S-1-5-21-3695018469-195769397-3593371619-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3695018469-195769397-3593371619-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATILFE.EXE [260160 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3695018469-195769397-3593371619-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Dominik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-27] (Spotify Ltd)
HKU\S-1-5-21-3695018469-195769397-3593371619-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {252bbb41-5e7c-11de-a57e-00225f812f03} - F:\setup.exe AUTORUN=1
HKU\S-1-5-21-3695018469-195769397-3593371619-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {293a1067-994d-11de-b2f8-00238bae0d1b} - F:\AutoRun.exe
HKU\S-1-5-21-3695018469-195769397-3593371619-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {293a1068-994d-11de-b2f8-00238bae0d1b} - F:\AutoRun.exe
HKU\S-1-5-21-3695018469-195769397-3593371619-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {734d1826-bd65-11de-b097-00238bae0d1b} - F:\autorun.exe
HKU\S-1-5-21-3695018469-195769397-3593371619-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a396976f-db58-11df-953c-00225f812f03} - H:\Startme.exe
HKU\S-1-5-21-3695018469-195769397-3593371619-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ae843b4a-2c38-11df-8bb3-00238bae0d1b} - I:\autorun.exe
HKU\S-1-5-21-3695018469-195769397-3593371619-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {eb349a1f-934c-11de-bb72-00238bae0d1b} - F:\AutoRun.exe
HKU\S-1-5-21-3695018469-195769397-3593371619-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {eb349a2e-934c-11de-bb72-00238bae0d1b} - F:\AutoRun.exe
HKU\S-1-5-21-3695018469-195769397-3593371619-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f1ec3485-b1ac-11df-aff0-00238bae0d1b} - H:\Startme.exe
HKU\S-1-5-18\...\Run: [Picasa Media Detector] => C:\Program Files\Picasa2\PicasaMediaDetector.exe
HKU\S-1-5-18\...\Run: [fsc-reg] => c:\fsc-reg\fscreg.exe
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dominik\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dominik\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dominik\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dominik\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: SmartFTP Drop -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\sfShellTools.dll (SmartSoft Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} -  No File
DPF: {00000130-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/ACELPACM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Hosts: Hosts file not detected in the default directory
Tcpip\..\Interfaces\{CD0D90AA-E0A7-4369-93D1-6E2AF12D9F1F}: [NameServer] 8.8.8.8,217.79.186.148

FireFox:
========
FF ProfilePath: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\ayu1jrhb.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 -> C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @rim.com/npappworld -> C:\Program Files\Research In Motion Limited\Browser-Plug-In für BlackBerry World\npappworld.dll ()
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Dominik\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Dominik\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dominik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\ayu1jrhb.default\Extensions\abs@avira.com [2014-09-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-15]
FF HKCU\...\Firefox\Extensions: [{ad237ae1-f3b7-49d8-897a-4c6b2373011e}] - C:\Program Files\TubeSaver\130.xpi

Chrome:
=======
CHR CustomProfile: C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-19]
CHR Extension: (Google Drive) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-19]
CHR Extension: (Last updated at $time$ on $date$) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-04]
CHR Extension: (Google Search) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-19]
CHR Extension: (Ghostery) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-04-04]
CHR Extension: (Google Wallet) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-19]
CHR StartMenuInternet: Google Chrome - Chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [161016 2014-09-17] (Avira Operations GmbH & Co. KG)
S4 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75064 2010-04-19] ()
S4 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [214816 2010-05-13] ()
S3 TestHandler; C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe [384792 2010-09-24] (Fujitsu Technology Solutions)
R2 UserAccess7; C:\Windows\system32\UAService7.exe [192512 2009-06-22] (Sony DADC Austria AG.) [File not signed]
S2 Norman ZANDA; "C:\Program Files\Norman\Npm\Bin\Zanda.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [173576 2008-05-27] (AMD Technologies Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-08-15] (Avira Operations GmbH & Co. KG)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2009-12-18] ()
R3 csr_a2dp; C:\Windows\System32\drivers\bthav.sys [66952 2010-02-05] (CSR, plc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [218688 2011-06-25] (DT Soft Ltd)
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [76688 2008-04-03] (JMicron Technology Corp.)
S3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [25856 2009-07-10] (Motorola)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [495768 2009-04-30] (Logitech Inc.)
S4 RsFx0102; C:\Windows\System32\DRIVERS\RsFx0102.sys [242712 2008-07-10] (Microsoft Corporation)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [337920 2008-06-26] (Realtek Semiconductor Corporation                          )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2009-10-20] () [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-08-15] (Avira GmbH)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]
S1 dsmwumpe; \??\C:\Windows\system32\drivers\dsmwumpe.sys [X]
S3 easytether; system32\DRIVERS\easytthr.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S1 MpKsld1c321f2; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DBB9CA1C-E611-43FB-946F-B9B9689523B3}\MpKsld1c321f2.sys [X]
S1 mrbijvya; \??\C:\Windows\system32\drivers\mrbijvya.sys [X]
S3 NPF; system32\drivers\NPF.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 qohnlouh; \??\C:\Windows\system32\drivers\qohnlouh.sys [X]
S1 ruwhhavu; \??\C:\Windows\system32\drivers\ruwhhavu.sys [X]
S3 sony_ssm.sys; \??\C:\Users\Dominik\AppData\Local\Temp\sony_ssm.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-28 14:10 - 2014-09-28 14:13 - 00022932 _____ () C:\Users\Dominik\Desktop\FRST.txt
2014-09-28 11:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-28 11:38 - 2014-09-28 11:38 - 01100288 _____ (Farbar) C:\Users\Dominik\Desktop\FRST.exe
2014-09-27 10:48 - 2014-09-27 10:48 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\Avira
2014-09-27 09:38 - 2014-08-15 10:30 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-09-27 09:38 - 2014-08-15 10:30 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-09-27 09:38 - 2014-08-15 10:30 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-09-27 09:38 - 2014-08-15 10:30 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-09-26 08:56 - 2014-09-26 08:56 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-09-26 08:03 - 2014-09-27 09:25 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-09-26 07:41 - 2014-09-26 07:41 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-09-26 07:36 - 2014-09-27 09:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-26 07:36 - 2014-09-27 09:38 - 00000000 ____D () C:\ProgramData\Avira
2014-09-26 07:36 - 2014-09-27 09:38 - 00000000 ____D () C:\Program Files\Avira
2014-09-26 07:36 - 2014-09-26 07:36 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-26 07:32 - 2014-09-28 14:10 - 00000000 ____D () C:\FRST
2014-09-14 21:12 - 2014-09-14 21:12 - 00008746 _____ () C:\Users\Dominik\Desktop\Excel.xlsx
2014-09-14 21:03 - 2014-09-14 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2014-09-14 21:02 - 2014-09-14 21:02 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-09-14 20:57 - 2014-09-14 20:57 - 00000000 ____D () C:\Program Files\Microsoft Sync Framework
2014-09-14 20:52 - 2014-09-14 20:52 - 00000000 __RHD () C:\MSOCache
2014-09-14 20:13 - 2014-09-14 20:13 - 03688224 _____ () C:\Users\Dominik\Downloads\Der.Bulle.von.Toelz.S06E02.Toedliches.Dreieck.GERMAN.1996.FS.DVDRip.XviD-aWake.avi.part
2014-09-08 23:02 - 2014-09-09 08:16 - 00290304 _____ (Microsoft Corporation) C:\Windows\system32\subinacl.exe
2014-09-08 23:01 - 2014-09-08 23:02 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-09-05 11:29 - 2008-03-17 15:45 - 01414440 _____ (Nero AG) C:\Windows\system32\ShellManager310E2D762.dll
2014-09-05 11:29 - 2008-03-11 20:30 - 00774144 _____ () C:\Windows\system32\NEROINSTAEC43759.DB
2014-09-05 11:28 - 2014-09-05 11:28 - 00001024 _____ () C:\Users\Dominik\.rnd
2014-09-05 11:28 - 2014-09-05 11:28 - 00000000 _____ () C:\Windows\Irremote.ini

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-28 14:09 - 2008-04-09 12:19 - 01766662 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-28 14:08 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-28 14:06 - 2009-06-21 02:30 - 01366179 _____ () C:\Windows\WindowsUpdate.log
2014-09-28 13:58 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-28 13:58 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-28 13:53 - 2014-01-22 09:15 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-28 13:52 - 2010-01-11 02:26 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3695018469-195769397-3593371619-1000UA.job
2014-09-28 13:27 - 2013-03-31 23:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-28 13:20 - 2013-10-30 21:20 - 00000917 _____ () C:\Windows\Tasks\EPSON XP-312 313 315 Series Update {0D5E8FE3-DE76-4A84-BFC9-6139B2B4C5E4}.job
2014-09-28 13:20 - 2013-10-30 21:20 - 00000731 _____ () C:\Windows\Tasks\EPSON XP-312 313 315 Series Invitation {0D5E8FE3-DE76-4A84-BFC9-6139B2B4C5E4}.job
2014-09-28 11:59 - 2014-01-22 09:15 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-28 11:58 - 2012-08-24 07:50 - 00297316 _____ () C:\Windows\PFRO.log
2014-09-28 11:58 - 2006-11-02 15:01 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-28 11:58 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-28 11:57 - 2014-04-10 19:25 - 00001076 _____ () C:\Windows\bthservsdp.dat
2014-09-28 11:55 - 2013-08-26 20:01 - 00000000 ____D () C:\AdwCleaner
2014-09-28 11:54 - 2009-06-20 17:58 - 00000000 ____D () C:\Users\Dominik
2014-09-28 00:00 - 2014-04-11 19:22 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\Spotify
2014-09-27 19:52 - 2010-01-11 02:26 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3695018469-195769397-3593371619-1000Core.job
2014-09-27 19:11 - 2014-04-11 19:23 - 00000000 ____D () C:\Users\Dominik\AppData\Local\Spotify
2014-09-27 10:44 - 2011-04-21 16:54 - 00001022 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-09-26 08:08 - 2012-02-08 18:22 - 00000000 ____D () C:\Program Files\chrome
2014-09-26 07:43 - 2012-01-23 21:29 - 00000510 _____ () C:\Windows\WORDPAD.INI
2014-09-25 20:27 - 2012-06-11 14:58 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-25 20:27 - 2012-03-24 12:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-22 19:42 - 2009-06-20 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-09-22 19:42 - 2009-06-20 17:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-22 14:30 - 2010-04-19 19:04 - 00000000 ____D () C:\Program Files\Wolfenstein - Enemy Territory
2014-09-22 10:40 - 2009-09-13 01:34 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\vlc
2014-09-22 08:41 - 2010-01-18 03:49 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-16 08:10 - 2009-03-02 07:08 - 00000000 ____D () C:\Google
2014-09-15 07:39 - 2012-02-20 16:56 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\uTorrent
2014-09-15 07:24 - 2009-06-20 18:01 - 00113120 _____ () C:\Users\Dominik\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-15 07:23 - 2006-11-02 14:47 - 02343008 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-14 21:49 - 2011-06-12 13:55 - 00000000 ____D () C:\Program Files\LibreOffice 3
2014-09-14 21:49 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\ShellNew
2014-09-14 21:02 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\MSBuild
2014-09-14 21:02 - 2006-11-02 13:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-09-14 20:58 - 2009-06-20 17:50 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-09-14 20:57 - 2009-06-20 17:51 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-09-08 23:02 - 2013-12-04 22:43 - 00000824 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-08 22:52 - 2009-06-20 18:01 - 00000915 _____ () C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-06 11:08 - 2013-12-04 22:43 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-06 11:08 - 2013-07-22 20:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-05 17:13 - 2012-11-23 17:50 - 00000000 ____D () C:\Program Files\Convar
2014-09-05 17:13 - 2012-03-05 23:29 - 00000000 ____D () C:\Dosbox
2014-09-05 14:06 - 2008-01-11 13:51 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-09-05 14:04 - 2013-07-10 10:35 - 00000000 ____D () C:\ProgramData\Freemake
2014-09-05 14:04 - 2013-07-10 10:35 - 00000000 ____D () C:\Program Files\Freemake
2014-09-05 12:51 - 2009-11-15 01:27 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0
2014-09-05 11:35 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Microsoft Games
2014-09-05 11:30 - 2009-06-20 17:46 - 00000722 _____ () C:\Windows\system32\MsiExec.exe.log
2014-09-05 11:29 - 2009-06-20 17:45 - 00000000 ____D () C:\ProgramData\Nero
2014-09-05 11:29 - 2009-06-20 17:45 - 00000000 ____D () C:\Program Files\Common Files\Nero
2014-09-05 11:21 - 2012-05-24 13:40 - 00000000 ___RD () C:\Users\Dominik\Dropbox
2014-09-05 11:20 - 2014-07-13 13:21 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\DropboxMaster
2014-09-05 11:20 - 2010-09-12 17:07 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\Dropbox
2014-09-05 11:20 - 2009-06-29 18:44 - 00000069 _____ () C:\Windows\NeroDigital.ini
2014-09-05 11:20 - 2009-06-20 19:19 - 00237056 _____ () C:\Users\Dominik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-02 08:51 - 2012-06-08 14:06 - 00000000 ____D () C:\Users\Dominik\Desktop\Uni
2014-09-01 14:17 - 2011-12-12 14:05 - 00000000 ____D () C:\Users\Dominik\Neuer Ordner (2)
2014-09-01 11:08 - 2009-09-25 17:20 - 00000000 ___HD () C:\Users\Dominik\.mediaclient

Files to move or delete:
====================
C:\Users\Dominik\xobglu16.dll
C:\Users\Dominik\xobglu32.dll


Some content of TEMP:
====================
C:\Users\Dominik\AppData\Local\Temp\avgnt.exe
C:\Users\Dominik\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-28 12:10

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-09-2014
Ran by Dominik at 2014-09-28 14:14:14
Running from C:\Users\Dominik\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
AAC Decoder (HKLM\...\{AEF9DC35ADDF4825B049ACBFD1C6EB37}) (Version: 7.1.0 - DivX, Inc.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Anchor Service CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe CSI CS4 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Output Module (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (HKLM\...\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop CS4 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader 9 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Search for Help (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)
Adobe Type Support CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe Widget Browser (HKLM\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Adobe Widget Browser (Version: 2.0.230 - Adobe Systems Incorporated.) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (Version: 2.0 - Adobe Systems Incorporated) Hidden
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Avira (HKLM\...\{149bb302-ebda-47ae-b3e6-297cf4c356dc}) (Version: 1.1.21.40000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.21.40000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research in Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research in Motion Ltd.) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brothers In Arms (HKLM\...\BrothersInArms) (Version:  - Ubisoft)
Browser-Plug-In für BlackBerry World (HKLM\...\{DC926085-6D34-4D95-B5D8-558C1FC2911F}) (Version: 10.2.168.12 - Research In Motion Limited)
CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM\...\Dev-C++) (Version:  - )
DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.5 - DivX, Inc.)
DivX Player (HKLM\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.2.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.2 - DivX, Inc.)
DivX Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.5.0 - DivX,Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Druckerdeinstallation für EPSON XP-312 313 315 Series (HKLM\...\EPSON XP-312 313 315 Series) (Version:  - SEIKO EPSON Corporation)
Epson Event Manager (HKLM\...\{2970697F-2A11-4588-8B7F-97322D1CCF3C}) (Version: 3.10.0017 - Seiko Epson Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
EPSON-Handbücher (HKLM\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.30.0.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
FIFA 11 (HKLM\...\{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}) (Version: 1.0.0.0 - Electronic Arts)
Free AVI Video Converter version 5.0.31.1125 (HKLM\...\Free AVI Video Converter_is1) (Version: 5.0.31.1125 - DVDVideoSoft Ltd.)
FSC OSD Utility (HKLM\...\InstallShield_{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}) (Version: 1.2.1.4 - Quanta Computer Inc.)
FSC OSD Utility (Version: 1.2.1.4 - Quanta Computer Inc.) Hidden
Fujitsu Siemens Computers Recovery (HKLM\...\{AFC454ED-A26F-4816-826B-C35129D82E1F}) (Version: 1.3.9 - Fujitsu Siemens Computers)
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
H.264 Decoder (HKLM\...\{A96E97134CA649888820BCDE5E300BBD}) (Version: 1.1.0 - DivX, Inc.)
IL Download Manager (HKLM\...\IL Download Manager) (Version:  - Image-Line bvba)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java Auto Updater (Version: 2.0.7.2 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 37 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.370 - Oracle)
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
Medal of Honor Allied Assault (HKLM\...\{0DEA94ED-915A-4834-A87E-388D012C8E02}) (Version:  - )
MedienManager 1.5.1 (HKLM\...\8781-9705-0578-2960) (Version: 1.5.1 - A1 Telekom Austria AG)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM\...\Age of Empires 2.0) (Version:  - )
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.2.0223.1 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.2.223.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Native Client (HKLM\...\{C91C4EF4-63E1-41EE-AE6A-5152628FDC21}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{A106D33E-6B43-42C0-9BFC-D03303261FA7}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Setup Support Files (English) (HKLM\...\{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008-Browser (HKLM\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch) (HKLM\...\{738B0934-6676-44F6-AB52-32F4E60DCA7F}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{D074DC76-F6C9-440E-A1D0-1DE958417FDB}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu (HKLM\...\{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}) (Version: 3.5.30729 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (HKLM\...\{044F9133-B8D7-4d11-BF39-803FA20F5C8B}) (Version: 6.1.5295.17011 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden
MKV Splitter (HKLM\...\{AAC389499AEF40428987B3D30CFC76C9}) (Version: 1.0.1 - DivX, Inc.)
MotoHelper MergeModules (Version: 1.0.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 4.9.0 (HKLM\...\{C7C7C686-8479-4173-9570-F4B350D91B37}) (Version: 4.9.0 - Motorola Inc.)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MySQL Connector/ODBC 3.51 (HKLM\...\{0CB3C535-1171-4A20-B549-E2CB5DEB9723}) (Version: 3.51.12 - MySQL AB)
neroxml (Version: 1.0.0 - Nero AG) Hidden
Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Oblivion - BTmod 2.20 (HKLM\...\BTmod) (Version: 2.20 - Beider & Tikigod)
PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
QuickTime (HKLM\...\{8DC42D05-680B-41B0-8878-6C14D24602DB}) (Version: 7.55.90.70 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - Realtek Semiconductor Corp.)
Return to Castle Wolfenstein (HKLM\...\Return to Castle Wolfenstein) (Version: 1.0 - Activision, Inc.)
SmartFTP Client (HKLM\...\{2B7B47E1-B482-4D3A-ABFD-2FF8E077ECA6}) (Version: 4.0.1048.0 - SmartSoft Ltd.)
Software Updater (HKLM\...\{82DEE0F4-18DB-4C49-89A4-0BEE4597DF45}) (Version: 4.1.5 - SEIKO EPSON CORPORATION)
Spotify (HKCU\...\Spotify) (Version: 0.9.13.24.g5dbb3103 - Spotify AB)
Sql Server Customer Experience Improvement Program (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Stellarium 0.10.6.1 (HKLM\...\Stellarium_is1) (Version:  - )
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
SWR3 RauchFrei Version 1.2 (HKLM\...\SWR3 RauchFrei_is1) (Version: 1.1 - Oliver Reuther und SWR3)
System Requirements Lab CYRI (HKLM\...\{1F77C418-2C90-459C-BD33-B56A4182B9FA}) (Version: 4.4.26.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM\...\{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}) (Version: 4.4.24.0 - Husdawg, LLC)
SystemDiagnostics (HKLM\...\{80B0B731-5FAE-475D-8844-20F46373780D}) (Version: 3.02.0010 - Fujitsu Technology Solutions)
TuneUp Utilities Language Pack (de-DE) (Version: 13.0.2020.4 - TuneUp Software) Hidden
Ubuntu (HKLM\...\Wubi) (Version: 11.10-rev241 - Ubuntu)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 1.0.1 (HKLM\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
Wolfenstein - Enemy Territory (HKLM\...\Wolfenstein - Enemy Territory) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Dominik\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Dominik\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Dominik\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Dominik\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Dominik\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Dominik\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Dominik\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Dominik\AppData\Local\Google\Chrome\Application\37.0.2062.124\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Dominik\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Dominik\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Dominik\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Dominik\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Dominik\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Dominik\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Dominik\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Dominik\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Dominik\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dominik\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dominik\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dominik\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dominik\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3695018469-195769397-3593371619-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Dominik\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================

19-09-2014 06:18:53 Geplanter Prüfpunkt
19-09-2014 17:24:22 Windows Update
20-09-2014 12:59:15 Geplanter Prüfpunkt
21-09-2014 17:38:50 Geplanter Prüfpunkt
23-09-2014 05:51:02 Windows Update
27-09-2014 07:42:12 Windows Update
28-09-2014 11:14:08 Geplanter Prüfpunkt
28-09-2014 11:59:31 Windows Update

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {414D2C15-4B0C-47A1-A1D8-BD59CCE2D9D1} - System32\Tasks\{F66B6BE2-5BAE-4BDA-BE68-147305C2E318} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.0.107/de/abandoninstall?page=tsProgressBar
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {4A1E38A5-77C0-460F-B225-7103D74B3D10} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3695018469-195769397-3593371619-1000UA => C:\Users\Dominik\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-11] (Google Inc.)
Task: {5D976771-3190-49F1-ACA1-13F766A8AAE1} - System32\Tasks\EPSON XP-312 313 315 Series Update {0D5E8FE3-DE76-4A84-BFC9-6139B2B4C5E4} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLFE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {693717BC-DE55-4B57-A16A-271BE3D5D40A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3695018469-195769397-3593371619-1000Core => C:\Users\Dominik\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-11] (Google Inc.)
Task: {79B7D8AD-3659-4E7E-A09B-80AD2BA72C8B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-25] (Adobe Systems Incorporated)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {B4FCA376-E359-45D3-9A4D-3D370D244F9D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.)
Task: {BA9DB32E-1963-46F7-AAA7-9B39E8518F69} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.)
Task: {D7DDA650-F117-4E48-AEF8-CFD5A167E50F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {DB95275E-F78D-4C29-9AD9-EC1FD7390D1B} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-16] (Google)
Task: {E3069A51-E3C3-4769-867F-92424D411499} - System32\Tasks\EPSON XP-312 313 315 Series Invitation {0D5E8FE3-DE76-4A84-BFC9-6139B2B4C5E4} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLFE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F57EB32E-14B2-45CD-A799-B7087A02F982} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EPSON XP-312 313 315 Series Invitation {0D5E8FE3-DE76-4A84-BFC9-6139B2B4C5E4}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLFE.EXE
Task: C:\Windows\Tasks\EPSON XP-312 313 315 Series Update {0D5E8FE3-DE76-4A84-BFC9-6139B2B4C5E4}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLFE.EXE
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3695018469-195769397-3593371619-1000Core.job => C:\Users\Dominik\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3695018469-195769397-3593371619-1000UA.job => C:\Users\Dominik\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-17 13:31 - 2014-09-17 13:31 - 00139056 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-09-17 13:30 - 2014-09-17 13:30 - 00066864 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-09-26 07:48 - 2014-09-17 13:31 - 00052472 _____ () C:\Users\Dominik\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2009-07-15 22:27 - 2008-09-16 20:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2014-09-25 08:01 - 2014-09-23 06:07 - 08577864 _____ () C:\Users\Dominik\AppData\Local\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-25 08:01 - 2014-09-23 06:07 - 00331592 _____ () C:\Users\Dominik\AppData\Local\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-25 08:01 - 2014-09-23 06:06 - 01660232 _____ () C:\Users\Dominik\AppData\Local\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2014-04-12 08:00 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-12 08:00 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
AlternateDataStreams: C:\Users\Dominik\Downloads\2012-05-19 18.11.29.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Dominik\Downloads\306031031.avi:TOC.WMV
AlternateDataStreams: C:\Users\Dominik\Downloads\Bamfmichaela001.avi:TOC.WMV
AlternateDataStreams: C:\Users\Dominik\Downloads\Lime_green_jade.avi:TOC.WMV

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Blackberry Device Manager => 3
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: FreemakeVideoCapture => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Nero BackItUp Scheduler 3 => 2
MSCONFIG\Services: PnkBstrA => 2
MSCONFIG\Services: PnkBstrB => 2
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: Sony Ericsson PCCompanion => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\startupfolder: C:^Users^Dominik^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: Avira Systray => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EasyTether => "C:\Program Files\Mobile Stream\EasyTether\easytthr.exe"
MSCONFIG\startupreg: emsisoft anti-malware => "C:\Program Files\Emsisoft Anti-Malware\a2guard.exe" /d=60
MSCONFIG\startupreg: FSCRecovery => c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe
MSCONFIG\startupreg: Google EULA Launcher => c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
MSCONFIG\startupreg: Google Update => "C:\Users\Dominik\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iCloudServices => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "D:\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KFWebServer => G:\server\bin\kfwsmon.exe
MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: MSSE => "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Norman ZANDA => "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
MSCONFIG\startupreg: NPCTray => C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD
MSCONFIG\startupreg: Optimizer Pro => C:\Program Files\Optimizer Pro\OptProLauncher.exe
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: Sony Ericsson PC Companion => "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: Spotify => "C:\Users\Dominik\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Dominik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
MSCONFIG\startupreg: TrojanScanner => C:\Program Files\Trojan Remover\Trjscan.exe /boot
MSCONFIG\startupreg: UnifiedRemoteServer => C:\Program Files\Relmtech\Unified Remote\UnifiedRemoteServer.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\Dominik\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-3695018469-195769397-3593371619-500 - Administrator - Disabled)
Dominik (S-1-5-21-3695018469-195769397-3593371619-1000 - Administrator - Enabled) => C:\Users\Dominik
Gast (S-1-5-21-3695018469-195769397-3593371619-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/28/2014 00:09:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.


System errors:
=============
Error: (09/28/2014 02:10:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (09/28/2014 02:10:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (09/28/2014 02:10:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (09/28/2014 02:10:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (09/28/2014 02:10:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (09/28/2014 02:10:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (09/28/2014 02:10:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (09/28/2014 02:10:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (09/28/2014 01:20:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (09/28/2014 01:20:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058


Microsoft Office Sessions:
=========================
Error: (09/28/2014 00:09:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.


CodeIntegrity Errors:
===================================
  Date: 2014-09-28 14:12:37.579
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-28 14:12:36.866
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-28 14:12:36.243
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-28 14:12:35.399
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-28 12:45:22.234
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-28 12:45:21.763
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-28 12:45:21.161
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-28 12:45:20.742
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-28 12:21:42.974
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-28 12:21:42.648
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 51%
Total physical RAM: 2907.68 MB
Available physical RAM: 1395.86 MB
Total Pagefile: 7221.88 MB
Available Pagefile: 5065.59 MB
Total Virtual: 3071.88 MB
Available Virtual: 2950.94 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:92.21 GB) (Free:25.77 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATEN) (Fixed) (Total:197.09 GB) (Free:150.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 7C24A688)
Partition 1: (Not Active) - (Size=8.8 GB) - (Type=27)
Partition 2: (Active) - (Size=92.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=197.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus 28.09.2014 15:03
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
C:\Users\Dominik\xobglu16.dll
C:\Users\Dominik\xobglu32.dll
C:\Users\Dominik\Downloads\*.part
Hosts:
EmptyTemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


einverstande 28.09.2014 15:56
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-09-2014
Ran by Dominik at 2014-09-28 16:25:26 Run:3
Running from C:\Users\Dominik\Desktop
Loaded Profiles: Dominik &  (Available profiles: Dominik)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
C:\Users\Dominik\xobglu16.dll
C:\Users\Dominik\xobglu32.dll
C:\Users\Dominik\Downloads\*.part
Hosts:
EmptyTemp:
*****************

"C:\ProgramData\TEMP" => ":CB0AACC9" ADS not found.
"C:\ProgramData\TEMP" => ":DFC5A2B2" ADS not found.
"C:\Users\Dominik\xobglu16.dll" => File/Directory not found.
"C:\Users\Dominik\xobglu32.dll" => File/Directory not found.
"C:\Users\Dominik\Downloads\*.part" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 488.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

cosinus 28.09.2014 23:00
Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


einverstande 29.09.2014 14:07
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 29.09.2014
Suchlauf-Zeit: 14:44:34
Logdatei: mab.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.03.04.09
Rootkit Datenbank: v2014.09.19.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: Dominik

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 263702
Verstrichene Zeit: 15 Min, 20 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
Code:
C:\ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d3b1eeb467b85d4ebea84cfbbb9e59bb
# engine=20343
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-29 12:24:06
# local_time=2014-09-29 02:24:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 59416 3902043 0 0
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 85803 53306762 0 0
# scanned=262955
# found=8
# cleaned=0
# scan_time=19999
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir"
sh=36E27FBA8B0B18112FA71A7826DDE4620E3CBEF6 ft=0 fh=0000000000000000 vn="Win32/Adware.AddLyrics.L Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\tubesaver\130.xpi.vir"
sh=1F301E51E91CF4450AA15CCF75E514AC6A63B90D ft=1 fh=d294a622aa9d0ab3 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Dominik\AppData\Local\Temp\OCS\ocs_v6k.exe.vir"
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Dominik\AppData\Local\Temp\OCS\ocs_v71a.exe.vir"
sh=02A40E3489799CCA06F3793FFCB9225E65F53601 ft=1 fh=fdeeb0affd325f87 vn="MSIL/FakeTool.PS Trojaner" ac=I fn="C:\Program Files\Adware-Removal-Tool\ARTP3.exe"
sh=43F08DCC3F5CB8C24FAEAC50467D08C7A8E11F01 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\utorrentbar_de.jar"
sh=B102A9D4FB268C92C3F5C22E250825482368B303 ft=1 fh=c71c0011e8464a4f vn="Variante von Win32/InstallCore.JW evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Dominik\Downloads\COMPUTER_BILD-Download-Manager_fuer_mbam-setup-1.75.0.1300.exe"
sh=55355942E2D03BB6C256F2222C9233E9213BA7CC ft=1 fh=74bc3bfee77212ad vn="Variante von Win32/InstallCore.OZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Dominik\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager.exe"

cosinus 29.09.2014 21:37
Zitat:
Malware Datenbank: v2014.03.04.09
Hast du das Update von MBAM vorm Scan abgebrochen?? :wtf:

einverstande 29.09.2014 23:05
Ach, ich bin ein Depp! :stirn: Anbei der korrekte Suchlauf.

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 29.09.2014
Suchlauf-Zeit: 23:36:05
Logdatei: as.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.29.12
Rootkit Datenbank: v2014.09.19.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: Dominik

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 346224
Verstrichene Zeit: 27 Min, 42 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)/

cosinus 29.09.2014 23:15
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\utorrentbar_de.jar
C:\Users\Dominik\Downloads\COMPUTER_BILD-Download-Manager_fuer_mbam-setup-1.75.0.1300.exe
C:\Users\Dominik\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager.exe
Hosts:
EmptyTemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


einverstande 30.09.2014 07:13
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-09-2014
Ran by Dominik at 2014-09-30 08:06:22 Run:4
Running from C:\Users\Dominik\Desktop
Loaded Profile: Dominik (Available profiles: Dominik)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\utorrentbar_de.jar
C:\Users\Dominik\Downloads\COMPUTER_BILD-Download-Manager_fuer_mbam-setup-1.75.0.1300.exe
C:\Users\Dominik\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager.exe
Hosts:
EmptyTemp:
*****************

C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome\utorrentbar_de.jar => Moved successfully.
C:\Users\Dominik\Downloads\COMPUTER_BILD-Download-Manager_fuer_mbam-setup-1.75.0.1300.exe => Moved successfully.
C:\Users\Dominik\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager.exe => Moved successfully.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
EmptyTemp: => Removed 772.2 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====
Leider besteht das Problem immer noch. Die Seite www.univie.ac.at lässt sich einfach nicht öffnen. :(


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:08 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55