C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Roaming\BabSolution\Shared\enhancedNT.dll

jackyd · 07.10.2014, 18:13

addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01
Ran by Admin at 2014-10-07 19:10:54
Running from C:\Users\Frank_000\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky PURE 3.0 (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky PURE 3.0 (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
ALL16820x Utility (HKLM-x32\...\{BE6DF37F-8D64-4CAA-8028-3671FDAA94DF}) (Version: 3.0.902 - ALLNET GmbH)
Allway Sync version 14.2.1 (HKLM-x32\...\Allway Sync_is1) (Version:  - Botkind Inc)
AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AudioGenie (HKLM-x32\...\AudioGenie_is1) (Version:  - msi, Inc.)
Auerswald COMfortel Melody 1.3.0 (HKLM-x32\...\{527BB01E-3067-4608-BF7F-EFEF0920C203}) (Version: 1.3.0 - Auerswald GmbH & Co.KG)
Auerswald COMfortel Set 3.4.00 (HKLM-x32\...\{CF833168-AF32-4254-9751-BF91C0570828}) (Version: 3.4.00 - Auerswald GmbH & Co.KG)
Auerswald COMlist 2.5.2 (HKLM-x32\...\{F7B74F3E-8B6C-4826-802E-B907BAAE4E4B}) (Version: 2.5.2 - Auerswald GmbH & Co.KG)
Auerswald COMset 2.7.2 (HKLM-x32\...\{B1D2A138-D53E-4D3F-B547-EA2277007746}) (Version: 2.7.2 - Auerswald GmbH & Co.KG)
Auerswald COMtools 2.3.2 (HKLM-x32\...\{CEDE5E8A-37C3-40C7-8F9C-7D0E70DA0C9E}) (Version: 2.3.2 - Auerswald GmbH & Co.KG)
Auerswald Mult-Core Patch (HKLM-x32\...\{16F8DE17-DC0B-4D03-AF06-90AE05B3D34E}) (Version: 1.0.0 - Auerswald GmbH & Co KG)
Auerswald SoftLCR 3.4.2 (HKLM-x32\...\{CD7DCE24-598D-49BF-A7AE-A019F9804A84}) (Version: 3.4.2 - Auerswald GmbH & Co.KG)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.1.7 - EA Digital Illusions CE AB)
Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.174.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BRAdmin Professional 3 (HKLM-x32\...\{75C885D4-C758-4896-A3B4-90DA34B44C31}) (Version: 3.53.0004 - Brother)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version:  - Infinity Ward)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.13.20.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.13.20.0 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.13.20.0 - Canon Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0423.449.6734 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CheckDrive (HKLM-x32\...\{B83513EC-2E4D-4621-816D-4CCF397BE702}_is1) (Version: 4.4 - Abelssoft)
CLICKBIOSII (HKLM-x32\...\{EBCB111F-4907-4B28-BD03-F5BD901106D2}_is1) (Version: 1.0.123 - MSI)
ControlCenter (HKLM-x32\...\{AF14F0CD-5307-4134-BDFA-15974473C1EE}_is1) (Version: 2.5.060 - MSI)
CPUID CPU-Z 1.63.0 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CrystalDiskInfo 5.6.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.6.2 - Crystal Dew World)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debug Diagnostics 2 Update 1 (HKLM\...\{7A94F4D3-AC7B-48EB-866E-BBA62AEFFA4A}) (Version: 2.1.0.7 - Microsoft Corporation)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
dreamboxEDIT -- The one and only settings editor for your Dreambox (HKLM-x32\...\dreamboxEDIT) (Version:  - )
EasyViewer (HKLM-x32\...\InstallShield_{EECD7B96-1416-4D3A-B12D-0D2512120C36}) (Version: 1.3.0.9 - MSI)
EasyViewer (x32 Version: 1.3.0.9 - MSI) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Feuerwehrverwaltung FWVV 20.0 (HKLM-x32\...\FWVV_is1) (Version: 20.0 - UH-SOFTWARE)
FileZilla Client 3.9.0.5 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
FM PDF To JPG Converter Free 2.5 (HKLM-x32\...\FM PDF To JPG Converter Free_is1) (Version: 2.5 - )
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free MP4 Video Converter version 5.0.36.319 (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.36.319 - DVDVideoSoft Ltd.)
Free Studio version 2013 (HKLM-x32\...\Free Studio_is1) (Version: 6.2.0.1029 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.30.319 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.30.319 - DVDVideoSoft Ltd.)
FRITZ!Powerline (HKLM-x32\...\{F88975C1-C182-4A51-BEDE-E333AB89F5D4}) (Version: 01.00.57 - AVM Berlin)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoogleClean (HKLM-x32\...\{4281435C-AD1D-4C8A-B9C0-3961C08EF142}_is1) (Version: 5.0.000 - Abelssoft)
GPL Ghostscript 8.71 Lite (HKLM-x32\...\GPL Ghostscript 8.71 Lite_is1) (Version: 8.71 - )
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
HDR projects elements (64-Bit) (HKLM\...\HDR projects elements_is1) (Version: 1.22 - Franzis Verlag GmbH)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Smart Connect Technology 3.0 x64 (HKLM\...\{F9384F65-8BCA-46FA-ABD0-6C7CD31D267F}) (Version: 3.0.42.1767 - Intel)
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
ISO Workshop 4.3 (HKLM-x32\...\ISO Workshop_is1) (Version:  - Glorylogic)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
JRE 1.6.1 (HKLM-x32\...\{B256C380-AC47-4681-8342-7F42E4F0F434}) (Version: 1.6.1 - Auerswald GmbH & Co.KG)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Kaspersky PURE 3.0 (HKLM-x32\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab)
Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab) Hidden
LAV Filters 0.62.0 (HKLM-x32\...\lavfilters_is1) (Version: 0.62.0 - Hendrik Leppkes)
M3U-List Creator V1.3 (HKLM-x32\...\M3U-List Creator V1.3_is1) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Medieval CUE Splitter (HKLM-x32\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
Microsoft Access database engine 2010 (German) (HKLM-x32\...\{90140000-00D1-0407-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4649.1004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Motorola Pager Programmiersoftware (HKLM-x32\...\{E5C1617B-4BB9-45F6-A669-189089D1FF80}) (Version: 2.00.0021 - Oelmann Elektronik GmbH)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSI Live Update (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.0.009 - MSI)
MSI SUITE (HKLM-x32\...\{1F025E3A-3074-48A3-A8F3-78E735739491}_is1) (Version: 1.0.036 - MSI)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4649.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1004 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.1.11.2678 - Electronic Arts, Inc.)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
PC Auto Backup (HKLM-x32\...\InstallShield_{662548BC-3506-4843-B7AA-F44D352F76A8}) (Version: 1.1.1.21 - Samsung Electronics Co,. Ltd.)
PC Auto Backup (x32 Version: 1.1.1.21 - Samsung Electronics Co,. Ltd.) Hidden
Philips Channel Editor (HKLM-x32\...\{A33473C4-3AD5-449B-9EF5-CD45D0048BCC}) (Version: 3.2.30 - Philips)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerLine Utility (HKLM-x32\...\{82AF9E7C-B592-44BB-914E-EC7653889058}) (Version: 2.0.1446 - TP-LINK)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
QNAP Finder (HKLM-x32\...\QNAP_FINDER) (Version: 1.1.0.06280 - QNAP Systems, Inc.)
QNAP NetBak Replicator (HKLM-x32\...\NetBak) (Version: 4.4.0.0821 - QNAP Systems, Inc.)
QNAP Qget (HKLM-x32\...\Qget) (Version: 3.1.4.1125 - QNAP Systems, Inc.)
QNAP Qsync (HKLM-x32\...\Qsync) (Version: 1.3.0.0702 - QNAP Systems, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
ROCCAT Kone Mouse Driver (HKLM-x32\...\{9733747E-E53D-4C17-977E-3A872AFB93E1}) (Version: 1.0 - ROCCAT)
ROCCAT Power-Grid Version 0.459 (HKLM-x32\...\{953CF6E6-4EC8-4E55-A263-720CEBD591FE}_is1) (Version: 0.459 - ROCCAT GmbH)
RW_Tools V4 (HKCU\...\RW_Tools V4) (Version:  - )
Samsung i-Launcher 1.0.1.54 (HKLM-x32\...\Samsung i-Launcher) (Version: 1.0.1.54 - Samsung Electronics Co., Ltd.)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 2.0.0.0 - Electronic Arts)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
STRATO HiDrive (remove only) (HKLM-x32\...\STRATO HiDrive) (Version:  - STRATO AG)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
THX TruStudio Pro (HKLM-x32\...\{4FA6CB9A-2972-4AAF-A36E-3C40FCC22395}) (Version: 1.04.03 - Creative Technology Limited)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Train Simulator 2013 (HKLM-x32\...\Steam App 24010) (Version:  - RailSimulator.com)
TSDoctor (HKLM-x32\...\{41472BA5-E017-4413-BA13-67FF9DDAADEB}) (Version: 1.2.134 - Cypheros)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
UKTS Freeware Pack - Blocks-Lofts-Bridges #1 (HKLM-x32\...\{07BB63A6-188D-4447-A0B6-8ED8B2075B81}) (Version: 1.0.9 - UKTrainSim)
UKTS Freeware Pack - Clutter #1 (HKLM-x32\...\{F355333F-795E-4593-ACAA-5C0F9D719D49}) (Version: 1.0.6 - UKTrainSim)
UKTS Freeware Pack - Commercial #1 (HKLM-x32\...\{64C9CBEC-1260-44F1-9304-F0CF9EFF9951}) (Version: 1.0.3 - UKTrainSim)
UKTS Freeware Pack - Foliage #1 (HKLM-x32\...\{E7B3D305-0229-4720-81A5-811E2E23DE43}) (Version: 1.0.2 - UKTrainSim)
UKTS Freeware Pack - Housing #1 (HKLM-x32\...\{AAEA1063-229A-406B-9962-864AEFBBD82F}) (Version: 1.1.1 - UKTrainSim)
UKTS Freeware Pack - Industrial #1 (HKLM-x32\...\{B19E2B7A-745D-4B67-B21B-C97F727F3923}) (Version: 1.0.3 - UKTrainSim)
UKTS Freeware Pack - Railway Buildings #1 (HKLM-x32\...\{13969A12-BC34-42DB-906D-D55FA9675EC2}) (Version: 1.0.4 - UKTrainSim)
UKTS Freeware Pack - UK Wagons #1 (HKLM-x32\...\{2CEDFC42-C1AC-443D-A11D-4BA201CC2C84}) (Version: 1.1.3 - UKTrainSim)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Winki (HKLM-x32\...\{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1) (Version: 3.2.125 - MSI)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Wireshark 1.10.5 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.10.5 - The Wireshark developer community, hxxp://www.wireshark.org)
WISO Einliegerwohnung (HKLM-x32\...\WISO Einliegerwohnung) (Version:  - Buhl Data Service GmbH)
WISO Einliegerwohnung (x32 Version: 3.0.1.83 - Buhl) Hidden
WISO Hausverwalter 2012 (HKLM-x32\...\{642308AE-ADD6-4046-8CA5-7B93B6C51913}) (Version: 6.00.7549 - Buhl Data Service GmbH)
WISO Hausverwalter 2013 (HKLM-x32\...\{BAA9D87C-DA6A-48D0-BC07-135E5B2DE5A2}) (Version: 7.00.7718 - Buhl Data Service GmbH)
WISO Hausverwalter 2014 (HKLM-x32\...\{F7DA791F-5149-4520-92F9-69379E72436F}) (Version: 8.00.8332 - Buhl Data Service GmbH)
WISO Hausverwalter 2015 (HKLM-x32\...\{E821384E-D24C-4316-9D86-872F95ED92F0}) (Version: 9.00.8468 - Buhl Data Service GmbH)
XBMC (HKCU\...\XBMC) (Version:  - Team XBMC)
X-Lite 4 (HKLM-x32\...\{E2429B81-5993-4C86-AF2E-51AB2377A9E9}) (Version: 45.6.9607 - CounterPath Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2108137100-1421275735-2102073434-1001_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {1F799383-9468-D082-D503-08EE85889A47} No File
CustomCLSID: HKU\S-1-5-21-2108137100-1421275735-2102073434-1001_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {5EAB88C9-9468-D082-9F18-DAAF85889A47} No File
CustomCLSID: HKU\S-1-5-21-2108137100-1421275735-2102073434-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frank_000\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
CustomCLSID: HKU\S-1-5-21-2108137100-1421275735-2102073434-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frank_000\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
CustomCLSID: HKU\S-1-5-21-2108137100-1421275735-2102073434-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frank_000\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
CustomCLSID: HKU\S-1-5-21-2108137100-1421275735-2102073434-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frank_000\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll No File
CustomCLSID: HKU\S-1-5-21-2108137100-1421275735-2102073434-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Frank_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2108137100-1421275735-2102073434-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Frank_000\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2108137100-1421275735-2102073434-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frank_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2108137100-1421275735-2102073434-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frank_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2108137100-1421275735-2102073434-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frank_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2108137100-1421275735-2102073434-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frank_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2108137100-1421275735-2102073434-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frank_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2108137100-1421275735-2102073434-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frank_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2108137100-1421275735-2102073434-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frank_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2108137100-1421275735-2102073434-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frank_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

17-09-2014 08:02:28 Geplanter Prüfpunkt
24-09-2014 13:11:16 Windows Update
28-09-2014 14:22:16 Installed VG JPEG-Repair Online
29-09-2014 07:42:47 2014-09-29
29-09-2014 08:03:50 Wiederherstellungsvorgang
05-10-2014 09:20:48 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {09B568FD-D3C5-4742-AAD6-BD65905DBC90} - System32\Tasks\NetBakAutoStartup => D:\QNAP\NetBak\Enclosure.exe [2014-08-21] (QNAP Systems, Inc.)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0BB8828A-1677-4C10-A9C2-6546485C4FA5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-11] (Google Inc.)
Task: {13705553-2E9B-4E12-B7DC-67E9A5C39C84} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-25] (Microsoft Corporation)
Task: {1C06E9C2-CBC6-4C2A-8E61-F3ED77FD4107} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-12] (Microsoft Corporation)
Task: {1E8805CA-4FA2-4B1F-915E-4C127E89602C} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {243DADD5-D910-41AE-82D4-60EC90A41BB0} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {272E98C3-DF25-46D5-8A03-BBC7E57A4E79} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {41B8BFEC-241C-4AD4-9586-EF983BAA7E76} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {55DD7B0D-0615-42E7-9AFF-474F4858D539} - System32\Tasks\2BrightSparks\SyncBackFree\OSTERWELLE-Frank_000\SyncBackFree sicherung usb stick => d:\SyncBackFree\SyncBackFree.exe
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8ED54AAB-E96A-4821-9C27-012F641D9A04} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2108137100-1421275735-2102073434-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {8FFE6B6F-7508-4FE3-8FAD-6DE8A25E396B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {982C67A7-7D09-406D-B62D-7332BC1FB81E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-11] (Adobe Systems Incorporated)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {ABD78709-424A-4F43-BF25-63C88826DC4B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-09-11] (Microsoft Corporation)
Task: {B22A094D-2AA0-4012-9E48-51050093F9EE} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {B71AC158-A8A7-4F94-9F4F-E68045BCFC6E} - System32\Tasks\NetBak-Osterwelle-Admin-AutoStartup => D:\QNAP\NetBak\NetBak.exe [2014-08-21] (QNAP Systems, Inc.)
Task: {C8FF2B03-A730-411F-9380-47808D60FDA0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CF6F3A46-7655-46F7-A27B-1C883B5B443B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-11] (Google Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F5C812D2-0BC5-4A5A-831D-6103433C7AC1} - System32\Tasks\Microsoft Office 15 Sync Maintenance for OSTERWELLE-Frank_000 Osterwelle => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-25] (Microsoft Corporation)
Task: {F84F68AF-95A4-4A7B-BBF6-399533143C9D} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {FF0ED3E9-ACFC-4C8A-8CBE-25877990727D} - System32\Tasks\Abelssoft\CheckDriveBackgroundGuard => C:\Program Files (x86)\CheckDrive\CheckDriveBackgroundGuard.exe [2014-01-28] (Abelssoft)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-08-10 17:13 - 2013-10-17 17:32 - 00020472 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2013-04-16 15:45 - 2014-06-24 12:04 - 00182784 _____ () d:\Allway Sync\Bin\SyncService.exe
2013-09-02 15:10 - 2014-02-19 14:49 - 00099328 ____N () C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
2014-03-25 09:39 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-10-22 11:55 - 2012-10-22 11:55 - 00149032 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2012-10-22 11:55 - 2012-10-22 11:55 - 00058920 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2010-09-03 13:11 - 2010-09-03 13:11 - 00520295 _____ () C:\Program Files (x86)\Samsung\PC Auto Backup\http_ss_win_pro.exe
2014-07-21 10:28 - 2014-06-26 09:52 - 00094416 _____ () D:\Allway Sync\Bin\syncappw.exe
2014-04-29 10:33 - 2014-04-29 10:33 - 00297680 _____ () D:\QNAP\Qsync\QsyncExt.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-09-09 17:33 - 2014-09-09 17:33 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-20 19:19 - 2012-12-20 19:19 - 00479752 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
2012-12-20 19:19 - 2012-12-20 19:19 - 01310728 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll
2014-09-04 08:38 - 2005-07-18 13:43 - 00160256 _____ () C:\MSI\Live Update\unrar.dll
2010-04-30 14:02 - 2010-04-30 14:02 - 00057344 _____ () C:\Program Files (x86)\Samsung\PC Auto Backup\lang.dll
2014-08-28 11:24 - 2013-09-17 03:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-10-07 18:53 - 2014-10-07 18:53 - 00098816 _____ () C:\Users\Frank_000\AppData\Local\Temp\_MEI43602\win32api.pyd
2014-10-07 18:53 - 2014-10-07 18:53 - 00110080 _____ () C:\Users\Frank_000\AppData\Local\Temp\_MEI43602\pywintypes27.dll
2014-10-07 18:53 - 2014-10-07 18:53 - 00364544 _____ () C:\Users\Frank_000\AppData\Local\Temp\_MEI43602\pythoncom27.dll
2014-10-07 18:53 - 2014-10-07 18:53 - 00045568 _____ () C:\Users\Frank_000\AppData\Local\Temp\_MEI43602\_socket.pyd
2014-10-07 18:53 - 2014-10-07 18:53 - 01160704 _____ () C:\Users\Frank_000\AppData\Local\Temp\_MEI43602\_ssl.pyd
2014-10-07 18:53 - 2014-10-07 18:53 - 00320512 _____ () C:\Users\Frank_000\AppData\Local\Temp\_MEI43602\win32com.shell.shell.pyd
2014-10-07 18:53 - 2014-10-07 18:53 - 00713216 _____ () C:\Users\Frank_000\AppData\Local\Temp\_MEI43602\_hashlib.pyd
2014-10-07 18:53 - 2014-10-07 18:53 - 01175040 _____ () C:\Users\Frank_000\AppData\Local\Temp\_MEI43602\wx._core_.pyd
2014-10-07 18:53 - 2014-10-07 18:53 - 00805888 _____ () C:\Users\Frank_000\AppData\Local\Temp\_MEI43602\wx._gdi_.pyd
2014-10-07 18:53 - 2014-10-07 18:53 - 00811008 _____ () C:\Users\Frank_000\AppData\Local\Temp\_MEI43602\wx._windows_.pyd
2014-10-07 18:53 - 2014-10-07 18:53 - 01062400 _____ () C:\Users\Frank_000\AppData\Local\Temp\_MEI43602\wx._controls_.pyd
2014-10-07 18:53 - 2014-10-07 18:53 - 00735232 _____ () C:\Users\Frank_000\AppData\Local\Temp\_MEI43602\wx._misc_.pyd
2014-10-07 18:53 - 2014-10-07 18:53 - 00128512 _____ () C:\Users\Frank_000\AppData\Local\Temp\_MEI43602\_elementtree.pyd
2014-10-07 18:53 - 2014-10-07 18:53 - 00127488 _____ () C:\Users\Frank_000\AppData\Local\Temp\_MEI43602\pyexpat.pyd
2014-10-07 18:53 - 2014-10-07 18:53 - 00557056 _____ () C:\Users\Frank_000\AppData\Local\Temp\_MEI43602\pysqlite2._sqlite.pyd
2014-10-07 18:53 - 2014-10-07 18:53 - 00007168 _____ () C:\Users\Frank_000\AppData\Local\Temp\_MEI43602\hashobjs_ext.pyd
2014-10-07 18:53 - 2014-10-07 18:53 - 00087552 _____ () C:\Users\Frank_000\AppData\Local\Temp\_MEI43602\_ctypes.pyd
2014-10-07 18:53 - 2014-10-07 18:53 - 00119808 _____ () C:\Users\Frank_000\AppData\Local\Temp\_MEI43602\win32file.pyd
2014-10-07 18:53 - 2014-10-07 18:53 - 00108544 _____ () C:\Users\Frank_000\AppData\Local\Temp\_MEI43602\win32security.pyd
2014-10-07 18:53 - 2014-10-07 18:53 - 00018432 _____ () C:\Users\Frank_000\AppData\Local\Temp\_MEI43602\win32event.pyd
2014-10-07 18:53 - 2014-10-07 18:53 - 00038912 _____ () C:\Users\Frank_000\AppData\Local\Temp\_MEI43602\win32inet.pyd
2014-10-07 18:53 - 2014-10-07 18:53 - 00070656 _____ () C:\Users\Frank_000\AppData\Local\Temp\_MEI43602\wx._html2.pyd
2014-10-07 18:53 - 2014-10-07 18:53 - 00167936 _____ () C:\Users\Frank_000\AppData\Local\Temp\_MEI43602\win32gui.pyd
2014-10-07 18:53 - 2014-10-07 18:53 - 00011264 _____ () C:\Users\Frank_000\AppData\Local\Temp\_MEI43602\win32crypt.pyd
2014-10-07 18:53 - 2014-10-07 18:53 - 00027136 _____ () C:\Users\Frank_000\AppData\Local\Temp\_MEI43602\_multiprocessing.pyd
2014-10-07 18:53 - 2014-10-07 18:53 - 00686080 _____ () C:\Users\Frank_000\AppData\Local\Temp\_MEI43602\unicodedata.pyd
2014-10-07 18:53 - 2014-10-07 18:53 - 00122368 _____ () C:\Users\Frank_000\AppData\Local\Temp\_MEI43602\wx._wizard.pyd
2014-10-07 18:53 - 2014-10-07 18:53 - 00010240 _____ () C:\Users\Frank_000\AppData\Local\Temp\_MEI43602\select.pyd
2014-10-07 18:53 - 2014-10-07 18:53 - 00024064 _____ () C:\Users\Frank_000\AppData\Local\Temp\_MEI43602\win32pipe.pyd
2014-10-07 18:53 - 2014-10-07 18:53 - 00025600 _____ () C:\Users\Frank_000\AppData\Local\Temp\_MEI43602\win32pdh.pyd
2014-10-07 18:53 - 2014-10-07 18:53 - 00525640 _____ () C:\Users\Frank_000\AppData\Local\Temp\_MEI43602\windows._lib_cacheinvalidation.pyd
2014-10-07 18:53 - 2014-10-07 18:53 - 00035840 _____ () C:\Users\Frank_000\AppData\Local\Temp\_MEI43602\win32process.pyd
2014-10-07 18:53 - 2014-10-07 18:53 - 00017408 _____ () C:\Users\Frank_000\AppData\Local\Temp\_MEI43602\win32profile.pyd
2014-10-07 18:53 - 2014-10-07 18:53 - 00022528 _____ () C:\Users\Frank_000\AppData\Local\Temp\_MEI43602\win32ts.pyd
2014-10-07 18:53 - 2014-10-07 18:53 - 00078336 _____ () C:\Users\Frank_000\AppData\Local\Temp\_MEI43602\wx._animate.pyd
2014-07-21 10:28 - 2014-06-24 12:04 - 08567808 _____ () D:\Allway Sync\Bin\syncapp.dll
2014-06-20 10:25 - 2014-09-25 08:48 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-06-18 10:43 - 2014-06-18 10:43 - 00151552 _____ () D:\QNAP\Qsync\IOTCAPIs.dll
2014-06-18 10:43 - 2014-06-18 10:43 - 00086016 _____ () D:\QNAP\Qsync\P2PTunnelAPIs.dll
2014-06-18 10:44 - 2014-06-18 10:44 - 00116224 _____ () D:\QNAP\Qsync\RdiffDll.dll
2014-06-18 10:43 - 2014-06-18 10:43 - 00098304 _____ () D:\QNAP\Qsync\RDTAPIs.dll
2014-10-07 18:53 - 2014-10-07 18:53 - 00043008 _____ () c:\Users\Frank_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbvzphy.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Frank_000\AppData\Roaming\Dropbox\bin\libcef.dll
2012-12-20 19:19 - 2012-12-20 19:19 - 00093192 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avpapplication.dll
2014-06-20 10:26 - 2014-09-25 08:49 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-06-20 10:25 - 2014-09-25 08:48 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2014-09-29 13:50 - 2014-09-29 13:50 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Frank_000\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Frank_000\Desktop\1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Frank_000\Desktop\1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Frank_000\Desktop\2.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Frank_000\Desktop\2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: MSI_FastBoot => 2
HKLM\...\StartupApproved\StartupFolder: => "iSCTsysTray.lnk"
HKLM\...\StartupApproved\Run32: => "Live Update 5"

========================= Accounts: ==========================

Admin (S-1-5-21-2108137100-1421275735-2102073434-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2108137100-1421275735-2102073434-500 - Administrator - Disabled)
Frank_000 (S-1-5-21-2108137100-1421275735-2102073434-1002 - Limited - Enabled) => C:\Users\Frank_000
Gast (S-1-5-21-2108137100-1421275735-2102073434-501 - Limited - Disabled)
Tanja (S-1-5-21-2108137100-1421275735-2102073434-1005 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (10/07/2014 07:11:07 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.

Error: (10/07/2014 07:11:07 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 112.

Error: (10/07/2014 07:09:31 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.

Error: (10/07/2014 07:09:31 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 112.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-02-07 12:06:31.113
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\fus2base.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-07 09:42:37.246
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\fus2base.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-07 09:42:34.811
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avmcowan.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-06 11:45:28.762
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\fus2base.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-06 11:45:26.405
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avmcowan.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-06 11:44:02.380
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-06 11:44:02.357
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-06 11:44:02.257
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-06 11:44:02.240
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-06 11:44:02.222
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 29%
Total physical RAM: 8141.68 MB
Available physical RAM: 5732.63 MB
Total Pagefile: 9421.68 MB
Available Pagefile: 6638.24 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (SSD) (Fixed) (Total:111.45 GB) (Free:12.21 GB) NTFS
Drive d: (SATA) (Fixed) (Total:233.76 GB) (Free:140.39 GB) NTFS
Drive i: (Sicherungsplatte) (Fixed) (Total:233.76 GB) (Free:52.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: BD3ADAC5)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 233.8 GB) (Disk ID: 71AC5D87)
Partition 1: (Active) - (Size=233.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 233.8 GB) (Disk ID: F741A295)
Partition 1: (Not Active) - (Size=233.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 08.10.2014, 11:53

Noch Probleme?

jackyd · 08.10.2014, 14:24

Hallo.

NEIN, keine Probleme mehr mit der Maschine.
Scheint behoben zu sein
(es sei denn, die letzten Log's haben nochwas aufgedeckt, was ich nicht sehen (sehen kann))

Ich werde den Support hier weiter empfehlen

schrauber · 09.10.2014, 10:46

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

08.10.2014, 11:53	#17
schrauber /// the machine /// TB-Ausbilder	$C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Roaming\BabSolution\Shared\enhancedNT.dll - Standard$ C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Roaming\BabSolution\Shared\enhancedNT.dll Noch Probleme? __________________ __________________

C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Roaming\BabSolution\Shared\enhancedNT.dll

Log-Analyse und Auswertung: C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Roaming\BabSolution\Shared\enhancedNT.dll