Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Optimizer Pro

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.12.2014, 14:08   #1
Snoosel
 
Optimizer Pro - Standard

Optimizer Pro



Hallo,
keine Ahnung warum immer ich.
Nu ist ein Optimizer Pro auf meinem Rechner, Google sagt, den soll man nicht selbst löschen, drum bin ich hier.
Wie er auf den Rechner kam, keine Ahnung. Allerdings lud ich den Browser Firefox runter, ab da öffneten sich Fenster die nie abgefragt wurden. Boah das war Streß.
Firefox ist jetzt deinstalliert.
Löschte mit Adw Cleaner Optimizer Pro, denn nur dieses Problem wurde angezeigt.
Jetzt kommts:
Wir arbeiten (beruflich) mit einem Tablet, dieses schickt Daten per Luftinternet :-))) zu unserem Rechner.
Das war ab da unmöglich. Ich machte eine Systemwiederherstellung.
Nu klappt alles doch der Optimizer Pro ist wieder da.
Auch meine MWB zeigt jetzt 14 Probleme an.
Kann den jemand entfernen und mir erklären was der bedeutet?

Schöne Grüße Ute


HTML-Code:
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 30.12.2014
Suchlauf-Zeit: 12:18:17
Logdatei: 30.12.2014 mwb.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2014.12.30.04
Rootkit Datenbank: v2014.12.29.02
Lizenz: Premium
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Ute

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 536979
Verstrichene Zeit: 21 Min, 58 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 12
PUP.Optional.Vosteran, C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\956apvdl.default\user.js, Gut: (), Schlecht: (user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran");), ,[699398d096e686b0e8df259339ccd729]
PUP.Optional.Vosteran, C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\956apvdl.default\user.js, Gut: (), Schlecht: (tDtN1L1CzuC0D0A0EAyD




user_pref("extensions.sr), ,[c03c7cec0f6d4aecd8ef0fa97e8707f9]
PUP.Optional.Vosteran, C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\956apvdl.default\user.js, Gut: (), Schlecht: (FyCtFtDtN1L1CzuC0D0A0EAyD




user_pref("extensions.srch), ,[f20acf990b71fc3a40874672d5309e62]
PUP.Optional.Vosteran, C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\956apvdl.default\user.js, Gut: (), Schlecht: (tN1L1CzuC0D0A0EAyD




user_pref("extensions.src), ,[ea120761cbb11d197354744432d334cc]
PUP.Optional.Vosteran, C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\956apvdl.default\user.js, Gut: (), Schlecht: (tFyCtFtDtN1L1CzuC0D0A0EAyD




user_pref(), ,[d92341279ae2ce68b512a81026df9070]
PUP.Optional.Vosteran, C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\956apvdl.default\user.js, Gut: (), Schlecht: (

usetFyCtFtDtN1L1CzuC0D0A0EAyD




user_pref("ex), ,[d82465035e1e5fd773549325d62f53ad]
PUP.Optional.Vosteran, C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\956apvdl.default\user.js, Gut: (), Schlecht: (CtFtDtN1L1CzuC0D0A0EAyD




user_pref("ext), ,[a15b3632c9b3de5820a7e1d74cb927d9]
PUP.Optional.Vosteran, C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\956apvdl.default\user.js, Gut: (), Schlecht: (

usetFyCtFtDtN1L1CzuC0D0A0EAyD




user_pref("extensions.srchvstrn.prtnrId",), ,[37c5ff69f18bd660b512c1f74abb936d]
PUP.Optional.Vosteran, C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\956apvdl.default\user.js, Gut: (), Schlecht: (


user_pref("extensions.srchvstrn.prtnrId", "W), ,[09f32c3c9fdd37ff27a0b206050020e0]
PUP.Optional.Vosteran, C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\956apvdl.default\user.js, Gut: (), Schlecht: (usetFyCtFtDtN1L1CzuC0D0A0EAyD




user_pref("e), ,[a15bfd6b46360135fbcc6850c342bc44]
PUP.Optional.Vosteran, C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\956apvdl.default\user.js, Gut: (), Schlecht: (setFyCtFtDtN1L1CzuC0D0A0EAyD




user_pref("extensions.srchvstrn.prt), ,[3fbdc8a0314b142209beeace57aeb64a]
PUP.Optional.Vosteran, C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\956apvdl.default\user.js, Gut: (), Schlecht: (A0EAyD




user_pref("extensions.src), ,[01fbb8b086f637ff6661dade788df40c]

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
HTML-Code:
# AdwCleaner v4.106 - Bericht erstellt am 26/12/2014 um 09:11:36
# Aktualisiert 21/12/2014 von Xplode
# Database : 2014-12-21.4 [Live]
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : Ute - FUGENTECHNIK
# Gestartet von : C:\Users\Ute\Desktop\AdwCleaner_4.106.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v


-\\ Google Chrome v39.0.2171.95


*************************

AdwCleaner[R0].txt - [9691 octets] - [23/12/2014 12:53:47]
AdwCleaner[R1].txt - [898 octets] - [25/12/2014 20:30:08]
AdwCleaner[R2].txt - [757 octets] - [26/12/2014 09:11:36]
AdwCleaner[S0].txt - [9162 octets] - [23/12/2014 12:56:20]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [876 octets] ##########
# AdwCleaner v4.106 - Bericht erstellt am 30/12/2014 um 13:04:02
# Aktualisiert 21/12/2014 von Xplode
# Database : 2014-12-28.1 [Live]
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : Ute - FUGENTECHNIK
# Gestartet von : C:\Users\Ute\Desktop\AdwCleaner_4.106.exe
# Option : Suchen

***** [ Dienste ] *****

Dienst Gefunden : 51cdb72

***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\956apvdl.default\user.js
Ordner Gefunden : C:\AdVantage
Ordner Gefunden : C:\Program Files (x86)\Amazon\ABB
Ordner Gefunden : C:\Users\Ute\AppData\Local\Temp\BrowseStudio

***** [ Tasks ] *****

Task Gefunden : Update Service YourFileDownloader

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gefunden : HKCU\Software\Imesh
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6BDE05EA-7188-462D-9130-B5DF3489588D}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\Optimizer Pro
Schlüssel Gefunden : [x64] HKCU\Software\Imesh
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6BDE05EA-7188-462D-9130-B5DF3489588D}
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\Optimizer Pro
Schlüssel Gefunden : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gefunden : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gefunden : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\iMesh.AudioCD
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Schlüssel Gefunden : HKLM\SOFTWARE\InstallCore
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Schlüssel Gefunden : HKLM\SOFTWARE\Trymedia Systems
Schlüssel Gefunden : HKLM\SOFTWARE\YourFileDownloader
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6BDE05EA-7188-462D-9130-B5DF3489588D}

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v31.0 (x86 de)

[956apvdl.default] - Zeile gefunden : user_pref("browser.search.selectedEngine", "Vosteran");

-\\ Google Chrome v39.0.2171.71


*************************

AdwCleaner[R0].txt - [14960 octets] - [23/12/2014 12:53:47]
AdwCleaner[R1].txt - [4756 octets] - [25/12/2014 20:30:08]
AdwCleaner[R2].txt - [4351 octets] - [26/12/2014 09:11:36]
AdwCleaner[R3].txt - [1014 octets] - [27/12/2014 16:48:30]
AdwCleaner[R4].txt - [1074 octets] - [28/12/2014 03:54:26]
AdwCleaner[R5].txt - [303 octets] - [28/12/2014 03:57:06]
AdwCleaner[R6].txt - [1195 octets] - [28/12/2014 04:00:28]
AdwCleaner[S0].txt - [9162 octets] - [23/12/2014 12:56:20]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [4710 octets] ##########

Alt 30.12.2014, 14:29   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Optimizer Pro - Standard

Optimizer Pro



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 31.12.2014, 13:37   #3
Snoosel
 
Optimizer Pro - Standard

Optimizer Pro



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by Ute at 2014-12-30 15:35:17
Running from C:\Users\Ute\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.34 (HKLM-x32\...\{23170F69-40C1-2701-0934-000001000000}) (Version: 9.34.00.0 - Igor Pavlov)
7-Zip 9.34 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0934-000001000000}) (Version: 9.34.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Advantage Database Server for Windows v11.10 (HKLM-x32\...\{8F7F5EAD-7785-4246-83F0-C6A9204AF971}) (Version: 11.10.0001 - Sybase, Inc.)
Amazon Cloud Player (HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\Amazon Amazon Cloud Player) (Version: 2.4.0.33 - Amazon Services LLC)
Amazon Cloud Player (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Amazon Amazon Cloud Player) (Version: 2.4.0.33 - Amazon Services LLC)
Amazon Cloud Player (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Amazon Amazon Cloud Player) (Version: 2.4.0.33 - Amazon Services LLC)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 3.0.0 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 3.0.0 - Amazon Services LLC) Hidden
AVM FRITZ! (HKLM-x32\...\FRITZ! 2.0) (Version:  - AVM Berlin)
AVM ISDN CAPI Port (HKLM-x32\...\AVM ISDN CAPI Port) (Version:  - )
BUHL-Lizenzmanagement-Software (x32 Version: 1.01.0000 - Buhl Data Service GmbH) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Cisco WebEx-Produktivitätswerkzeuge (HKLM-x32\...\{EC4A8038-085D-4FB7-BF70-338296E33FE5}) (Version: 11.1.30800 - Cisco WebEx LLC)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0911 - Lenovo)
Dropbox (HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Fotostory 3 für Windows (HKLM-x32\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.15 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 7.0.4.2033 (HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\GoToMeeting) (Version: 7.0.4.2033 - CitrixOnline)
GoToMeeting 7.0.4.2033 (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\GoToMeeting) (Version: 7.0.4.2033 - CitrixOnline)
GoToMeeting 7.0.4.2033 (HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\GoToMeeting) (Version: 7.0.4.2033 - CitrixOnline)
IIS 7.5 Express (HKLM-x32\...\{433E2032-D3E0-46FF-BAA4-0976F333C1E4}) (Version: 7.5.1070 - Microsoft Corporation)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
PDF24 Creator 6.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6743 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Snagit 11 (HKLM-x32\...\{A7E2223E-4AE4-45C8-9B6C-1C893EDF11BD}) (Version: 11.4.0 - TechSmith Corporation)
TopApps Service (HKLM-x32\...\{B2BB7D05-F646-41C7-9CE4-CE77469C0899}_is1) (Version: 2.5.1 - )
TopKontor Handwerk Version 5 (HKLM-x32\...\{640A92A1-9B8B-4C80-B412-9595460EBC53}_is1) (Version: 5 - )
UltiDev Web Server Pro (x32 Version: 2.0.18 - UltiDev LLC) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VR-NetWorld (HKLM-x32\...\{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

16-12-2014 07:38:47 Windows Modules Installer
24-12-2014 11:29:49 Geplanter Prüfpunkt
29-12-2014 12:39:30 Wiederherstellungsvorgang

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {10C464AB-F818-496E-9743-F105C3A2E2C0} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe
Task: {28CD7355-CB57-4CC9-BDA7-6351E804957A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {2EC50909-A5B8-4061-900F-7FBAF516F26A} - System32\Tasks\Lenovo\Lenovo-25838 => C:\ProgramData\Lenovo-25838.vbs [2013-10-18] ()
Task: {3091D35C-7453-498F-BD0B-015E9E50D999} - \Update Service YourFileDownloader No Task File <==== ATTENTION
Task: {3864244B-592B-4F61-8F7E-F61734C03B58} - System32\Tasks\G2MUpdateTask-S-1-5-21-4278806244-3946690954-89611405-1001 => C:\Users\Ute\AppData\Local\Citrix\GoToMeeting\2033\g2mupdate.exe [2014-11-26] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {4927924C-A5E3-47FF-B9E9-B80557B576DE} - System32\Tasks\{4DFDCA33-7855-42CE-A167-53B2FA91D197} => pcalua.exe -a "C:\Users\Ute\AppData\Roaming\1H1Q1V1N1N1O1R\PDF Creator Packages\uninstaller.exe" -c /Uninstall /NM="PDF Creator Packages" /AN="1H1Q1V1N1N1O1R" /MBN="PDF Creator Packages"
Task: {51A427BB-2B0C-4F4B-B3BE-A9A2FAD1E4DF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {57799BD6-455E-4C11-B681-1B5A10F1C796} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2013-10-04] (TechSmith Corporation)
Task: {76F82560-6DA7-4132-8EEA-034B4CEF1C14} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: {7E83B592-067F-4486-9D07-E9250B9FCC71} - System32\Tasks\{8DC9A3B1-9955-4D2E-8E23-E1AD9817AA96} => pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe"
Task: {82E3EA42-715F-4BB2-A57F-3C3E9B8B3A34} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-29] (Microsoft Corporation)
Task: {8D39BC23-CB47-408E-BE53-D89D35E46A7B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4278806244-3946690954-89611405-1001.job => C:\Users\Ute\AppData\Local\Citrix\GoToMeeting\2033\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-12-20 13:57 - 2006-02-23 11:35 - 00020480 _____ () C:\WINDOWS\System32\FritzColorPort64.dll
2013-12-20 13:57 - 2006-02-22 10:39 - 00020480 _____ () C:\WINDOWS\System32\FritzPort64.dll
2013-10-18 10:59 - 2011-08-16 19:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2013-10-18 11:15 - 2013-05-14 19:53 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-12-02 14:20 - 2014-12-02 14:20 - 00010752 _____ () C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\root\07504d0b\fa6973ba\App_Web_0cazmffj.dll
2014-12-02 14:20 - 2014-12-02 14:20 - 00049152 _____ () C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\root\07504d0b\fa6973ba\App_Web_csh4c4a6.dll
2014-11-27 12:08 - 2014-11-25 06:48 - 10689352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-27 12:08 - 2014-11-25 06:48 - 01856840 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
2014-11-27 12:08 - 2014-11-25 06:48 - 26722120 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll
2014-11-27 12:08 - 2014-11-25 06:48 - 01408328 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-27 12:08 - 2014-11-25 06:48 - 00204616 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-12-29 13:20 - 2014-12-29 13:20 - 02173952 _____ () C:\Users\Ute\Desktop\AdwCleaner_4.106.exe
2014-12-29 21:22 - 2013-11-26 10:52 - 02698240 _____ () C:\ProgramData\blue solution\Handwerk 5\ServiceProcs069DBDC7.aep
2013-12-16 19:57 - 2013-01-23 08:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-02-04 21:20 - 2014-12-03 09:03 - 03339376 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-02-04 21:20 - 2014-12-03 09:03 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-02-04 21:20 - 2014-12-03 09:03 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Ute\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Ute\Desktop\Fwd  Daten zur Einrichtung.eml:OECustomProperty
AlternateDataStreams: C:\Users\Ute\Desktop\Ihr Gutschein für druckerzubehoer.de.eml:OECustomProperty
AlternateDataStreams: C:\Users\Ute\Desktop\Ihr Jochen Schweizer Beleg.eml:OECustomProperty
AlternateDataStreams: C:\Users\Ute\Desktop\[Ticket#10297215] Ihre Buchung bei Jochen Schweizer Erlebnisse.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "ISDNWatch.lnk"
HKLM\...\StartupApproved\StartupFolder: => "VR-NetWorld Auftragsprüfung.lnk"
HKLM\...\StartupApproved\Run: => "vksts"
HKLM\...\StartupApproved\Run: => "TrayApplication"
HKLM\...\StartupApproved\Run: => "CsrAudioguiCtrl"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "LVT"
HKLM\...\StartupApproved\Run32: => "mcpltui_exe"
HKLM\...\StartupApproved\Run32: => "mcui_exe"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "ControlCenter3"
HKLM\...\StartupApproved\Run32: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "BrMfcWnd"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "PPort11reminder"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "PSUAMain"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\StartupApproved\Run: => "RESTART_STICKY_NOTES"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\StartupApproved\Run: => "Amazon Cloud Player"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\StartupApproved\Run: => "PTOneClick"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "RESTART_STICKY_NOTES"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Amazon Cloud Player"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "PTOneClick"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\Run: => "RESTART_STICKY_NOTES"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\Run: => "Amazon Cloud Player"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\Run: => "PTOneClick"

========================= Accounts: ==========================

admin (S-1-5-21-4278806244-3946690954-89611405-1005 - Administrator - Enabled) => C:\Users\admin
admin2 (S-1-5-21-4278806244-3946690954-89611405-1006 - Limited - Enabled) => C:\Users\admin2
Administrator (S-1-5-21-4278806244-3946690954-89611405-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-4278806244-3946690954-89611405-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-4278806244-3946690954-89611405-1004 - Limited - Enabled)
Ute (S-1-5-21-4278806244-3946690954-89611405-1001 - Administrator - Enabled) => C:\Users\Ute

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/30/2014 00:55:05 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (12/30/2014 00:51:01 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (12/29/2014 02:00:00 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1152) SRUJet: Fehler -1811 (0xfffff8ed) beim Öffnen von Protokolldatei C:\WINDOWS\system32\SRU\SRU001E8.log.

Error: (12/29/2014 08:56:44 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (12/29/2014 08:51:44 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (12/29/2014 07:01:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.1.711, Zeitstempel: 0x542b53ec
Name des fehlerhaften Moduls: mbamcore.dll, Version: 1.1.20.0, Zeitstempel: 0x5425b0dd
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000023d4
ID des fehlerhaften Prozesses: 0x222c
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Vollständiger Name des fehlerhaften Pakets: mbam.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbam.exe5

Error: (12/28/2014 09:44:38 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (12/28/2014 04:00:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm AdwCleaner_4.106.exe, Version 4.1.0.6 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 46f8

Startzeit: 01d02249f4ef87dc

Endzeit: 4294967295

Anwendungspfad: C:\Users\Ute\Desktop\AdwCleaner_4.106.exe

Berichts-ID: a6eba8fc-8e3d-11e4-bf1b-7427eae5d5e4

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/27/2014 07:45:37 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (12/27/2014 07:41:03 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.


System errors:
=============
Error: (12/30/2014 00:43:37 PM) (Source: DCOM) (EventID: 10010) (User: Fugentechnik)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (12/30/2014 09:47:52 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet: 
%%1

Error: (12/29/2014 09:09:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CSR OBEX-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (12/29/2014 09:09:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht.

Error: (12/29/2014 09:08:00 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (12/29/2014 08:50:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CSR OBEX-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (12/29/2014 08:50:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht.

Error: (12/29/2014 08:48:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: 
%%1062

Error: (12/29/2014 08:47:41 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Update für Windows 8.1 für x64-Systeme (KB3004394)

Error: (12/29/2014 08:47:41 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Update für Windows 8.1 für x64-Systeme (KB2989930)


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-12-30 12:42:21.950
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-30 12:42:21.780
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-30 12:42:21.608
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-30 12:42:17.942
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-30 12:42:17.761
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-30 12:42:17.416
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-30 12:42:17.082
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-30 10:41:15.473
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-30 10:41:15.295
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-30 10:41:15.106
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 69%
Total physical RAM: 4010.35 MB
Available physical RAM: 1210.91 MB
Total Pagefile: 5765.72 MB
Available Pagefile: 629.95 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:439.16 GB) (Free:372.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: A5C61E19)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Ute (administrator) on FUGENTECHNIK on 30-12-2014 15:31:44
Running from C:\Users\Ute\Desktop
Loaded Profiles: Ute &  (Available profiles: Ute & admin & admin2 & Administrator)
Platform: Windows 8 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVM Berlin) C:\Program Files (x86)\Common Files\AVM\De_serv.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\jmesoft\Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(blue:solution software GmbH) C:\ProgramData\blue solution\Handwerk 5\TopAppService\TopDnsService.exe
(UltiDev LLC) C:\Program Files (x86)\UltiDev\Web Server\UWS.HighPrivilegeUtilities.exe
(UltiDev LLC) C:\Program Files (x86)\UltiDev\Web Server\UWS.LowPrivilegeUtilities.exe
(iAnywhere Solutions, Inc.) C:\ADVANTAGE\Server\ads.exe
(UltiDev LLC) C:\Program Files (x86)\UltiDev\Web Server\UltiDev.WebServer.Monitor.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(UltiDev LLC) C:\Program Files (x86)\UltiDev\Web Server\UWS.AppHost.Clr4.x86.exe
(UltiDev LLC) C:\Program Files (x86)\UltiDev\Web Server\UWS.AppHost.Clr2.AnyCpu.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Windows\Temp\39.0.2171.95_chrome64_installer.exe3b60e99
(Google Inc.) C:\Windows\Temp\CR_FF79A.tmp\setup.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
() C:\Users\Ute\Desktop\AdwCleaner_4.106.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(blue:solution software GmbH) C:\Program Files (x86)\blue solution\Handwerk 5\Handwerk.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\Run: [RESTART_STICKY_NOTES] => C:\WINDOWS\system32\StikyNot.exe [457728 2013-11-14] (Microsoft Corporation)
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\Run: [PTOneClick] => C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe [187920 2014-08-25] (Cisco WebEx LLC)
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RESTART_STICKY_NOTES] => C:\WINDOWS\system32\StikyNot.exe [457728 2013-11-14] (Microsoft Corporation)
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [PTOneClick] => C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe [187920 2014-08-25] (Cisco WebEx LLC)
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [RESTART_STICKY_NOTES] => C:\WINDOWS\system32\StikyNot.exe [457728 2013-11-14] (Microsoft Corporation)
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [PTOneClick] => C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe [187920 2014-08-25] (Cisco WebEx LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISDNWatch.lnk
ShortcutTarget: ISDNWatch.lnk -> C:\Program Files (x86)\FRITZ!\IWatch.exe (AVM Berlin)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VR-NetWorld Auftragsprüfung.lnk
ShortcutTarget: VR-NetWorld Auftragsprüfung.lnk -> C:\Program Files (x86)\VR-NetWorld\vrtoolcheckorder.exe (VR-NetWorld Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4278806244-3946690954-89611405-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
URLSearchHook: [S-1-5-21-4278806244-3946690954-89611405-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-21-4278806244-3946690954-89611405-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> DefaultScope {6BDE05EA-7188-462D-9130-B5DF3489588D} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_14_49_ch&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0A0EyD0DyD0EyEzy0AyBzztN0D0Tzu0StCtDyCyDtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StDyCzy0CtDyEtA0FtGyC0AyBzytGyC0EyDyEtGtC0DyB0FtGtDyEzzzzzz0Czz0D0AyBtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0D0A0E0EtByE0FtGzz0BtCtCtGyEzz0CtBtG0A0F0C0AtGtBtC0Bzy0AyDzz0B0C0ByDtA2Q&cr=587638339&ir=
SearchScopes: HKLM -> {6BDE05EA-7188-462D-9130-B5DF3489588D} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_14_49_ch&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0A0EyD0DyD0EyEzy0AyBzztN0D0Tzu0StCtDyCyDtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StDyCzy0CtDyEtA0FtGyC0AyBzytGyC0EyDyEtGtC0DyB0FtGtDyEzzzzzz0Czz0D0AyBtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0D0A0E0EtByE0FtGzz0BtCtCtGyEzz0CtBtG0A0F0C0AtGtBtC0Bzy0AyDzz0B0C0ByDtA2Q&cr=587638339&ir=
SearchScopes: HKU\S-1-5-21-4278806244-3946690954-89611405-1001 -> DefaultScope {6BDE05EA-7188-462D-9130-B5DF3489588D} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_14_49_ch&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0A0EyD0DyD0EyEzy0AyBzztN0D0Tzu0StCtDyCyDtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StDyCzy0CtDyEtA0FtGyC0AyBzytGyC0EyDyEtGtC0DyB0FtGtDyEzzzzzz0Czz0D0AyBtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0D0A0E0EtByE0FtGzz0BtCtCtGyEzz0CtBtG0A0F0C0AtGtBtC0Bzy0AyDzz0B0C0ByDtA2Q&cr=587638339&ir=
SearchScopes: HKU\S-1-5-21-4278806244-3946690954-89611405-1001 -> {6BDE05EA-7188-462D-9130-B5DF3489588D} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_14_49_ch&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0A0EyD0DyD0EyEzy0AyBzztN0D0Tzu0StCtDyCyDtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StDyCzy0CtDyEtA0FtGyC0AyBzytGyC0EyDyEtGtC0DyB0FtGtDyEzzzzzz0Czz0D0AyBtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0D0A0E0EtByE0FtGzz0BtCtCtGyEzz0CtBtG0A0F0C0AtGtBtC0Bzy0AyDzz0B0C0ByDtA2Q&cr=587638339&ir=
SearchScopes: HKU\S-1-5-21-4278806244-3946690954-89611405-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {6BDE05EA-7188-462D-9130-B5DF3489588D} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_14_49_ch&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0A0EyD0DyD0EyEzy0AyBzztN0D0Tzu0StCtDyCyDtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StDyCzy0CtDyEtA0FtGyC0AyBzytGyC0EyDyEtGtC0DyB0FtGtDyEzzzzzz0Czz0D0AyBtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0D0A0E0EtByE0FtGzz0BtCtCtGyEzz0CtBtG0A0F0C0AtGtBtC0Bzy0AyDzz0B0C0ByDtA2Q&cr=587638339&ir=
SearchScopes: HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6BDE05EA-7188-462D-9130-B5DF3489588D} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_14_49_ch&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0A0EyD0DyD0EyEzy0AyBzztN0D0Tzu0StCtDyCyDtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StDyCzy0CtDyEtA0FtGyC0AyBzytGyC0EyDyEtGtC0DyB0FtGtDyEzzzzzz0Czz0D0AyBtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0D0A0E0EtByE0FtGzz0BtCtCtGyEzz0CtBtG0A0F0C0AtGtBtC0Bzy0AyDzz0B0C0ByDtA2Q&cr=587638339&ir=
SearchScopes: HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {6BDE05EA-7188-462D-9130-B5DF3489588D} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_14_49_ch&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0A0EyD0DyD0EyEzy0AyBzztN0D0Tzu0StCtDyCyDtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StDyCzy0CtDyEtA0FtGyC0AyBzytGyC0EyDyEtGtC0DyB0FtGtDyEzzzzzz0Czz0D0AyBtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0D0A0E0EtByE0FtGzz0BtCtCtGyEzz0CtBtG0A0F0C0AtGtBtC0Bzy0AyDzz0B0C0ByDtA2Q&cr=587638339&ir=
SearchScopes: HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {6BDE05EA-7188-462D-9130-B5DF3489588D} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_14_49_ch&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0A0EyD0DyD0EyEzy0AyBzztN0D0Tzu0StCtDyCyDtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StDyCzy0CtDyEtA0FtGyC0AyBzytGyC0EyDyEtGtC0DyB0FtGtDyEzzzzzz0Czz0D0AyBtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0D0A0E0EtByE0FtGzz0BtCtCtGyEzz0CtBtG0A0F0C0AtGtBtC0Bzy0AyDzz0B0C0ByDtA2Q&cr=587638339&ir=
SearchScopes: HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: WebEx Productivity Tools -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Cisco WebEx-Produktivitätswerkzeuge -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Cisco WebEx-Produktivitätswerkzeuge - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
Tcpip\..\Interfaces\{AD715C07-FA95-41CD-8547-8CF7B99D600E}: [NameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\956apvdl.default
FF DefaultSearchEngine: Google
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF SelectedSearchEngine: Vosteran
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4278806244-3946690954-89611405-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Ute\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @citrixonline.com/appdetectorplugin -> C:\Users\Ute\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @citrixonline.com/appdetectorplugin -> C:\Users\Ute\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF user.js: detected! => C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\956apvdl.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Users\Ute\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [Not Found]
FF Extension: No Name - C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\956apvdl.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://spiele.rtl.de/cms/index.html"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-29]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2014-11-13]
CHR Extension: (Google Wallet) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-29]
CHR Profile: C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Profile 1

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Advantage; C:\ADVANTAGE\Server\ads.exe [3530752 2012-11-27] (iAnywhere Solutions, Inc.) [File not signed]
R2 de_serv; C:\Program Files (x86)\Common Files\AVM\de_serv.exe [206128 2007-10-25] (AVM Berlin)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
R2 TopDNS; C:\ProgramData\blue solution\Handwerk 5\TopAppService\TopDnsService.exe [2779648 2013-01-30] (blue:solution software GmbH) [File not signed]
R2 UltiDev Web Server Pro; C:\Program Files (x86)\UltiDev\Web Server\UltiDev.WebServer.Monitor.exe [64512 2012-09-29] (UltiDev LLC) [File not signed]
R2 UWS HiPriv Services; C:\Program Files (x86)\UltiDev\Web Server\UWS.HighPrivilegeUtilities.exe [48128 2012-09-29] (UltiDev LLC) [File not signed]
R2 UWS LoPriv Services; C:\Program Files (x86)\UltiDev\Web Server\UWS.LowPrivilegeUtilities.exe [44032 2012-09-29] (UltiDev LLC) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-11-14] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2014-11-14] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 51cdb72; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll",ENT
S2 CsrBtOBEX-Dienst; "C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AVMCOWAN; C:\Windows\system32\DRIVERS\AVMCOWAN.sys [79872 2010-11-28] (AVM GmbH)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Limited)
S3 CYUSB3; C:\Windows\System32\Drivers\CYUSB3.sys [62712 2014-03-21] (Cypress Semiconductor)
R3 FUS2BASE; C:\Windows\system32\DRIVERS\fus2base.sys [696832 2010-11-28] (AVM Berlin)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2014-04-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 csravrcp; \SystemRoot\System32\drivers\csravrcp.sys [X]
S3 CsrBtPort; \SystemRoot\system32\DRIVERS\CsrBtPort.sys [X]
S3 csrpan; \SystemRoot\system32\DRIVERS\csrpan.sys [X]
S3 csrserial; \SystemRoot\system32\DRIVERS\csrserial.sys [X]
S3 csrusb; \SystemRoot\System32\Drivers\csrusb.sys [X]
S3 csr_bthav; \SystemRoot\system32\drivers\csrbthav.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-30 15:31 - 2014-12-30 15:32 - 00028456 _____ () C:\Users\Ute\Desktop\FRST.txt
2014-12-30 15:31 - 2014-12-30 15:31 - 02123264 _____ (Farbar) C:\Users\Ute\Desktop\FRST64.exe
2014-12-30 15:31 - 2014-12-30 15:31 - 00005182 _____ () C:\_t-0002C.TPS
2014-12-30 13:05 - 2014-12-30 13:05 - 00004814 _____ () C:\Users\Ute\Desktop\30.12.2014 AdwCleaner[R2].txt
2014-12-30 13:03 - 2014-12-30 13:03 - 00003786 _____ () C:\Users\Ute\Desktop\30.12.2014 mwb.txt
2014-12-29 13:20 - 2014-12-29 13:20 - 02173952 _____ () C:\Users\Ute\Desktop\AdwCleaner_4.106.exe
2014-12-29 13:19 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-12-29 13:19 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2014-12-29 13:19 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-12-29 13:19 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2014-12-29 13:19 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-12-29 13:19 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-12-29 13:19 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-12-29 13:19 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-29 13:19 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-29 13:19 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-29 13:19 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-29 13:19 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-29 13:19 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-29 13:19 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-29 13:19 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-29 13:19 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-29 13:19 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-29 13:18 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-29 13:18 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-29 13:18 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-29 13:18 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-29 13:18 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-29 13:18 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-29 13:18 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-29 13:18 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-29 13:18 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-29 13:18 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-29 13:18 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-29 13:18 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-29 13:18 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-29 13:18 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-29 13:18 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-29 13:18 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-29 13:18 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-29 13:18 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-29 13:18 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-29 13:18 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-29 13:18 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-29 13:18 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-29 13:18 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-29 13:18 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-29 13:18 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-29 13:18 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-29 13:18 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-29 13:18 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-29 13:18 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-29 13:18 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-29 13:18 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-29 13:18 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-29 13:18 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-29 13:18 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-29 13:18 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-29 13:18 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-29 13:18 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-29 13:18 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-29 13:18 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-29 13:18 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-29 13:18 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-23 12:53 - 2014-12-30 13:04 - 00000000 ____D () C:\AdwCleaner
2014-12-22 13:32 - 2014-12-29 13:02 - 00000000 ____D () C:\Users\DefaultAppPool
2014-12-22 13:32 - 2014-12-22 13:32 - 00000000 _SHDL () C:\Users\DefaultAppPool\Vorlagen
2014-12-22 13:32 - 2014-12-22 13:32 - 00000000 _SHDL () C:\Users\DefaultAppPool\Startmenü
2014-12-22 13:32 - 2014-12-22 13:32 - 00000000 _SHDL () C:\Users\DefaultAppPool\Netzwerkumgebung
2014-12-22 13:32 - 2014-12-22 13:32 - 00000000 _SHDL () C:\Users\DefaultAppPool\Lokale Einstellungen
2014-12-22 13:32 - 2014-12-22 13:32 - 00000000 _SHDL () C:\Users\DefaultAppPool\Eigene Dateien
2014-12-22 13:32 - 2014-12-22 13:32 - 00000000 _SHDL () C:\Users\DefaultAppPool\Druckumgebung
2014-12-22 13:32 - 2014-12-22 13:32 - 00000000 _SHDL () C:\Users\DefaultAppPool\Documents\Eigene Musik
2014-12-22 13:32 - 2014-12-22 13:32 - 00000000 _SHDL () C:\Users\DefaultAppPool\Documents\Eigene Bilder
2014-12-22 13:32 - 2014-12-22 13:32 - 00000000 _SHDL () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-22 13:32 - 2014-12-22 13:32 - 00000000 _SHDL () C:\Users\DefaultAppPool\AppData\Local\Verlauf
2014-12-22 13:32 - 2014-12-22 13:32 - 00000000 _SHDL () C:\Users\DefaultAppPool\AppData\Local\Anwendungsdaten
2014-12-22 13:32 - 2014-12-22 13:32 - 00000000 _SHDL () C:\Users\DefaultAppPool\Anwendungsdaten
2014-12-22 13:32 - 2014-06-30 09:07 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Local\Microsoft Help
2014-12-22 13:32 - 2013-12-24 08:47 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Roaming\Macromedia
2014-12-19 16:44 - 2014-12-19 16:44 - 24835462 _____ () C:\Users\Ute\Desktop\5.bmp
2014-12-19 16:42 - 2014-12-19 16:42 - 24835462 _____ () C:\Users\Ute\Desktop\4.bmp
2014-12-19 16:41 - 2014-12-19 16:41 - 24835462 _____ () C:\Users\Ute\Desktop\3.bmp
2014-12-19 16:40 - 2014-12-19 16:40 - 24835462 _____ () C:\Users\Ute\Desktop\2.bmp
2014-12-19 16:39 - 2014-12-19 16:39 - 24835462 _____ () C:\Users\Ute\Desktop\1.bmp
2014-12-19 16:34 - 2014-12-19 16:34 - 24835462 _____ () C:\Users\Ute\Desktop\AOK 2014-351,50 Euro.bmp
2014-12-19 16:15 - 2014-12-19 16:15 - 00379239 ____T () C:\Users\Ute\Desktop\VB Hypothek 413 €uro - 2014.oxps
2014-12-19 16:13 - 2014-12-19 16:13 - 24835462 _____ () C:\Users\Ute\Desktop\BHW 77 €uro-2014.bmp
2014-12-19 16:12 - 2014-12-19 16:12 - 24835462 _____ () C:\Users\Ute\Desktop\BHW 218 Euro-2014.bmp
2014-12-19 15:13 - 2014-12-19 15:13 - 24835462 _____ () C:\Users\Ute\Desktop\Rente MP 2014.bmp
2014-12-19 15:07 - 2014-12-19 15:07 - 24835462 _____ () C:\Users\Ute\Desktop\Leben Risiko MP 2014.bmp
2014-12-19 15:05 - 2014-12-19 15:05 - 24835462 _____ () C:\Users\Ute\Desktop\Leben Risiko UP 2014.bmp
2014-12-19 15:01 - 2014-12-19 15:03 - 24835462 _____ () C:\Users\Ute\Desktop\Leben MP 2014.bmp
2014-12-19 15:01 - 2014-12-19 15:01 - 24835462 _____ () C:\Users\Ute\Desktop\Leben UP 2014.bmp
2014-12-19 14:58 - 2014-12-19 14:58 - 24835462 _____ () C:\Users\Ute\Desktop\Gebäude 2014.bmp
2014-12-19 14:56 - 2014-12-19 14:56 - 24835462 _____ () C:\Users\Ute\Desktop\Hausrat 2014.bmp
2014-12-19 14:41 - 2014-12-19 16:25 - 24835462 _____ () C:\Users\Ute\Desktop\Abgabenbescheid 2014.bmp
2014-12-19 14:35 - 2014-12-19 14:35 - 24835462 _____ () C:\Users\Ute\Desktop\Stadtwerke 2014.bmp
2014-12-19 14:23 - 2014-12-19 14:23 - 24835462 _____ () C:\Users\Ute\Desktop\BG Lohnnachweis 2014.bmp
2014-12-15 20:23 - 2014-12-15 20:23 - 00000000 ____D () C:\Users\Ute\Desktop\fritz
2014-12-13 18:03 - 2014-12-13 18:24 - 00000000 ____D () C:\Users\Ute\Desktop\Strabag
2014-12-10 17:39 - 2014-12-29 20:47 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2014-12-10 13:04 - 2014-12-19 17:14 - 00000000 ____D () C:\Users\Ute\Desktop\Bam 10.12.2014
2014-12-06 22:45 - 2014-12-06 23:03 - 00087432 _____ () C:\Users\Ute\Downloads\Briefpapier.zip
2014-12-05 15:24 - 2014-12-05 15:24 - 00000123 _____ () C:\Users\Ute\Desktop\Erfassung von Aufmaßen Vor-Ort mithilfe der App TopAufmaß.url
2014-12-05 12:27 - 2014-12-05 12:28 - 00022761 _____ () C:\Users\Ute\Desktop\Hoff u. Partner Hasehaus Einnerung.xlsx
2014-12-04 17:59 - 2014-12-04 17:59 - 00003342 _____ () C:\WINDOWS\System32\Tasks\{4DFDCA33-7855-42CE-A167-53B2FA91D197}
2014-12-02 15:11 - 2014-12-03 10:04 - 00000000 ____D () C:\Users\Ute\Tracing
2014-12-02 15:01 - 2014-12-02 15:01 - 00000000 ____D () C:\Users\Ute\AppData\Local\UltiDev_LLC
2014-12-02 15:01 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2014-12-02 15:01 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2014-12-02 15:01 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2014-12-02 15:01 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2014-12-02 15:01 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2014-12-02 15:01 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2014-12-02 15:01 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2014-12-02 15:01 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2014-12-02 15:01 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2014-12-02 15:01 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2014-12-02 15:01 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2014-12-02 15:01 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2014-12-02 15:00 - 2014-12-02 15:00 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-12-02 14:19 - 2014-12-02 14:19 - 00001024 _____ () C:\.rnd
2014-12-02 14:19 - 2014-12-02 14:19 - 00000000 ____D () C:\ProgramData\Caphyon
2014-12-02 14:19 - 2014-12-02 14:19 - 00000000 ____D () C:\Program Files\UltiDev
2014-12-02 14:18 - 2014-12-02 14:18 - 00002218 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\UltiDev Web App Explorer.lnk
2014-12-02 14:18 - 2014-12-02 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltiDev
2014-12-02 14:17 - 2014-12-02 14:19 - 00000000 ____D () C:\ProgramData\UltiDev
2014-12-02 14:17 - 2014-12-02 14:17 - 00026508 _____ () C:\WINDOWS\unins000.dat
2014-12-02 14:17 - 2014-12-02 14:17 - 00000000 ____D () C:\Program Files (x86)\UltiDev
2014-12-02 14:17 - 2014-12-02 14:16 - 01083233 _____ () C:\WINDOWS\unins000.exe
2014-12-02 14:07 - 2014-12-02 14:07 - 03999272 _____ (TeamViewer) C:\Users\Ute\Desktop\bss_support.exe
2014-12-01 21:06 - 2014-12-01 21:18 - 00000000 ____D () C:\Program Files\PDFCreator
2014-12-01 21:06 - 2014-12-01 21:06 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2014-12-01 21:05 - 2014-12-01 21:05 - 00000000 ____D () C:\Program Files (x86)\PDF Creator

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-30 15:31 - 2014-09-07 17:19 - 00000000 ____D () C:\FRST
2014-12-30 15:31 - 2014-06-23 11:52 - 00094683 _____ () C:\ads_err.adt
2014-12-30 15:26 - 2014-10-29 12:15 - 00001144 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-30 15:24 - 2014-04-07 08:14 - 01253455 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-30 14:36 - 2014-10-10 11:05 - 00000576 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4278806244-3946690954-89611405-1001.job
2014-12-30 14:35 - 2013-12-16 20:08 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4278806244-3946690954-89611405-1001
2014-12-30 14:29 - 2014-10-29 12:16 - 00002206 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-30 14:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-30 13:43 - 2014-06-23 11:52 - 00004608 _____ () C:\ads_err.adi
2014-12-30 13:30 - 2014-10-26 22:14 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-30 12:58 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-30 12:47 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-30 12:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-30 12:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-30 09:47 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-30 09:23 - 2014-09-24 16:48 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7191AC2D-2327-4099-A4A5-525ACFAC0F38}
2014-12-30 09:20 - 2014-10-29 12:15 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-29 22:44 - 2013-12-18 18:39 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\ClassicShell
2014-12-29 21:16 - 2013-11-14 08:27 - 01860582 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-29 21:16 - 2013-11-14 08:11 - 00799978 _____ () C:\WINDOWS\system32\perfh007.dat
2014-12-29 21:16 - 2013-11-14 08:11 - 00168714 _____ () C:\WINDOWS\system32\perfc007.dat
2014-12-29 21:08 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-29 21:08 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-29 20:49 - 2014-04-10 07:11 - 00926278 _____ () C:\WINDOWS\PFRO.log
2014-12-29 20:47 - 2014-07-09 18:21 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-12-29 20:47 - 2013-12-18 14:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-29 20:47 - 2013-12-17 03:17 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-29 20:47 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-29 20:45 - 2013-12-17 03:17 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-29 20:41 - 2013-12-20 14:56 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\TeamViewer
2014-12-29 19:54 - 2014-01-09 18:02 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\webex
2014-12-29 15:21 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Branding
2014-12-29 13:04 - 2014-10-26 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-29 13:04 - 2014-10-26 22:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-29 13:04 - 2013-12-24 08:44 - 00000000 ____D () C:\Users\Ute
2014-12-29 13:03 - 2014-02-26 15:44 - 00000000 ____D () C:\Users\admin2
2014-12-29 13:03 - 2014-02-26 15:28 - 00000000 ____D () C:\Users\admin
2014-12-29 13:03 - 2014-02-26 15:25 - 00000000 ____D () C:\Users\Administrator
2014-12-29 13:03 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-12-29 13:02 - 2014-11-14 14:40 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS
2014-12-29 13:02 - 2014-10-29 12:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-29 13:02 - 2014-06-23 11:48 - 00000000 ____D () C:\ADVANTAGE
2014-12-29 13:02 - 2013-12-18 18:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-29 13:02 - 2013-12-18 18:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-29 13:02 - 2013-12-18 14:31 - 00000000 ____D () C:\Users\Ute\AppData\Local\Microsoft Help
2014-12-29 13:02 - 2013-10-18 11:12 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Macromed
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\zh-HK
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\uk-UA
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\tr-TR
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\th-TH
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sl-SI
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sk-SK
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\ro-RO
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\Macromed
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\lv-LV
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\lt-LT
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\hr-HR
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\he-IL
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\et-EE
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\bg-BG
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\ar-SA
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-12-29 13:02 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-12-29 13:02 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\servicing
2014-12-29 12:47 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\registration
2014-12-29 12:44 - 2013-12-16 21:30 - 00000000 ____D () C:\Users\Ute\AppData\Local\Google
2014-12-29 07:01 - 2014-07-05 22:41 - 00000000 ____D () C:\Users\Ute\AppData\Local\CrashDumps
2014-12-23 11:04 - 2013-12-24 08:39 - 00000000 ___DC () C:\WINDOWS\Panther
2014-12-22 07:21 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-12-20 06:35 - 2013-12-24 10:15 - 06955520 ___SH () C:\Users\Ute\Desktop\Thumbs.db
2014-12-18 19:55 - 2014-06-23 11:52 - 00008204 _____ () C:\ads_err.adm
2014-12-18 13:43 - 2013-12-16 18:35 - 00000000 ____D () C:\Users\Ute\AppData\Local\FRITZ!
2014-12-11 19:54 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-12-09 21:03 - 2013-12-18 13:52 - 00000000 ____D () C:\Users\Ute\Desktop\BAM
2014-12-09 07:34 - 2013-12-18 13:52 - 00000000 ___RD () C:\Users\Ute\Desktop\Stundenzettel
2014-12-06 22:46 - 2014-01-02 15:11 - 00130080 _____ () C:\Users\Ute\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-05 12:38 - 2014-03-25 18:38 - 00000000 ___RD () C:\Users\Ute\Desktop\Bendik
2014-12-05 12:01 - 2013-12-18 13:52 - 00000000 ____D () C:\Users\Ute\Desktop\PK
2014-12-04 14:41 - 2014-06-29 11:55 - 00000000 ____D () C:\Users\Ute\AppData\Local\Windows Live
2014-12-03 10:01 - 2014-04-30 07:16 - 00010968 _____ () C:\WINDOWS\setupact.log
2014-12-03 09:03 - 2014-02-04 21:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-12-02 15:01 - 2014-06-29 11:57 - 00000537 _____ () C:\WINDOWS\DirectX.log
2014-12-02 14:13 - 2014-11-14 14:26 - 00000000 ____D () C:\Program Files (x86)\IIS Express

Files to move or delete:
====================
C:\ProgramData\Lenovo-25838.vbs


Some content of TEMP:
====================
C:\Users\Ute\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpufykqy.dll
C:\Users\Ute\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpv3bpfn.dll
C:\Users\Ute\AppData\Local\Temp\optprosetup.exe
C:\Users\Ute\AppData\Local\Temp\Quarantine.exe
C:\Users\Ute\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-28 21:42

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Hi Schrauber,
hab ich was falsch gemacht?
__________________

Alt 31.12.2014, 17:15   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Optimizer Pro - Standard

Optimizer Pro



Zitat:
hab ich was falsch gemacht?
Nö. Es gibt nur mehr User hier als nur Dich, deswegen dauert das halt etwas


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Task: {3091D35C-7453-498F-BD0B-015E9E50D999} - \Update Service YourFileDownloader No Task File <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {6BDE05EA-7188-462D-9130-B5DF3489588D} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_14_49_ch&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0A0EyD0DyD0EyEzy0AyBzztN0D0Tzu0StCtDyCyDtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StDyCzy0CtDyEtA0FtGyC0AyBzytGyC0EyDyEtGtC0DyB0FtGtDyEzzzzzz0Czz0D0AyBtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0D0A0E0EtByE0FtGzz0BtCtCtGyEzz0CtBtG0A0F0C0AtGtBtC0Bzy0AyDzz0B0C0ByDtA2Q&cr=587638339&ir=
SearchScopes: HKLM -> {6BDE05EA-7188-462D-9130-B5DF3489588D} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_14_49_ch&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0A0EyD0DyD0EyEzy0AyBzztN0D0Tzu0StCtDyCyDtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StDyCzy0CtDyEtA0FtGyC0AyBzytGyC0EyDyEtGtC0DyB0FtGtDyEzzzzzz0Czz0D0AyBtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0D0A0E0EtByE0FtGzz0BtCtCtGyEzz0CtBtG0A0F0C0AtGtBtC0Bzy0AyDzz0B0C0ByDtA2Q&cr=587638339&ir=
SearchScopes: HKU\S-1-5-21-4278806244-3946690954-89611405-1001 -> DefaultScope {6BDE05EA-7188-462D-9130-B5DF3489588D} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_14_49_ch&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0A0EyD0DyD0EyEzy0AyBzztN0D0Tzu0StCtDyCyDtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StDyCzy0CtDyEtA0FtGyC0AyBzytGyC0EyDyEtGtC0DyB0FtGtDyEzzzzzz0Czz0D0AyBtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0D0A0E0EtByE0FtGzz0BtCtCtGyEzz0CtBtG0A0F0C0AtGtBtC0Bzy0AyDzz0B0C0ByDtA2Q&cr=587638339&ir=
SearchScopes: HKU\S-1-5-21-4278806244-3946690954-89611405-1001 -> {6BDE05EA-7188-462D-9130-B5DF3489588D} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_14_49_ch&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0A0EyD0DyD0EyEzy0AyBzztN0D0Tzu0StCtDyCyDtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StDyCzy0CtDyEtA0FtGyC0AyBzytGyC0EyDyEtGtC0DyB0FtGtDyEzzzzzz0Czz0D0AyBtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0D0A0E0EtByE0FtGzz0BtCtCtGyEzz0CtBtG0A0F0C0AtGtBtC0Bzy0AyDzz0B0C0ByDtA2Q&cr=587638339&ir=
SearchScopes: HKU\S-1-5-21-4278806244-3946690954-89611405-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {6BDE05EA-7188-462D-9130-B5DF3489588D} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_14_49_ch&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0A0EyD0DyD0EyEzy0AyBzztN0D0Tzu0StCtDyCyDtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StDyCzy0CtDyEtA0FtGyC0AyBzytGyC0EyDyEtGtC0DyB0FtGtDyEzzzzzz0Czz0D0AyBtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0D0A0E0EtByE0FtGzz0BtCtCtGyEzz0CtBtG0A0F0C0AtGtBtC0Bzy0AyDzz0B0C0ByDtA2Q&cr=587638339&ir=
SearchScopes: HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6BDE05EA-7188-462D-9130-B5DF3489588D} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_14_49_ch&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0A0EyD0DyD0EyEzy0AyBzztN0D0Tzu0StCtDyCyDtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StDyCzy0CtDyEtA0FtGyC0AyBzytGyC0EyDyEtGtC0DyB0FtGtDyEzzzzzz0Czz0D0AyBtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0D0A0E0EtByE0FtGzz0BtCtCtGyEzz0CtBtG0A0F0C0AtGtBtC0Bzy0AyDzz0B0C0ByDtA2Q&cr=587638339&ir=
SearchScopes: HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {6BDE05EA-7188-462D-9130-B5DF3489588D} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_14_49_ch&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0A0EyD0DyD0EyEzy0AyBzztN0D0Tzu0StCtDyCyDtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StDyCzy0CtDyEtA0FtGyC0AyBzytGyC0EyDyEtGtC0DyB0FtGtDyEzzzzzz0Czz0D0AyBtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0D0A0E0EtByE0FtGzz0BtCtCtGyEzz0CtBtG0A0F0C0AtGtBtC0Bzy0AyDzz0B0C0ByDtA2Q&cr=587638339&ir=
SearchScopes: HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {6BDE05EA-7188-462D-9130-B5DF3489588D} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_14_49_ch&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0A0EyD0DyD0EyEzy0AyBzztN0D0Tzu0StCtDyCyDtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StDyCzy0CtDyEtA0FtGyC0AyBzytGyC0EyDyEtGtC0DyB0FtGtDyEzzzzzz0Czz0D0AyBtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0D0A0E0EtByE0FtGzz0BtCtCtGyEzz0CtBtG0A0F0C0AtGtBtC0Bzy0AyDzz0B0C0ByDtA2Q&cr=587638339&ir=
SearchScopes: HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF SelectedSearchEngine: Vosteran
FF user.js: detected! => C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\956apvdl.default\user.js
FF Extension: No Name - C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\956apvdl.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
S2 51cdb72; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll",ENT
c:\Program Files (x86)\Optimizer Pro 3.11
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 31.12.2014, 20:14   #5
Snoosel
 
Optimizer Pro - Standard

Optimizer Pro



Sorry, sollte nicht ungeduldig klingen.
der Trojaner wird mich heute und morgen nicht töten glaube ich. Wir können auch übermorgen weitermachen.
Hier schonmal die Daten

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by Ute at 2014-12-31 18:35:35 Run:2
Running from C:\Users\Ute\Desktop
Loaded Profiles: Ute &  (Available profiles: Ute & admin & admin2 & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {3091D35C-7453-498F-BD0B-015E9E50D999} - \Update Service YourFileDownloader No Task File <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {6BDE05EA-7188-462D-9130-B5DF3489588D} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_14_49_ch&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0A0EyD0DyD0EyEzy0AyBzztN0D0Tzu0StCtDyCyDtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StDyCzy0CtDyEtA0FtGyC0AyBzytGyC0EyDyEtGtC0DyB0FtGtDyEzzzzzz0Czz0D0AyBtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0D0A0E0EtByE0FtGzz0BtCtCtGyEzz0CtBtG0A0F0C0AtGtBtC0Bzy0AyDzz0B0C0ByDtA2Q&cr=587638339&ir=
SearchScopes: HKLM -> {6BDE05EA-7188-462D-9130-B5DF3489588D} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_14_49_ch&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0A0EyD0DyD0EyEzy0AyBzztN0D0Tzu0StCtDyCyDtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StDyCzy0CtDyEtA0FtGyC0AyBzytGyC0EyDyEtGtC0DyB0FtGtDyEzzzzzz0Czz0D0AyBtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0D0A0E0EtByE0FtGzz0BtCtCtGyEzz0CtBtG0A0F0C0AtGtBtC0Bzy0AyDzz0B0C0ByDtA2Q&cr=587638339&ir=
SearchScopes: HKU\S-1-5-21-4278806244-3946690954-89611405-1001 -> DefaultScope {6BDE05EA-7188-462D-9130-B5DF3489588D} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_14_49_ch&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0A0EyD0DyD0EyEzy0AyBzztN0D0Tzu0StCtDyCyDtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StDyCzy0CtDyEtA0FtGyC0AyBzytGyC0EyDyEtGtC0DyB0FtGtDyEzzzzzz0Czz0D0AyBtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0D0A0E0EtByE0FtGzz0BtCtCtGyEzz0CtBtG0A0F0C0AtGtBtC0Bzy0AyDzz0B0C0ByDtA2Q&cr=587638339&ir=
SearchScopes: HKU\S-1-5-21-4278806244-3946690954-89611405-1001 -> {6BDE05EA-7188-462D-9130-B5DF3489588D} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_14_49_ch&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0A0EyD0DyD0EyEzy0AyBzztN0D0Tzu0StCtDyCyDtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StDyCzy0CtDyEtA0FtGyC0AyBzytGyC0EyDyEtGtC0DyB0FtGtDyEzzzzzz0Czz0D0AyBtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0D0A0E0EtByE0FtGzz0BtCtCtGyEzz0CtBtG0A0F0C0AtGtBtC0Bzy0AyDzz0B0C0ByDtA2Q&cr=587638339&ir=
SearchScopes: HKU\S-1-5-21-4278806244-3946690954-89611405-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {6BDE05EA-7188-462D-9130-B5DF3489588D} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_14_49_ch&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0A0EyD0DyD0EyEzy0AyBzztN0D0Tzu0StCtDyCyDtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StDyCzy0CtDyEtA0FtGyC0AyBzytGyC0EyDyEtGtC0DyB0FtGtDyEzzzzzz0Czz0D0AyBtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0D0A0E0EtByE0FtGzz0BtCtCtGyEzz0CtBtG0A0F0C0AtGtBtC0Bzy0AyDzz0B0C0ByDtA2Q&cr=587638339&ir=
SearchScopes: HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6BDE05EA-7188-462D-9130-B5DF3489588D} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_14_49_ch&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0A0EyD0DyD0EyEzy0AyBzztN0D0Tzu0StCtDyCyDtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StDyCzy0CtDyEtA0FtGyC0AyBzytGyC0EyDyEtGtC0DyB0FtGtDyEzzzzzz0Czz0D0AyBtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0D0A0E0EtByE0FtGzz0BtCtCtGyEzz0CtBtG0A0F0C0AtGtBtC0Bzy0AyDzz0B0C0ByDtA2Q&cr=587638339&ir=
SearchScopes: HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {6BDE05EA-7188-462D-9130-B5DF3489588D} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_14_49_ch&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0A0EyD0DyD0EyEzy0AyBzztN0D0Tzu0StCtDyCyDtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StDyCzy0CtDyEtA0FtGyC0AyBzytGyC0EyDyEtGtC0DyB0FtGtDyEzzzzzz0Czz0D0AyBtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0D0A0E0EtByE0FtGzz0BtCtCtGyEzz0CtBtG0A0F0C0AtGtBtC0Bzy0AyDzz0B0C0ByDtA2Q&cr=587638339&ir=
SearchScopes: HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {6BDE05EA-7188-462D-9130-B5DF3489588D} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_14_49_ch&cd=2XzuyEtN2Y1L1QzuyByEtByB0E0A0EyD0DyD0EyEzy0AyBzztN0D0Tzu0StCtDyCyDtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StDyCzy0CtDyEtA0FtGyC0AyBzytGyC0EyDyEtGtC0DyB0FtGtDyEzzzzzz0Czz0D0AyBtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0D0A0E0EtByE0FtGzz0BtCtCtGyEzz0CtBtG0A0F0C0AtGtBtC0Bzy0AyDzz0B0C0ByDtA2Q&cr=587638339&ir=
SearchScopes: HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF SelectedSearchEngine: Vosteran
FF user.js: detected! => C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\956apvdl.default\user.js
FF Extension: No Name - C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\956apvdl.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
S2 51cdb72; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll",ENT
c:\Program Files (x86)\Optimizer Pro 3.11
Emptytemp:
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3091D35C-7453-498F-BD0B-015E9E50D999}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3091D35C-7453-498F-BD0B-015E9E50D999}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update Service YourFileDownloader" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6BDE05EA-7188-462D-9130-B5DF3489588D} => Key not found. 
HKCR\CLSID\{6BDE05EA-7188-462D-9130-B5DF3489588D} => Key not found. 
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6BDE05EA-7188-462D-9130-B5DF3489588D} => Key not found. 
HKCR\CLSID\{6BDE05EA-7188-462D-9130-B5DF3489588D} => Key not found. 
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found. 
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found. 
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6BDE05EA-7188-462D-9130-B5DF3489588D} => Key not found. 
HKCR\CLSID\{6BDE05EA-7188-462D-9130-B5DF3489588D} => Key not found. 
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found. 
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found. 
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6BDE05EA-7188-462D-9130-B5DF3489588D} => Key not found. 
HKCR\CLSID\{6BDE05EA-7188-462D-9130-B5DF3489588D} => Key not found. 
HKU\S-1-5-21-4278806244-3946690954-89611405-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found. 
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found. 
Firefox Keyword.URL deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\956apvdl.default\user.js not found.
C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\956apvdl.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} not found.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
Chrome DefaultSuggestURL not detected.
51cdb72 => Service not found.
"c:\Program Files (x86)\Optimizer Pro 3.11" => File/Directory not found.
EmptyTemp: => Removed 10.4 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 18:35:38 ====
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=cdc1b37cb71ccc4d9b6e668f82e2d66a
# engine=21773
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-31 07:36:43
# local_time=2014-12-31 08:36:43 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 44311 10358922 0 0
# scanned=313607
# found=8
# cleaned=0
# scan_time=6815
sh=98DE2AA40D75CB4FEF8737DC30B1EA95C2B767C3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbllbcbdnfpemakidmbnadpfdfphnlip\198\HML5N5.js.vir"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbllbcbdnfpemakidmbnadpfdfphnlip\198\lsdb.js.vir"
sh=98DE2AA40D75CB4FEF8737DC30B1EA95C2B767C3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbllbcbdnfpemakidmbnadpfdfphnlip\198\HML5N5.js.vir"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbllbcbdnfpemakidmbnadpfdfphnlip\198\lsdb.js.vir"
sh=98DE2AA40D75CB4FEF8737DC30B1EA95C2B767C3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbllbcbdnfpemakidmbnadpfdfphnlip\198\HML5N5.js.vir"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbllbcbdnfpemakidmbnadpfdfphnlip\198\lsdb.js.vir"
sh=57084642139D7158610331746DD62A6A8B3708D7 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\956apvdl.default\Extensions\tm4IzK@S.org\content\bg.js.vir"
sh=D957B0EC634B5C52AA2B8934223A6248D5152807 ft=1 fh=4c2491a4bea30714 vn="Variante von Win32/InstallCore.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\PDF Creator\message.exe"
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.93  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 2.0.3.1025  
 Java 7 Update 67  
 Java version 32-bit out of Date! 
 Adobe Reader XI  
 Mozilla Firefox 31.0 Firefox out of Date!  
 Mozilla Thunderbird (31.3.0) 
 Google Chrome (39.0.2171.71) 
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
Keine Ahnung was das ist,

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by Ute at 2014-12-31 21:08:32
Running from C:\Users\Ute\Desktop\troj
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.34 (HKLM-x32\...\{23170F69-40C1-2701-0934-000001000000}) (Version: 9.34.00.0 - Igor Pavlov)
7-Zip 9.34 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0934-000001000000}) (Version: 9.34.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Advantage Database Server for Windows v11.10 (HKLM-x32\...\{8F7F5EAD-7785-4246-83F0-C6A9204AF971}) (Version: 11.10.0001 - Sybase, Inc.)
Amazon Cloud Player (HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\Amazon Amazon Cloud Player) (Version: 2.4.0.33 - Amazon Services LLC)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 3.0.0 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 3.0.0 - Amazon Services LLC) Hidden
AVM FRITZ! (HKLM-x32\...\FRITZ! 2.0) (Version:  - AVM Berlin)
AVM ISDN CAPI Port (HKLM-x32\...\AVM ISDN CAPI Port) (Version:  - )
BUHL-Lizenzmanagement-Software (x32 Version: 1.01.0000 - Buhl Data Service GmbH) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Cisco WebEx-Produktivitätswerkzeuge (HKLM-x32\...\{EC4A8038-085D-4FB7-BF70-338296E33FE5}) (Version: 11.1.30800 - Cisco WebEx LLC)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0911 - Lenovo)
Dropbox (HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Fotostory 3 für Windows (HKLM-x32\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.15 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 7.0.5.2130 (HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\GoToMeeting) (Version: 7.0.5.2130 - CitrixOnline)
IIS 7.5 Express (HKLM-x32\...\{433E2032-D3E0-46FF-BAA4-0976F333C1E4}) (Version: 7.5.1070 - Microsoft Corporation)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
PDF24 Creator 6.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6743 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Snagit 11 (HKLM-x32\...\{A7E2223E-4AE4-45C8-9B6C-1C893EDF11BD}) (Version: 11.4.0 - TechSmith Corporation)
TopApps Service (HKLM-x32\...\{B2BB7D05-F646-41C7-9CE4-CE77469C0899}_is1) (Version: 2.5.1 - )
TopKontor Handwerk Version 5 (HKLM-x32\...\{640A92A1-9B8B-4C80-B412-9595460EBC53}_is1) (Version: 5 - )
UltiDev Web Server Pro (x32 Version: 2.0.18 - UltiDev LLC) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VR-NetWorld (HKLM-x32\...\{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4278806244-3946690954-89611405-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ute\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4278806244-3946690954-89611405-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4278806244-3946690954-89611405-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Ute\AppData\Local\Citrix\GoToMeeting\1259\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-4278806244-3946690954-89611405-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ute\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4278806244-3946690954-89611405-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ute\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4278806244-3946690954-89611405-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ute\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4278806244-3946690954-89611405-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ute\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4278806244-3946690954-89611405-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ute\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4278806244-3946690954-89611405-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ute\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4278806244-3946690954-89611405-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ute\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4278806244-3946690954-89611405-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ute\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

16-12-2014 07:38:47 Windows Modules Installer
24-12-2014 11:29:49 Geplanter Prüfpunkt
29-12-2014 12:39:30 Wiederherstellungsvorgang

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {10C464AB-F818-496E-9743-F105C3A2E2C0} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe
Task: {28CD7355-CB57-4CC9-BDA7-6351E804957A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {2EC50909-A5B8-4061-900F-7FBAF516F26A} - System32\Tasks\Lenovo\Lenovo-25838 => C:\ProgramData\Lenovo-25838.vbs [2013-10-18] ()
Task: {3864244B-592B-4F61-8F7E-F61734C03B58} - System32\Tasks\G2MUpdateTask-S-1-5-21-4278806244-3946690954-89611405-1001 => C:\Users\Ute\AppData\Local\Citrix\GoToMeeting\2130\g2mupdate.exe [2014-12-31] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {4927924C-A5E3-47FF-B9E9-B80557B576DE} - System32\Tasks\{4DFDCA33-7855-42CE-A167-53B2FA91D197} => pcalua.exe -a "C:\Users\Ute\AppData\Roaming\1H1Q1V1N1N1O1R\PDF Creator Packages\uninstaller.exe" -c /Uninstall /NM="PDF Creator Packages" /AN="1H1Q1V1N1N1O1R" /MBN="PDF Creator Packages"
Task: {51A427BB-2B0C-4F4B-B3BE-A9A2FAD1E4DF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {57799BD6-455E-4C11-B681-1B5A10F1C796} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2013-10-04] (TechSmith Corporation)
Task: {76F82560-6DA7-4132-8EEA-034B4CEF1C14} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: {7E83B592-067F-4486-9D07-E9250B9FCC71} - System32\Tasks\{8DC9A3B1-9955-4D2E-8E23-E1AD9817AA96} => pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe"
Task: {8D39BC23-CB47-408E-BE53-D89D35E46A7B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: {976D87FC-8514-464C-BD25-378970532BD8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-29] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4278806244-3946690954-89611405-1001.job => C:\Users\Ute\AppData\Local\Citrix\GoToMeeting\2130\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-12-20 13:57 - 2006-02-23 11:35 - 00020480 _____ () C:\WINDOWS\System32\FritzColorPort64.dll
2013-12-20 13:57 - 2006-02-22 10:39 - 00020480 _____ () C:\WINDOWS\System32\FritzPort64.dll
2013-10-18 10:59 - 2011-08-16 19:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2013-10-18 11:15 - 2013-05-14 19:53 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-12-02 14:20 - 2014-12-02 14:20 - 00010752 _____ () C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\root\07504d0b\fa6973ba\App_Web_0cazmffj.dll
2014-12-02 14:20 - 2014-12-02 14:20 - 00049152 _____ () C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\root\07504d0b\fa6973ba\App_Web_csh4c4a6.dll
2014-12-30 14:29 - 2014-12-06 02:16 - 01408328 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-30 14:29 - 2014-12-06 02:16 - 00204616 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-30 14:29 - 2014-12-06 02:17 - 10689352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-30 14:29 - 2014-12-06 02:16 - 01856840 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-30 14:29 - 2014-12-06 02:17 - 26725192 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
2013-12-16 19:57 - 2013-01-23 08:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Ute\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Ute\Desktop\Fwd  Daten zur Einrichtung.eml:OECustomProperty
AlternateDataStreams: C:\Users\Ute\Desktop\Ihr Gutschein für druckerzubehoer.de.eml:OECustomProperty
AlternateDataStreams: C:\Users\Ute\Desktop\Ihr Jochen Schweizer Beleg.eml:OECustomProperty
AlternateDataStreams: C:\Users\Ute\Desktop\[Ticket#10297215] Ihre Buchung bei Jochen Schweizer Erlebnisse.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "ISDNWatch.lnk"
HKLM\...\StartupApproved\StartupFolder: => "VR-NetWorld Auftragsprüfung.lnk"
HKLM\...\StartupApproved\Run: => "vksts"
HKLM\...\StartupApproved\Run: => "TrayApplication"
HKLM\...\StartupApproved\Run: => "CsrAudioguiCtrl"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "LVT"
HKLM\...\StartupApproved\Run32: => "mcpltui_exe"
HKLM\...\StartupApproved\Run32: => "mcui_exe"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "ControlCenter3"
HKLM\...\StartupApproved\Run32: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "BrMfcWnd"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "PPort11reminder"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "PSUAMain"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\StartupApproved\Run: => "RESTART_STICKY_NOTES"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\StartupApproved\Run: => "Amazon Cloud Player"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\StartupApproved\Run: => "PTOneClick"

========================= Accounts: ==========================

admin (S-1-5-21-4278806244-3946690954-89611405-1005 - Administrator - Enabled) => C:\Users\admin
admin2 (S-1-5-21-4278806244-3946690954-89611405-1006 - Limited - Enabled) => C:\Users\admin2
Administrator (S-1-5-21-4278806244-3946690954-89611405-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-4278806244-3946690954-89611405-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-4278806244-3946690954-89611405-1004 - Limited - Enabled)
Ute (S-1-5-21-4278806244-3946690954-89611405-1001 - Administrator - Enabled) => C:\Users\Ute

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/31/2014 09:07:49 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/31/2014 09:06:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/31/2014 09:03:12 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/31/2014 06:46:48 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/31/2014 06:41:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/31/2014 06:41:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/31/2014 06:40:45 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/30/2014 06:34:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.1.711, Zeitstempel: 0x542b53ec
Name des fehlerhaften Moduls: mbamcore.dll, Version: 1.1.20.0, Zeitstempel: 0x5425b0dd
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000023d4
ID des fehlerhaften Prozesses: 0x10a0
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Vollständiger Name des fehlerhaften Pakets: mbam.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbam.exe5

Error: (12/30/2014 06:18:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm mbam.exe, Version 1.0.1.711 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 18dc

Startzeit: 01d024096a810c25

Endzeit: 45

Anwendungspfad: C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe

Berichts-ID: df1a6034-9047-11e4-bf18-7427eae5d5e4

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/30/2014 00:55:05 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.


System errors:
=============
Error: (12/31/2014 06:37:30 PM) (Source: DCOM) (EventID: 10016) (User: Fugentechnik)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FugentechnikUteS-1-5-21-4278806244-3946690954-89611405-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/31/2014 06:37:30 PM) (Source: DCOM) (EventID: 10016) (User: Fugentechnik)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FugentechnikUteS-1-5-21-4278806244-3946690954-89611405-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/31/2014 06:37:30 PM) (Source: DCOM) (EventID: 10016) (User: Fugentechnik)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FugentechnikUteS-1-5-21-4278806244-3946690954-89611405-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/31/2014 06:37:30 PM) (Source: DCOM) (EventID: 10016) (User: Fugentechnik)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FugentechnikUteS-1-5-21-4278806244-3946690954-89611405-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/31/2014 06:37:30 PM) (Source: DCOM) (EventID: 10016) (User: Fugentechnik)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FugentechnikUteS-1-5-21-4278806244-3946690954-89611405-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/31/2014 06:37:30 PM) (Source: DCOM) (EventID: 10016) (User: Fugentechnik)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FugentechnikUteS-1-5-21-4278806244-3946690954-89611405-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/31/2014 06:37:30 PM) (Source: DCOM) (EventID: 10016) (User: Fugentechnik)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FugentechnikUteS-1-5-21-4278806244-3946690954-89611405-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/31/2014 06:36:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CSR OBEX-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (12/31/2014 06:27:58 PM) (Source: DCOM) (EventID: 10016) (User: Fugentechnik)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FugentechnikUteS-1-5-21-4278806244-3946690954-89611405-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/31/2014 06:27:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CSR OBEX-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-12-31 08:57:23.315
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-31 08:57:23.211
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-31 08:57:23.091
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-31 08:57:20.137
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-31 08:57:20.040
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-31 08:57:19.756
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-31 08:57:19.377
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-30 23:55:11.722
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-30 23:55:11.566
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-30 23:55:11.402
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 49%
Total physical RAM: 4010.35 MB
Available physical RAM: 2038.05 MB
Total Pagefile: 5290.35 MB
Available Pagefile: 2754.42 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:439.16 GB) (Free:373.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: A5C61E19)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by Ute at 2014-12-31 21:08:32
Running from C:\Users\Ute\Desktop\troj
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.34 (HKLM-x32\...\{23170F69-40C1-2701-0934-000001000000}) (Version: 9.34.00.0 - Igor Pavlov)
7-Zip 9.34 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0934-000001000000}) (Version: 9.34.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Advantage Database Server for Windows v11.10 (HKLM-x32\...\{8F7F5EAD-7785-4246-83F0-C6A9204AF971}) (Version: 11.10.0001 - Sybase, Inc.)
Amazon Cloud Player (HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\Amazon Amazon Cloud Player) (Version: 2.4.0.33 - Amazon Services LLC)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 3.0.0 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 3.0.0 - Amazon Services LLC) Hidden
AVM FRITZ! (HKLM-x32\...\FRITZ! 2.0) (Version:  - AVM Berlin)
AVM ISDN CAPI Port (HKLM-x32\...\AVM ISDN CAPI Port) (Version:  - )
BUHL-Lizenzmanagement-Software (x32 Version: 1.01.0000 - Buhl Data Service GmbH) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Cisco WebEx-Produktivitätswerkzeuge (HKLM-x32\...\{EC4A8038-085D-4FB7-BF70-338296E33FE5}) (Version: 11.1.30800 - Cisco WebEx LLC)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0911 - Lenovo)
Dropbox (HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Fotostory 3 für Windows (HKLM-x32\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.15 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 7.0.5.2130 (HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\GoToMeeting) (Version: 7.0.5.2130 - CitrixOnline)
IIS 7.5 Express (HKLM-x32\...\{433E2032-D3E0-46FF-BAA4-0976F333C1E4}) (Version: 7.5.1070 - Microsoft Corporation)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
PDF24 Creator 6.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6743 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Snagit 11 (HKLM-x32\...\{A7E2223E-4AE4-45C8-9B6C-1C893EDF11BD}) (Version: 11.4.0 - TechSmith Corporation)
TopApps Service (HKLM-x32\...\{B2BB7D05-F646-41C7-9CE4-CE77469C0899}_is1) (Version: 2.5.1 - )
TopKontor Handwerk Version 5 (HKLM-x32\...\{640A92A1-9B8B-4C80-B412-9595460EBC53}_is1) (Version: 5 - )
UltiDev Web Server Pro (x32 Version: 2.0.18 - UltiDev LLC) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VR-NetWorld (HKLM-x32\...\{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4278806244-3946690954-89611405-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ute\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4278806244-3946690954-89611405-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4278806244-3946690954-89611405-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Ute\AppData\Local\Citrix\GoToMeeting\1259\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-4278806244-3946690954-89611405-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ute\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4278806244-3946690954-89611405-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ute\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4278806244-3946690954-89611405-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ute\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4278806244-3946690954-89611405-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ute\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4278806244-3946690954-89611405-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ute\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4278806244-3946690954-89611405-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ute\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4278806244-3946690954-89611405-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ute\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4278806244-3946690954-89611405-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ute\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

16-12-2014 07:38:47 Windows Modules Installer
24-12-2014 11:29:49 Geplanter Prüfpunkt
29-12-2014 12:39:30 Wiederherstellungsvorgang

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {10C464AB-F818-496E-9743-F105C3A2E2C0} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe
Task: {28CD7355-CB57-4CC9-BDA7-6351E804957A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {2EC50909-A5B8-4061-900F-7FBAF516F26A} - System32\Tasks\Lenovo\Lenovo-25838 => C:\ProgramData\Lenovo-25838.vbs [2013-10-18] ()
Task: {3864244B-592B-4F61-8F7E-F61734C03B58} - System32\Tasks\G2MUpdateTask-S-1-5-21-4278806244-3946690954-89611405-1001 => C:\Users\Ute\AppData\Local\Citrix\GoToMeeting\2130\g2mupdate.exe [2014-12-31] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {4927924C-A5E3-47FF-B9E9-B80557B576DE} - System32\Tasks\{4DFDCA33-7855-42CE-A167-53B2FA91D197} => pcalua.exe -a "C:\Users\Ute\AppData\Roaming\1H1Q1V1N1N1O1R\PDF Creator Packages\uninstaller.exe" -c /Uninstall /NM="PDF Creator Packages" /AN="1H1Q1V1N1N1O1R" /MBN="PDF Creator Packages"
Task: {51A427BB-2B0C-4F4B-B3BE-A9A2FAD1E4DF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {57799BD6-455E-4C11-B681-1B5A10F1C796} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2013-10-04] (TechSmith Corporation)
Task: {76F82560-6DA7-4132-8EEA-034B4CEF1C14} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: {7E83B592-067F-4486-9D07-E9250B9FCC71} - System32\Tasks\{8DC9A3B1-9955-4D2E-8E23-E1AD9817AA96} => pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe"
Task: {8D39BC23-CB47-408E-BE53-D89D35E46A7B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: {976D87FC-8514-464C-BD25-378970532BD8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-29] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4278806244-3946690954-89611405-1001.job => C:\Users\Ute\AppData\Local\Citrix\GoToMeeting\2130\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-12-20 13:57 - 2006-02-23 11:35 - 00020480 _____ () C:\WINDOWS\System32\FritzColorPort64.dll
2013-12-20 13:57 - 2006-02-22 10:39 - 00020480 _____ () C:\WINDOWS\System32\FritzPort64.dll
2013-10-18 10:59 - 2011-08-16 19:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2013-10-18 11:15 - 2013-05-14 19:53 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-12-02 14:20 - 2014-12-02 14:20 - 00010752 _____ () C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\root\07504d0b\fa6973ba\App_Web_0cazmffj.dll
2014-12-02 14:20 - 2014-12-02 14:20 - 00049152 _____ () C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\root\07504d0b\fa6973ba\App_Web_csh4c4a6.dll
2014-12-30 14:29 - 2014-12-06 02:16 - 01408328 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-30 14:29 - 2014-12-06 02:16 - 00204616 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-30 14:29 - 2014-12-06 02:17 - 10689352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-30 14:29 - 2014-12-06 02:16 - 01856840 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-30 14:29 - 2014-12-06 02:17 - 26725192 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
2013-12-16 19:57 - 2013-01-23 08:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Ute\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Ute\Desktop\Fwd  Daten zur Einrichtung.eml:OECustomProperty
AlternateDataStreams: C:\Users\Ute\Desktop\Ihr Gutschein für druckerzubehoer.de.eml:OECustomProperty
AlternateDataStreams: C:\Users\Ute\Desktop\Ihr Jochen Schweizer Beleg.eml:OECustomProperty
AlternateDataStreams: C:\Users\Ute\Desktop\[Ticket#10297215] Ihre Buchung bei Jochen Schweizer Erlebnisse.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "ISDNWatch.lnk"
HKLM\...\StartupApproved\StartupFolder: => "VR-NetWorld Auftragsprüfung.lnk"
HKLM\...\StartupApproved\Run: => "vksts"
HKLM\...\StartupApproved\Run: => "TrayApplication"
HKLM\...\StartupApproved\Run: => "CsrAudioguiCtrl"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "LVT"
HKLM\...\StartupApproved\Run32: => "mcpltui_exe"
HKLM\...\StartupApproved\Run32: => "mcui_exe"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "ControlCenter3"
HKLM\...\StartupApproved\Run32: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "BrMfcWnd"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "PPort11reminder"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "PSUAMain"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\StartupApproved\Run: => "RESTART_STICKY_NOTES"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\StartupApproved\Run: => "Amazon Cloud Player"
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\StartupApproved\Run: => "PTOneClick"

========================= Accounts: ==========================

admin (S-1-5-21-4278806244-3946690954-89611405-1005 - Administrator - Enabled) => C:\Users\admin
admin2 (S-1-5-21-4278806244-3946690954-89611405-1006 - Limited - Enabled) => C:\Users\admin2
Administrator (S-1-5-21-4278806244-3946690954-89611405-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-4278806244-3946690954-89611405-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-4278806244-3946690954-89611405-1004 - Limited - Enabled)
Ute (S-1-5-21-4278806244-3946690954-89611405-1001 - Administrator - Enabled) => C:\Users\Ute

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/31/2014 09:07:49 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/31/2014 09:06:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/31/2014 09:03:12 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/31/2014 06:46:48 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/31/2014 06:41:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/31/2014 06:41:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/31/2014 06:40:45 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/30/2014 06:34:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.1.711, Zeitstempel: 0x542b53ec
Name des fehlerhaften Moduls: mbamcore.dll, Version: 1.1.20.0, Zeitstempel: 0x5425b0dd
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000023d4
ID des fehlerhaften Prozesses: 0x10a0
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Vollständiger Name des fehlerhaften Pakets: mbam.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbam.exe5

Error: (12/30/2014 06:18:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm mbam.exe, Version 1.0.1.711 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 18dc

Startzeit: 01d024096a810c25

Endzeit: 45

Anwendungspfad: C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe

Berichts-ID: df1a6034-9047-11e4-bf18-7427eae5d5e4

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/30/2014 00:55:05 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.


System errors:
=============
Error: (12/31/2014 06:37:30 PM) (Source: DCOM) (EventID: 10016) (User: Fugentechnik)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FugentechnikUteS-1-5-21-4278806244-3946690954-89611405-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/31/2014 06:37:30 PM) (Source: DCOM) (EventID: 10016) (User: Fugentechnik)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FugentechnikUteS-1-5-21-4278806244-3946690954-89611405-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/31/2014 06:37:30 PM) (Source: DCOM) (EventID: 10016) (User: Fugentechnik)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FugentechnikUteS-1-5-21-4278806244-3946690954-89611405-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/31/2014 06:37:30 PM) (Source: DCOM) (EventID: 10016) (User: Fugentechnik)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FugentechnikUteS-1-5-21-4278806244-3946690954-89611405-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/31/2014 06:37:30 PM) (Source: DCOM) (EventID: 10016) (User: Fugentechnik)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FugentechnikUteS-1-5-21-4278806244-3946690954-89611405-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/31/2014 06:37:30 PM) (Source: DCOM) (EventID: 10016) (User: Fugentechnik)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FugentechnikUteS-1-5-21-4278806244-3946690954-89611405-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/31/2014 06:37:30 PM) (Source: DCOM) (EventID: 10016) (User: Fugentechnik)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FugentechnikUteS-1-5-21-4278806244-3946690954-89611405-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/31/2014 06:36:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CSR OBEX-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (12/31/2014 06:27:58 PM) (Source: DCOM) (EventID: 10016) (User: Fugentechnik)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FugentechnikUteS-1-5-21-4278806244-3946690954-89611405-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/31/2014 06:27:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CSR OBEX-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-12-31 08:57:23.315
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-31 08:57:23.211
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-31 08:57:23.091
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-31 08:57:20.137
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-31 08:57:20.040
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-31 08:57:19.756
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-31 08:57:19.377
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-30 23:55:11.722
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-30 23:55:11.566
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-30 23:55:11.402
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 49%
Total physical RAM: 4010.35 MB
Available physical RAM: 2038.05 MB
Total Pagefile: 5290.35 MB
Available Pagefile: 2754.42 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:439.16 GB) (Free:373.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: A5C61E19)

Partition: GPT Partition Type.

==================== End Of Log ============================
         


Geändert von Snoosel (31.12.2014 um 20:40 Uhr)

Alt 31.12.2014, 20:49   #6
Snoosel
 
Optimizer Pro - Standard

Optimizer Pro



Weiß nicht, ob das auch wichtig ist.

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Ute (administrator) on FUGENTECHNIK on 31-12-2014 21:07:56
Running from C:\Users\Ute\Desktop\troj
Loaded Profile: Ute (Available profiles: Ute & admin & admin2 & Administrator)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVM Berlin) C:\Program Files (x86)\Common Files\AVM\De_serv.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\jmesoft\Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(UltiDev LLC) C:\Program Files (x86)\UltiDev\Web Server\UWS.HighPrivilegeUtilities.exe
(UltiDev LLC) C:\Program Files (x86)\UltiDev\Web Server\UWS.LowPrivilegeUtilities.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(UltiDev LLC) C:\Program Files (x86)\UltiDev\Web Server\UltiDev.WebServer.Monitor.exe
(iAnywhere Solutions, Inc.) C:\ADVANTAGE\Server\ads.exe
(UltiDev LLC) C:\Program Files (x86)\UltiDev\Web Server\UWS.AppHost.Clr4.x86.exe
(UltiDev LLC) C:\Program Files (x86)\UltiDev\Web Server\UWS.AppHost.Clr2.AnyCpu.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\Run: [RESTART_STICKY_NOTES] => C:\WINDOWS\system32\StikyNot.exe [457728 2013-11-14] (Microsoft Corporation)
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\...\Run: [PTOneClick] => C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe [187920 2014-08-25] (Cisco WebEx LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISDNWatch.lnk
ShortcutTarget: ISDNWatch.lnk -> C:\Program Files (x86)\FRITZ!\IWatch.exe (AVM Berlin)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VR-NetWorld Auftragsprüfung.lnk
ShortcutTarget: VR-NetWorld Auftragsprüfung.lnk -> C:\Program Files (x86)\VR-NetWorld\vrtoolcheckorder.exe (VR-NetWorld Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4278806244-3946690954-89611405-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4278806244-3946690954-89611405-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: WebEx Productivity Tools -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Cisco WebEx-Produktivitätswerkzeuge -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Cisco WebEx-Produktivitätswerkzeuge - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
Tcpip\..\Interfaces\{AD715C07-FA95-41CD-8547-8CF7B99D600E}: [NameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\956apvdl.default
FF DefaultSearchEngine: Google
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4278806244-3946690954-89611405-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Ute\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Users\Ute\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [Not Found]
FF Extension: No Name - C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\956apvdl.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://spiele.rtl.de/cms/index.html"
CHR Profile: C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-29]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2014-11-13]
CHR Extension: (Google Wallet) - C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-29]
CHR Profile: C:\Users\Ute\AppData\Local\Google\Chrome\User Data\Profile 1

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Advantage; C:\ADVANTAGE\Server\ads.exe [3530752 2012-11-27] (iAnywhere Solutions, Inc.) [File not signed]
R2 de_serv; C:\Program Files (x86)\Common Files\AVM\de_serv.exe [206128 2007-10-25] (AVM Berlin)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
S2 TopDNS; C:\ProgramData\blue solution\Handwerk 5\TopAppService\TopDnsService.exe [2779648 2013-01-30] (blue:solution software GmbH) [File not signed]
R2 UltiDev Web Server Pro; C:\Program Files (x86)\UltiDev\Web Server\UltiDev.WebServer.Monitor.exe [64512 2012-09-29] (UltiDev LLC) [File not signed]
R2 UWS HiPriv Services; C:\Program Files (x86)\UltiDev\Web Server\UWS.HighPrivilegeUtilities.exe [48128 2012-09-29] (UltiDev LLC) [File not signed]
R2 UWS LoPriv Services; C:\Program Files (x86)\UltiDev\Web Server\UWS.LowPrivilegeUtilities.exe [44032 2012-09-29] (UltiDev LLC) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-11-14] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2014-11-14] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 CsrBtOBEX-Dienst; "C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AVMCOWAN; C:\Windows\system32\DRIVERS\AVMCOWAN.sys [79872 2010-11-28] (AVM GmbH)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Limited)
S3 CYUSB3; C:\Windows\System32\Drivers\CYUSB3.sys [62712 2014-03-21] (Cypress Semiconductor)
R3 FUS2BASE; C:\Windows\system32\DRIVERS\fus2base.sys [696832 2010-11-28] (AVM Berlin)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-31] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2014-04-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 csravrcp; \SystemRoot\System32\drivers\csravrcp.sys [X]
S3 CsrBtPort; \SystemRoot\system32\DRIVERS\CsrBtPort.sys [X]
S3 csrpan; \SystemRoot\system32\DRIVERS\csrpan.sys [X]
S3 csrserial; \SystemRoot\system32\DRIVERS\csrserial.sys [X]
S3 csrusb; \SystemRoot\System32\Drivers\csrusb.sys [X]
S3 csr_bthav; \SystemRoot\system32\drivers\csrbthav.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-31 18:37 - 2014-12-31 21:07 - 00000000 ____D () C:\Users\Ute\Desktop\troj
2014-12-29 13:20 - 2014-12-29 13:20 - 02173952 _____ () C:\Users\Ute\Desktop\AdwCleaner_4.106.exe
2014-12-29 13:19 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-12-29 13:19 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2014-12-29 13:19 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-12-29 13:19 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2014-12-29 13:19 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-12-29 13:19 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-12-29 13:19 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-12-29 13:19 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-29 13:19 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-29 13:19 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-29 13:19 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-29 13:19 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-29 13:19 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-29 13:19 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-29 13:19 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-29 13:19 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-29 13:19 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-29 13:19 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-29 13:19 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-29 13:18 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-29 13:18 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-29 13:18 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-29 13:18 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-29 13:18 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-29 13:18 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-29 13:18 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-29 13:18 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-29 13:18 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-29 13:18 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-29 13:18 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-29 13:18 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-29 13:18 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-29 13:18 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-29 13:18 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-29 13:18 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-29 13:18 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-29 13:18 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-29 13:18 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-29 13:18 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-29 13:18 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-29 13:18 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-29 13:18 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-29 13:18 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-29 13:18 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-29 13:18 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-29 13:18 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-29 13:18 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-29 13:18 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-29 13:18 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-29 13:18 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-29 13:18 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-29 13:18 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-29 13:18 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-29 13:18 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-29 13:18 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-29 13:18 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-29 13:18 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-29 13:18 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-29 13:18 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-29 13:18 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-23 12:53 - 2014-12-30 13:04 - 00000000 ____D () C:\AdwCleaner
2014-12-22 13:32 - 2014-12-29 13:02 - 00000000 ____D () C:\Users\DefaultAppPool
2014-12-22 13:32 - 2014-12-22 13:32 - 00000000 _SHDL () C:\Users\DefaultAppPool\Vorlagen
2014-12-22 13:32 - 2014-12-22 13:32 - 00000000 _SHDL () C:\Users\DefaultAppPool\Startmenü
2014-12-22 13:32 - 2014-12-22 13:32 - 00000000 _SHDL () C:\Users\DefaultAppPool\Netzwerkumgebung
2014-12-22 13:32 - 2014-12-22 13:32 - 00000000 _SHDL () C:\Users\DefaultAppPool\Lokale Einstellungen
2014-12-22 13:32 - 2014-12-22 13:32 - 00000000 _SHDL () C:\Users\DefaultAppPool\Eigene Dateien
2014-12-22 13:32 - 2014-12-22 13:32 - 00000000 _SHDL () C:\Users\DefaultAppPool\Druckumgebung
2014-12-22 13:32 - 2014-12-22 13:32 - 00000000 _SHDL () C:\Users\DefaultAppPool\Documents\Eigene Musik
2014-12-22 13:32 - 2014-12-22 13:32 - 00000000 _SHDL () C:\Users\DefaultAppPool\Documents\Eigene Bilder
2014-12-22 13:32 - 2014-12-22 13:32 - 00000000 _SHDL () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-22 13:32 - 2014-12-22 13:32 - 00000000 _SHDL () C:\Users\DefaultAppPool\AppData\Local\Verlauf
2014-12-22 13:32 - 2014-12-22 13:32 - 00000000 _SHDL () C:\Users\DefaultAppPool\AppData\Local\Anwendungsdaten
2014-12-22 13:32 - 2014-12-22 13:32 - 00000000 _SHDL () C:\Users\DefaultAppPool\Anwendungsdaten
2014-12-22 13:32 - 2014-06-30 09:07 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Local\Microsoft Help
2014-12-22 13:32 - 2013-12-24 08:47 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Roaming\Macromedia
2014-12-19 16:44 - 2014-12-19 16:44 - 24835462 _____ () C:\Users\Ute\Desktop\5.bmp
2014-12-19 16:42 - 2014-12-19 16:42 - 24835462 _____ () C:\Users\Ute\Desktop\4.bmp
2014-12-19 16:41 - 2014-12-19 16:41 - 24835462 _____ () C:\Users\Ute\Desktop\3.bmp
2014-12-19 16:40 - 2014-12-19 16:40 - 24835462 _____ () C:\Users\Ute\Desktop\2.bmp
2014-12-19 16:39 - 2014-12-19 16:39 - 24835462 _____ () C:\Users\Ute\Desktop\1.bmp
2014-12-19 16:34 - 2014-12-19 16:34 - 24835462 _____ () C:\Users\Ute\Desktop\AOK 2014-351,50 Euro.bmp
2014-12-19 16:15 - 2014-12-19 16:15 - 00379239 ____T () C:\Users\Ute\Desktop\VB Hypothek 413 €uro - 2014.oxps
2014-12-19 16:13 - 2014-12-19 16:13 - 24835462 _____ () C:\Users\Ute\Desktop\BHW 77 €uro-2014.bmp
2014-12-19 16:12 - 2014-12-19 16:12 - 24835462 _____ () C:\Users\Ute\Desktop\BHW 218 Euro-2014.bmp
2014-12-19 15:13 - 2014-12-19 15:13 - 24835462 _____ () C:\Users\Ute\Desktop\Rente MP 2014.bmp
2014-12-19 15:07 - 2014-12-19 15:07 - 24835462 _____ () C:\Users\Ute\Desktop\Leben Risiko MP 2014.bmp
2014-12-19 15:05 - 2014-12-19 15:05 - 24835462 _____ () C:\Users\Ute\Desktop\Leben Risiko UP 2014.bmp
2014-12-19 15:01 - 2014-12-19 15:03 - 24835462 _____ () C:\Users\Ute\Desktop\Leben MP 2014.bmp
2014-12-19 15:01 - 2014-12-19 15:01 - 24835462 _____ () C:\Users\Ute\Desktop\Leben UP 2014.bmp
2014-12-19 14:58 - 2014-12-19 14:58 - 24835462 _____ () C:\Users\Ute\Desktop\Gebäude 2014.bmp
2014-12-19 14:56 - 2014-12-19 14:56 - 24835462 _____ () C:\Users\Ute\Desktop\Hausrat 2014.bmp
2014-12-19 14:41 - 2014-12-19 16:25 - 24835462 _____ () C:\Users\Ute\Desktop\Abgabenbescheid 2014.bmp
2014-12-19 14:35 - 2014-12-19 14:35 - 24835462 _____ () C:\Users\Ute\Desktop\Stadtwerke 2014.bmp
2014-12-19 14:23 - 2014-12-19 14:23 - 24835462 _____ () C:\Users\Ute\Desktop\BG Lohnnachweis 2014.bmp
2014-12-15 20:23 - 2014-12-15 20:23 - 00000000 ____D () C:\Users\Ute\Desktop\fritz
2014-12-13 18:03 - 2014-12-13 18:24 - 00000000 ____D () C:\Users\Ute\Desktop\Strabag
2014-12-10 17:39 - 2014-12-29 20:47 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2014-12-10 13:04 - 2014-12-19 17:14 - 00000000 ____D () C:\Users\Ute\Desktop\Bam 10.12.2014
2014-12-06 22:45 - 2014-12-06 23:03 - 00087432 _____ () C:\Users\Ute\Downloads\Briefpapier.zip
2014-12-05 15:24 - 2014-12-05 15:24 - 00000123 _____ () C:\Users\Ute\Desktop\Erfassung von Aufmaßen Vor-Ort mithilfe der App TopAufmaß.url
2014-12-05 12:27 - 2014-12-05 12:28 - 00022761 _____ () C:\Users\Ute\Desktop\Hoff u. Partner Hasehaus Einnerung.xlsx
2014-12-04 17:59 - 2014-12-04 17:59 - 00003342 _____ () C:\WINDOWS\System32\Tasks\{4DFDCA33-7855-42CE-A167-53B2FA91D197}
2014-12-02 15:11 - 2014-12-03 10:04 - 00000000 ____D () C:\Users\Ute\Tracing
2014-12-02 15:01 - 2014-12-02 15:01 - 00000000 ____D () C:\Users\Ute\AppData\Local\UltiDev_LLC
2014-12-02 15:01 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2014-12-02 15:01 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2014-12-02 15:01 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2014-12-02 15:01 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2014-12-02 15:01 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2014-12-02 15:01 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2014-12-02 15:01 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2014-12-02 15:01 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2014-12-02 15:01 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2014-12-02 15:01 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2014-12-02 15:01 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2014-12-02 15:01 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2014-12-02 15:00 - 2014-12-02 15:00 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-12-02 14:19 - 2014-12-02 14:19 - 00001024 _____ () C:\.rnd
2014-12-02 14:19 - 2014-12-02 14:19 - 00000000 ____D () C:\ProgramData\Caphyon
2014-12-02 14:19 - 2014-12-02 14:19 - 00000000 ____D () C:\Program Files\UltiDev
2014-12-02 14:18 - 2014-12-02 14:18 - 00002218 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\UltiDev Web App Explorer.lnk
2014-12-02 14:18 - 2014-12-02 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltiDev
2014-12-02 14:17 - 2014-12-02 14:19 - 00000000 ____D () C:\ProgramData\UltiDev
2014-12-02 14:17 - 2014-12-02 14:17 - 00026508 _____ () C:\WINDOWS\unins000.dat
2014-12-02 14:17 - 2014-12-02 14:17 - 00000000 ____D () C:\Program Files (x86)\UltiDev
2014-12-02 14:17 - 2014-12-02 14:16 - 01083233 _____ () C:\WINDOWS\unins000.exe
2014-12-02 14:07 - 2014-12-02 14:07 - 03999272 _____ (TeamViewer) C:\Users\Ute\Desktop\bss_support.exe
2014-12-01 21:06 - 2014-12-01 21:18 - 00000000 ____D () C:\Program Files\PDFCreator
2014-12-01 21:06 - 2014-12-01 21:06 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2014-12-01 21:05 - 2014-12-01 21:05 - 00000000 ____D () C:\Program Files (x86)\PDF Creator

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-31 21:07 - 2014-09-07 17:19 - 00000000 ____D () C:\FRST
2014-12-31 21:02 - 2014-04-07 08:14 - 01532426 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-31 21:02 - 2013-12-18 18:39 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\ClassicShell
2014-12-31 21:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-31 21:01 - 2014-10-29 12:15 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-31 21:01 - 2013-12-24 10:15 - 06982656 ___SH () C:\Users\Ute\Desktop\Thumbs.db
2014-12-31 21:00 - 2014-10-26 22:14 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-31 20:54 - 2014-09-24 16:48 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7191AC2D-2327-4099-A4A5-525ACFAC0F38}
2014-12-31 20:35 - 2014-10-10 11:05 - 00000576 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4278806244-3946690954-89611405-1001.job
2014-12-31 20:26 - 2014-10-29 12:15 - 00001144 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-31 18:42 - 2013-11-14 08:27 - 01860582 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-31 18:42 - 2013-11-14 08:11 - 00799978 _____ () C:\WINDOWS\system32\perfh007.dat
2014-12-31 18:42 - 2013-11-14 08:11 - 00168714 _____ () C:\WINDOWS\system32\perfc007.dat
2014-12-31 18:36 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-31 18:26 - 2014-06-23 11:52 - 00005120 _____ () C:\ads_err.adi
2014-12-31 18:26 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-31 16:36 - 2014-10-10 11:05 - 00003580 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-4278806244-3946690954-89611405-1001
2014-12-31 14:15 - 2014-06-23 11:52 - 00115053 _____ () C:\ads_err.adt
2014-12-30 18:34 - 2014-07-05 22:41 - 00000000 ____D () C:\Users\Ute\AppData\Local\CrashDumps
2014-12-30 16:00 - 2013-12-16 20:08 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4278806244-3946690954-89611405-1001
2014-12-30 14:29 - 2014-10-29 12:16 - 00002206 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-30 12:58 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-30 12:47 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-30 12:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-30 12:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-30 09:47 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-29 20:49 - 2014-04-10 07:11 - 00926278 _____ () C:\WINDOWS\PFRO.log
2014-12-29 20:47 - 2014-07-09 18:21 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-12-29 20:47 - 2013-12-18 14:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-29 20:47 - 2013-12-17 03:17 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-29 20:47 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-29 20:45 - 2013-12-17 03:17 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-29 20:41 - 2013-12-20 14:56 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\TeamViewer
2014-12-29 19:54 - 2014-01-09 18:02 - 00000000 ____D () C:\Users\Ute\AppData\Roaming\webex
2014-12-29 15:21 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Branding
2014-12-29 13:04 - 2014-10-26 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-29 13:04 - 2014-10-26 22:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-29 13:04 - 2013-12-24 08:44 - 00000000 ____D () C:\Users\Ute
2014-12-29 13:03 - 2014-02-26 15:44 - 00000000 ____D () C:\Users\admin2
2014-12-29 13:03 - 2014-02-26 15:28 - 00000000 ____D () C:\Users\admin
2014-12-29 13:03 - 2014-02-26 15:25 - 00000000 ____D () C:\Users\Administrator
2014-12-29 13:03 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-12-29 13:02 - 2014-11-14 14:40 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS
2014-12-29 13:02 - 2014-10-29 12:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-29 13:02 - 2014-06-23 11:48 - 00000000 ____D () C:\ADVANTAGE
2014-12-29 13:02 - 2013-12-18 18:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-29 13:02 - 2013-12-18 18:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-29 13:02 - 2013-12-18 14:31 - 00000000 ____D () C:\Users\Ute\AppData\Local\Microsoft Help
2014-12-29 13:02 - 2013-10-18 11:12 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Macromed
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\zh-HK
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\uk-UA
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\tr-TR
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\th-TH
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sl-SI
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sk-SK
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\ro-RO
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\Macromed
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\lv-LV
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\lt-LT
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\hr-HR
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\he-IL
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\et-EE
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\bg-BG
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\ar-SA
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-12-29 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-12-29 13:02 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-12-29 13:02 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\servicing
2014-12-29 12:47 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\registration
2014-12-29 12:44 - 2013-12-16 21:30 - 00000000 ____D () C:\Users\Ute\AppData\Local\Google
2014-12-23 11:04 - 2013-12-24 08:39 - 00000000 ___DC () C:\WINDOWS\Panther
2014-12-22 07:21 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-12-18 19:55 - 2014-06-23 11:52 - 00008204 _____ () C:\ads_err.adm
2014-12-18 13:43 - 2013-12-16 18:35 - 00000000 ____D () C:\Users\Ute\AppData\Local\FRITZ!
2014-12-11 19:54 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-12-09 21:03 - 2013-12-18 13:52 - 00000000 ____D () C:\Users\Ute\Desktop\BAM
2014-12-09 07:34 - 2013-12-18 13:52 - 00000000 ___RD () C:\Users\Ute\Desktop\Stundenzettel
2014-12-06 22:46 - 2014-01-02 15:11 - 00130080 _____ () C:\Users\Ute\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-05 12:38 - 2014-03-25 18:38 - 00000000 ___RD () C:\Users\Ute\Desktop\Bendik
2014-12-05 12:01 - 2013-12-18 13:52 - 00000000 ____D () C:\Users\Ute\Desktop\PK
2014-12-04 14:41 - 2014-06-29 11:55 - 00000000 ____D () C:\Users\Ute\AppData\Local\Windows Live
2014-12-03 10:01 - 2014-04-30 07:16 - 00010968 _____ () C:\WINDOWS\setupact.log
2014-12-03 09:03 - 2014-02-04 21:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-12-02 15:01 - 2014-06-29 11:57 - 00000537 _____ () C:\WINDOWS\DirectX.log
2014-12-02 14:13 - 2014-11-14 14:26 - 00000000 ____D () C:\Program Files (x86)\IIS Express

Files to move or delete:
====================
C:\ProgramData\Lenovo-25838.vbs


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-28 21:42

==================== End Of Log ============================
         
--- --- ---


Schöne Grüße Ute
und prost Neujahr.
Ich wünsche Dir und Deinem Team einen richtig guten, erfolgreichen und gesunden Start ins neue Jahr
und ganz wenig ungeduldige User

Alt 31.12.2014, 21:30   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Optimizer Pro - Standard

Optimizer Pro



Java und Firefox updaten. Noch Probleme mit dem System?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 31.12.2014, 22:39   #8
Snoosel
 
Optimizer Pro - Standard

Optimizer Pro



Leider nein, unser Tablet kooperiert immer noch nicht mit dem Rechner. Das funktionierte vorher alles reibungslos. Kann es sein, dass auf dem Tablet ein Virus ist?
Wir bringen nur Daten über Wlan zu unseren Rechner.

Firefox updaten? Den Browser habe ich nicht oder ist er mit Thunderbird gekoppelt?

Alt 01.01.2015, 07:37   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Optimizer Pro - Standard

Optimizer Pro



Firefox ist aber installiert. IN deinem Eingangspost schreibst Du das Problem mit dem Tablet sei behoben, es geht nur um Optimizer Pro. Das ist jetzt weg.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.01.2015, 15:40   #10
Snoosel
 
Optimizer Pro - Standard

Optimizer Pro



Optimizer ist weg, das ist gut, danke.
Dachte, das mit dem Tablet sei behoben, die Anmeldung war zu dem Zeitpunkt auch möglich habe aber nicht ausprobiert ob die Daten gesendet werden können. Das geht jetzt nicht. Vielleicht ist das ja auch nur ein Einstellungsproblem. Das kann ich nächste Woche abklären.
Jau Firefox ist installiert kann es aber nicht deinstallieren, brauche es nicht.
Um Java wird sich jetzt gekümmert.

Vielen Dank für Deine Hilfe Schrauber, hab ein mega geiles Jahr.
Gruß Ute

Alt 01.01.2015, 16:02   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Optimizer Pro - Standard

Optimizer Pro



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Optimizer Pro
appdata, browser, desktop, entfernen, explorer, firefox, google, internet, internet explorer, löschen, malwarebytes, microsoft, mozilla, optimizer, problem, probleme, pup.optional.vosteran, rechner, roaming, schutz, software, tablet, update, warum, windows



Ähnliche Themen: Optimizer Pro


  1. Optimizer Pro wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 24.06.2014 (3)
  2. Optimizer Pro :-(
    Plagegeister aller Art und deren Bekämpfung - 21.05.2014 (8)
  3. Optimizer Pro und Spyhunter
    Plagegeister aller Art und deren Bekämpfung - 08.05.2014 (12)
  4. PC Optimizer Pro (malware)
    Plagegeister aller Art und deren Bekämpfung - 27.04.2014 (11)
  5. Optimizer Pro
    Plagegeister aller Art und deren Bekämpfung - 23.04.2014 (19)
  6. Optimizer Pro loswerden ?
    Plagegeister aller Art und deren Bekämpfung - 31.03.2014 (19)
  7. Win 8 - Optimizer Pro
    Plagegeister aller Art und deren Bekämpfung - 20.03.2014 (11)
  8. PC Optimizer Pro
    Plagegeister aller Art und deren Bekämpfung - 05.01.2014 (9)
  9. optimizer pro
    Plagegeister aller Art und deren Bekämpfung - 04.01.2014 (11)
  10. Optimizer Pro
    Log-Analyse und Auswertung - 12.12.2013 (5)
  11. Win 8 64bit: Optimizer Pro v3.1
    Plagegeister aller Art und deren Bekämpfung - 07.10.2013 (11)
  12. PC Optimizer Pro
    Plagegeister aller Art und deren Bekämpfung - 24.09.2013 (13)
  13. SpyHunter 4 + Optimizer Pro
    Plagegeister aller Art und deren Bekämpfung - 13.02.2013 (59)
  14. Optimizer Pro auf Laptop
    Plagegeister aller Art und deren Bekämpfung - 18.01.2013 (17)
  15. Malware My Disk ,Memory Optimizer,HDD Optimizer auf welchem Weg ins System?
    Plagegeister aller Art und deren Bekämpfung - 25.01.2011 (12)
  16. Internet Optimizer
    Plagegeister aller Art und deren Bekämpfung - 12.08.2005 (13)
  17. internet optimizer
    Plagegeister aller Art und deren Bekämpfung - 09.12.2004 (8)

Zum Thema Optimizer Pro - Hallo, keine Ahnung warum immer ich. Nu ist ein Optimizer Pro auf meinem Rechner, Google sagt, den soll man nicht selbst löschen, drum bin ich hier. Wie er auf den - Optimizer Pro...
Archiv
Du betrachtest: Optimizer Pro auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.