Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Positive Finds - Windows 8.1

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.02.2015, 15:55   #1
UlliLang
 
Positive Finds - Windows 8.1 - Standard

Positive Finds - Windows 8.1



Moin.
Ich habe mir (scheinbar durch die Installation von einem mp3 ripper) positive finds eingefangen und werde es nicht mehr los!
Was ich bisher getan habe:
1. positve finds in der Windows Systemsteuerung als Programm deinstalliert
2. Malwarenbytes Anti-Malware suchen, finden und löschen lassen.
3. HitmanPro suchen lassen
4. Chrome und Firefox zurückgesetzt

Leider kein Erfolg - es tauchen immer wieder Werbeeinblendungen von positive finds und neue Tabs auf.

Hier die Scan logs von FRST und Malwarebytes:

Vielen Dank

Ulli


Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Ulli (administrator) on MEDION_AKOYA on 04-02-2015 15:26:10
Running from C:\Users\Ulli\Desktop
Loaded Profiles: Ulli &  (Available profiles: Ulli)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Tobit.Software) C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Pervasive Software Inc.) C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Dropbox, Inc.) C:\Users\Ulli\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\onlinebrief24.de\ebdhelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\CouchfunkGmbH.WM2014LiveApp_1.0.2.0_x64__3vz57y5v96hga\WM2014.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmprph.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(EJIE Technology) C:\Program Files (x86)\Clover\clover.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [onlinebrief24-ebdhelper] => C:\Program Files (x86)\onlinebrief24.de\ebdhelper.exe [692224 2014-06-04] ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AppLauncher] => C:\Program Files (x86)\Ashampoo\Ashampoo AppLauncher\AppLauncher.exe [969632 2012-08-10] (Ashampoo)
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\Run: [rfxsrvtray] => C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\Run: [Google+ Auto Backup] => "C:\Users\Ulli\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\Run: [Power2GoExpress8] => NA
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\Run: [GoogleChromeAutoLaunch_F6A3317DD97F8A33E96BB46D3400FE8F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-27] (Google Inc.)
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\MountPoints2: {0b5c7df5-802c-11e4-82b7-d43d7eb05526} - "H:\startme.exe" 
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\MountPoints2: {79540f5c-8591-11e4-82b7-d43d7eb05526} - "I:\Startme.exe" 
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\MountPoints2: {90aa118e-87e7-11e3-8275-801f02ddb352} - "H:\setup64.exe" 
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [rfxsrvtray] => C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google+ Auto Backup] => "C:\Users\Ulli\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_F6A3317DD97F8A33E96BB46D3400FE8F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-27] (Google Inc.)
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Power2GoExpress8] => NA
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {0b5c7df5-802c-11e4-82b7-d43d7eb05526} - "H:\startme.exe" 
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {79540f5c-8591-11e4-82b7-d43d7eb05526} - "I:\Startme.exe" 
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {90aa118e-87e7-11e3-8275-801f02ddb352} - "H:\setup64.exe" 
HKU\S-1-5-18\...\Run: [AppLauncher] => C:\Program Files (x86)\Ashampoo\Ashampoo AppLauncher\AppLauncher.exe [969632 2012-08-10] (Ashampoo)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Radio.fx.LNK
ShortcutTarget: Radio.fx.LNK -> C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-client.exe (Tobit.Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start Pervasive PSQL Workgroup Engine.lnk
ShortcutTarget: Start Pervasive PSQL Workgroup Engine.lnk -> C:\Windows\Installer\{0A3238D7-AB32-1010-B717-F3E3F18B4A8C}\WGE.14A03FCD_EA43_4130_A5C0_F02D38895A13.exe ()
Startup: C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ulli\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: ExplorerWatcher Class -> {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -> C:\Program Files (x86)\Clover\TabHelper64.dll (EJIE Technology)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files (x86)\ANDI 2014\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Ulli\AppData\Roaming\Mozilla\Firefox\Profiles\qlcv7kpz.default-1422973342051
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3911576866-2457419995-2319590870-1002: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-3911576866-2457419995-2319590870-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-01-26]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3331400&octid=EB_ORIGINAL_CTID&ISID=MD18EECA1-4517-42A2-AE45-14F39DFA3445&SearchSource=55&CUI=&UM=6&UP=SPA6D04EAA-1147-47E8-BCE3-13A979B2B086&SSPV=
CHR StartupUrls: Default -> "https://mail.google.com/mail/u/0/#inbox", "chrome://newtab/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-06]
CHR Extension: (Google Docs) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-25]
CHR Extension: (Google Drive) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-25]
CHR Extension: (Adblock Plus) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-23]
CHR Extension: (Google-Suche) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-25]
CHR Extension: (Ultimate Google Docs Viewer) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\edgbhipncfdgcekflcoelhmnkcfdfjcl [2014-01-25]
CHR Extension: (Google Kalender) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-01-25]
CHR Extension: (Google Tabellen) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-06]
CHR Extension: (Avira Browserschutz) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-03-07]
CHR Extension: (AdBlock) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-25]
CHR Extension: (IE Tab) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2014-06-13]
CHR Extension: (Blogger) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejliakmhcfhakneflmicaoikhbicggc [2014-01-25]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-06]
CHR Extension: (Google Mail-Checker) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-01-25]
CHR Extension: (Google Wallet) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-25]
CHR Extension: (Google Quick Scroll) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2014-01-25]
CHR Extension: (Picasa) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-01-25]
CHR Extension: (Google Mail) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-25]
CHR HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKU\S-1-5-21-3911576866-2457419995-2319590870-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACT2_Service; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe [1421216 2011-08-22] ()
R2 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [1518504 2012-07-30] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation)
R2 hasplms; C:\Windows\system32\hasplms.exe [4683144 2014-06-02] (SafeNet Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-02-03] (SurfRight B.V.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation)
R2 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACT2PM; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys [15160 2011-06-10] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331608 2014-06-02] (SafeNet Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )
S3 USBTINSP; C:\Windows\System32\drivers\tinspusb.sys [142848 2010-03-29] (Texas Instruments)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 X86BDA; C:\Windows\system32\DRIVERS\OEMDrv.sys [268416 2011-06-08] ( )

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 15:26 - 2015-02-04 15:26 - 00029272 _____ () C:\Users\Ulli\Desktop\FRST.txt
2015-02-04 15:26 - 2015-02-04 15:23 - 02131456 _____ (Farbar) C:\Users\Ulli\Desktop\FRST64.exe
2015-02-04 15:23 - 2015-02-04 15:26 - 00000000 ____D () C:\FRST
2015-02-03 15:50 - 2015-02-03 15:50 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-02-03 15:38 - 2015-02-03 15:38 - 00001925 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-02-03 15:38 - 2015-02-03 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-02-03 15:38 - 2015-02-03 15:38 - 00000000 ____D () C:\Program Files\HitmanPro
2015-02-03 15:37 - 2015-02-03 15:50 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-03 15:22 - 2015-02-03 15:22 - 00000000 ____D () C:\Users\Ulli\Desktop\Alte Firefox-Daten
2015-02-03 14:55 - 2015-02-03 17:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-03 14:55 - 2015-02-03 14:55 - 00001122 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-03 14:55 - 2015-02-03 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-03 14:55 - 2015-02-03 14:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-03 14:55 - 2015-02-03 14:55 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-03 14:55 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-03 14:55 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-03 14:55 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-03 14:47 - 2015-02-03 14:47 - 00000000 ____D () C:\Users\Ulli\AppData\Roaming\Tobit
2015-02-02 17:09 - 2015-02-02 17:09 - 00000987 _____ () C:\Users\Public\Desktop\CDex.lnk
2015-02-02 17:09 - 2015-02-02 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDex
2015-02-02 17:08 - 2015-02-03 08:48 - 00000000 ____D () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
2015-01-31 11:13 - 2015-02-02 17:04 - 00000040 _____ () C:\Users\Ulli\AppData\Roaming\cdr.ini
2015-01-31 11:13 - 2015-01-31 11:13 - 00001018 _____ () C:\Users\Ulli\Desktop\Free CD to MP3 Converter.lnk
2015-01-31 11:13 - 2015-01-31 11:13 - 00000000 ____D () C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CD to MP3 Freeware
2015-01-31 11:13 - 2015-01-31 11:13 - 00000000 ____D () C:\Users\Ulli\AppData\Roaming\Eusing
2015-01-31 11:13 - 2015-01-31 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CD to MP3 Freeware
2015-01-31 11:13 - 2015-01-31 11:13 - 00000000 ____D () C:\Program Files (x86)\CD to MP3 Freeware
2015-01-31 11:13 - 2001-03-23 16:29 - 00880912 _____ (Microsoft Corporation) C:\Windows\WM8EUTIL.exe
2015-01-31 11:12 - 2015-01-31 11:12 - 01906385 _____ () C:\Users\Ulli\Downloads\cdtomp3freeware.exe
2015-01-30 10:29 - 2015-02-02 17:09 - 00000000 ____D () C:\Program Files (x86)\CDex
2015-01-30 10:29 - 2015-01-30 10:29 - 00000000 ____D () C:\Users\Ulli\AppData\Local\CDex
2015-01-30 09:38 - 2015-01-30 09:46 - 00000000 ____D () C:\Users\Ulli\AppData\Roaming\DVDVideoSoft
2015-01-28 13:39 - 2015-01-28 13:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-14 13:21 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 13:21 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 13:21 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-14 13:21 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 13:21 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 13:21 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-14 13:21 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 13:21 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 13:21 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 13:21 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 13:21 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 13:21 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 13:21 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 13:21 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 13:21 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-14 13:21 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-14 13:21 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-14 13:21 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-14 13:21 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-14 13:21 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-14 13:21 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-14 13:21 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-14 13:21 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-14 13:21 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 13:21 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 13:21 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 13:21 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-14 13:21 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-14 13:21 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 13:21 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 13:21 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 15:25 - 2014-01-25 12:26 - 00000000 ____D () C:\Users\Ulli\Downloads\Programme
2015-02-04 15:23 - 2013-12-19 10:46 - 01784578 _____ () C:\Windows\WindowsUpdate.log
2015-02-04 15:17 - 2014-09-19 17:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-04 15:10 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-04 07:31 - 2014-01-25 11:50 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-04 04:48 - 2014-01-26 10:01 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0
2015-02-03 20:27 - 2013-09-12 12:28 - 00765378 _____ () C:\Windows\system32\perfh007.dat
2015-02-03 20:27 - 2013-09-12 12:28 - 00159696 _____ () C:\Windows\system32\perfc007.dat
2015-02-03 20:27 - 2013-09-12 12:00 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-03 17:24 - 2014-01-25 11:51 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3911576866-2457419995-2319590870-1002
2015-02-03 17:11 - 2014-01-25 14:49 - 00000000 ____D () C:\Users\Ulli\Documents\Ulli
2015-02-03 16:31 - 2014-01-25 11:50 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 15:54 - 2014-01-25 11:47 - 00000000 ___DO () C:\Users\Ulli\SkyDrive
2015-02-03 15:53 - 2014-02-26 17:27 - 00000000 ____D () C:\Users\Ulli\Tracing
2015-02-03 15:53 - 2014-02-11 12:38 - 00000000 ___RD () C:\Users\Ulli\Documents\Google Drive
2015-02-03 15:53 - 2014-01-25 14:41 - 00000000 ___RD () C:\Users\Ulli\Dropbox
2015-02-03 15:53 - 2014-01-25 14:38 - 00000000 ____D () C:\Users\Ulli\AppData\Roaming\Dropbox
2015-02-03 15:52 - 2014-11-03 10:50 - 00000106 _____ () C:\Windows\system32\mfilemon.log
2015-02-03 15:52 - 2013-10-24 09:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-03 15:52 - 2013-09-12 11:53 - 00162750 _____ () C:\Windows\PFRO.log
2015-02-03 15:52 - 2013-08-22 15:46 - 00111134 _____ () C:\Windows\setupact.log
2015-02-03 15:52 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-03 15:28 - 2014-02-03 17:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-03 15:20 - 2014-05-12 19:00 - 00000000 ____D () C:\Program Files\CamStudio 2.7
2015-02-03 14:45 - 2014-06-04 18:13 - 00000000 ____D () C:\AdwCleaner
2015-02-03 14:45 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-02-03 10:27 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-02 17:10 - 2014-12-08 13:29 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-01-31 01:33 - 2014-01-25 11:51 - 00002199 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-30 10:34 - 2014-01-25 12:25 - 00000432 _____ () C:\Windows\BRWMARK.INI
2015-01-30 10:34 - 2014-01-25 12:25 - 00000034 _____ () C:\Windows\SysWOW64\BD7420.DAT
2015-01-30 10:29 - 2014-01-25 17:16 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-30 09:43 - 2014-01-26 10:17 - 00000000 ____D () C:\Users\Ulli\StarMoney 9
2015-01-30 09:36 - 2014-10-30 17:23 - 00000000 ____D () C:\Program Files (x86)\Free mp3 Wma Converter
2015-01-29 16:31 - 2014-01-25 14:49 - 00000000 ____D () C:\Users\Ulli\Documents\Betrieb
2015-01-28 05:16 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-27 21:34 - 2014-01-25 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-26 11:06 - 2014-01-27 12:33 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-26 11:06 - 2014-01-26 12:03 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-26 11:05 - 2014-11-10 16:53 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-26 11:05 - 2014-11-10 16:53 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-26 11:05 - 2014-11-10 16:53 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-26 11:05 - 2014-11-10 16:53 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-26 11:05 - 2014-11-10 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-26 10:51 - 2014-01-25 14:15 - 00000000 ___RD () C:\Users\Ulli\Desktop\das war dabei
2015-01-24 21:20 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 21:17 - 2014-09-19 17:12 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-19 09:13 - 2014-01-25 14:46 - 00000000 ____D () C:\Users\Ulli\Documents\Mieter
2015-01-15 00:12 - 2014-06-19 18:13 - 00000028 _____ () C:\Windows\ODBC.INI
2015-01-14 13:51 - 2014-01-26 18:27 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 13:46 - 2014-01-26 18:27 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-05 13:09 - 2014-02-26 17:28 - 00000000 ____D () C:\Users\Ulli\AppData\Roaming\Windows Live Writer

==================== Files in the root of some directories =======

2014-05-12 19:04 - 2014-05-23 14:54 - 0000096 _____ () C:\Users\Ulli\AppData\Roaming\Camdata.ini
2014-05-12 19:04 - 2014-05-23 14:54 - 0000408 _____ () C:\Users\Ulli\AppData\Roaming\CamLayout.ini
2014-05-12 19:04 - 2014-05-23 14:54 - 0000408 _____ () C:\Users\Ulli\AppData\Roaming\CamShapes.ini
2014-05-12 19:04 - 2014-05-23 14:54 - 0004547 _____ () C:\Users\Ulli\AppData\Roaming\CamStudio.cfg
2015-01-31 11:13 - 2015-02-02 17:04 - 0000040 _____ () C:\Users\Ulli\AppData\Roaming\cdr.ini
2014-05-12 19:02 - 2014-05-23 14:36 - 0000096 _____ () C:\Users\Ulli\AppData\Roaming\version2.xml
2014-01-27 18:20 - 2014-01-28 00:16 - 0003584 _____ () C:\Users\Ulli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-24 09:46 - 2013-10-24 09:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-10-24 09:58 - 2013-10-24 09:58 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-10-24 09:52 - 2013-10-24 09:56 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-10-24 09:51 - 2013-10-24 09:51 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-10-24 09:57 - 2013-10-24 09:58 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
2013-10-24 09:51 - 2013-10-24 09:52 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log
2013-10-24 09:56 - 2013-10-24 09:56 - 0000110 _____ () C:\ProgramData\{E3D04529-6EDB-11D8-A372-0050BAE317E1}.log

Some content of TEMP:
====================
C:\Users\Ulli\AppData\Local\Temp\2630_3.22.1095_117Y.exe
C:\Users\Ulli\AppData\Local\Temp\amazonicon_v5.exe
C:\Users\Ulli\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Ulli\AppData\Local\Temp\AppLauncher.exe
C:\Users\Ulli\AppData\Local\Temp\avgnt.exe
C:\Users\Ulli\AppData\Local\Temp\COMAP.EXE
C:\Users\Ulli\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpibb4lt.dll
C:\Users\Ulli\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Ulli\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Ulli\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Ulli\AppData\Local\Temp\FreeAudioConverter.exe
C:\Users\Ulli\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Ulli\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Ulli\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Ulli\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Ulli\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Ulli\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Ulli\AppData\Local\Temp\ms.exe
C:\Users\Ulli\AppData\Local\Temp\ose00000.exe
C:\Users\Ulli\AppData\Local\Temp\repair4.exe
C:\Users\Ulli\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Ulli\AppData\Local\Temp\sdapskill.exe
C:\Users\Ulli\AppData\Local\Temp\sdaspwn.exe
C:\Users\Ulli\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Ulli\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Ulli\AppData\Local\Temp\vlc-2.1.4-win64.exe
C:\Users\Ulli\AppData\Local\Temp\vlc-2.1.5-win64.exe
C:\Users\Ulli\AppData\Local\Temp\_isD299.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-04 04:19

==================== End Of Log ============================
         


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Ulli at 2015-02-04 15:26:25
Running from C:\Users\Ulli\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 VIDEO DVR (HKLM-x32\...\{EBD0EE76-2CFC-4EE5-AFE6-7EEAA3B14332}) (Version: 2012.04.17 - -)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Agrilog (HKLM-x32\...\de.bertelsmann.agrilog.AgrilogPortal) (Version: 0.9.0 - UNKNOWN)
Agrilog (x32 Version: 0.9.0 - UNKNOWN) Hidden
ANDI 2014 (HKLM-x32\...\{4BA6AC5A-A6E5-457F-BE5B-23FBE3D20650}) (Version: 6.0.4 - LGLN Hannover)
Ashampoo AppLauncher v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 11 v.11.0.4 (HKLM-x32\...\Ashampoo Burning Studio 11_is1) (Version: 11.0.4 - Ashampoo GmbH & Co. KG)
Ashampoo Core Tuner 2 v.2.0.1 (HKLM-x32\...\Ashampoo Core Tuner 2_is1) (Version: 2.01 - Ashampoo GmbH & Co. KG)
Ashampoo GetBack Photo v.1.0.1 (HKLM-x32\...\Ashampoo GetBack Photo_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo HDD Control 2 v.2.1.0 (HKLM-x32\...\Ashampoo HDD Control 2_is1) (Version: 2.1.0 - Ashampoo GmbH & Co. KG)
Ashampoo Music Studio 4 v.4.0.1 (HKLM-x32\...\Ashampoo Music Studio 4_is1) (Version: 4.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander 10 v.10.1.3 (HKLM-x32\...\Ashampoo Photo Commander 10_is1) (Version: 10.1.3 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer 5 v.5.1.2 (HKLM-x32\...\Ashampoo Photo Optimizer 5_is1) (Version: 5.1.2 - Ashampoo GmbH & Co. KG)
Ashampoo Slideshow Studio HD 2 v.2.0.5 (HKLM-x32\...\Ashampoo Slideshow Studio HD 2_is1) (Version: 2.0.5 - Ashampoo GmbH & Co. KG)
Ashampoo Snap 5 v.5.1.5 (HKLM-x32\...\Ashampoo Snap 5_is1) (Version: 5.1.5 - Ashampoo GmbH & Co. KG)
Ashampoo UnInstaller 4 v.4.30 (HKLM-x32\...\Ashampoo UnInstaller 4_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG)
Ashampoo Video Styler v.1.0.1 (HKLM-x32\...\Ashampoo Video Styler_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 9 v.9.04.31 (HKLM-x32\...\Ashampoo WinOptimizer 9_is1) (Version: 9.04.31 - Ashampoo GmbH & Co. KG)
Avira (HKLM-x32\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Brother MFL-Pro Suite MFC-7420 (HKLM-x32\...\{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
calibre (HKLM-x32\...\{E1E819A4-112C-454D-A3BE-FB58C60A2D80}) (Version: 1.40.0 - Kovid Goyal)
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.77.0.2015 - Georgy Berdyshev)
Clover 3.0 (HKLM-x32\...\Clover) (Version: 3.0 - )
CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.0913 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.0913 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-3911576866-2457419995-2319590870-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Farm Works Office (x32 Version: 2013.0.0526 - Trimble Navigation) Hidden
FarmPilotDispo (HKLM-x32\...\de.bertelsmann.farmpilot.FarmPilotDispo) (Version: 4.0.8 - UNKNOWN)
FarmPilotDispo (x32 Version: 4.0.8 - UNKNOWN) Hidden
FarmPilotFlotte (HKLM-x32\...\de.bertelsmann.farmpilot.FarmPilotFlotte) (Version: 4.0.10 - UNKNOWN)
FarmPilotFlotte (x32 Version: 4.0.10 - UNKNOWN) Hidden
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotosizer 2.09 (HKLM-x32\...\Fotosizer) (Version: 2.09.0.548 - Fotosizer.com)
Fotótár (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free CD to MP3 Converter (HKLM-x32\...\Free CD to MP3 Converter) (Version:  - Eusing Software)
FWAgDataFodd (HKLM-x32\...\{7A7578D3-B27B-4C2A-9C75-761E973C7782}) (Version: 1.0.28 - Farm Works Software)
FWLsbFOD (HKLM-x32\...\{37C6F31A-4ED1-4DFD-ADC0-31F02D77CE80}) (Version: 1.0.4 - Farm Works Software)
FWVygFOD (HKLM-x32\...\{4EC95BF9-674C-4FB6-94C1-56E2BE8979EE}) (Version: 1.0.74 - Farm Works Software)
Galeria de Fotografias (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Geogrid®-Viewer (x32 Version: 6.3.2.0000 - EADS Deutschland GmbH) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Greenshot 1.1.9.13 (HKLM\...\Greenshot_is1) (Version: 1.1.9.13 - Greenshot)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
honestech VHS to DVD 2.0 SE (HKLM-x32\...\{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}) (Version: 2.0 - honestech)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Joe (HKLM-x32\...\{0AD3DEBC-5321-457E-8B43-8F546940169B}) (Version: 4.00.0050 - Wirth IT Design)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3911576866-2457419995-2319590870-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla)
Mp3tag v2.62 (HKLM-x32\...\Mp3tag) (Version: v2.62 - Florian Heidenreich)
MSXML 4.0 SP2 (KB941833) (HKLM-x32\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1812 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
NVIDIA 3D Vision Controller-Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 344.11 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office (HKLM-x32\...\{0B1D6943-B40D-4C1A-81B5-8038AC7DA5E4}) (Version: 2013.0.0526 - )
onlinebrief24.de (HKLM-x32\...\eBriefdienst-onlinebrief24) (Version:  - )
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
PDF24 Creator 6.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.0 - Tracker Software Products Ltd)
Pervasive PSQL v10.10 Workgroup (32-bit) (HKLM-x32\...\Pervasive PSQL v10.10 Workgroup (32-bit)) (Version: 10.13.060 - Pervasive Software)
Pervasive PSQL v10.10 Workgroup (32-bit) (x32 Version: 10.13.060 - Pervasive Software) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Podstawowe programy Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Radio.fx (HKLM-x32\...\Tobit Radio.fx Server) (Version:  - Tobit.Software)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
SmartTools Publishing • Excel Jahreskalender 2015 (HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\SmartToolsExcelJahreskalender 2015) (Version: 7.00 - SmartTools Publishing)
SmartTools Publishing • Excel Jahreskalender 2015 (HKU\S-1-5-21-3911576866-2457419995-2319590870-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SmartToolsExcelJahreskalender 2015) (Version: 7.00 - SmartTools Publishing)
SmartTools Publishing • Word Serienmailer (HKLM-x32\...\SmartToolsSerienmailerv3.22) (Version: v3.22 - SmartTools Publishing)
StarMoney (x32 Version: 4.0.3.24 - StarFinanz) Hidden
StarMoney 9.0  (HKLM-x32\...\{D7163305-57C0-4BD4-8A04-E4181F6CDEDE}) (Version: 9.0 - Star Finanz GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Top50 V5 Viewer (HKLM-x32\...\{FABDDA3C-3951-428C-AE27-8E180365A061}) (Version: 6.3.2.0000 - EADS Deutschland GmbH)
Valokuvavalikoima (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Συλλογή φωτογραφιών (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ulli\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{060D3CBD-8D3B-35C4-A0D8-49B3E040975A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{0911ECFC-FE5F-4C7F-A9A6-97ADAEE5D6FC}\InprocServer32 -> C:\Users\Ulli\AppData\Roaming\Programme\SmartTools\Excel Jahreskalender 2015\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{1B158A14-A79D-38C1-B6A1-1A880A3FA50A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{3BA6D0D1-DC24-3DBA-A132-06A1BA807DCB}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{59D15BAE-7C4E-3B51-8480-8C9CCB3C5D65}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{5B170D82-E562-3EFB-8139-93698F5A9322}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{5DFD9BFC-435D-3284-8C60-7C3203386798}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{6258287F-314C-3558-B92C-28D8EDAAC361}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{660F5B5C-6705-3B5C-B11C-869ED8217FCE}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{6CD2091E-15F6-3F2F-9D99-DF8A167B51D8}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{6EEDFCF0-D92D-3891-89F1-B7B745538E4A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{8324717F-46C4-3EE7-B07C-30122737A552}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{8634B281-0D37-317D-8F77-068938E82BFB}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{8F0209F9-EC9B-3FCF-997C-A3094FFEF45F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{93289D11-48CF-356C-8BC4-DEDD603DD03B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{958D61DA-921A-3AB8-8A38-0B2943518910}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{A80F214C-0B43-3C02-B064-1FB58E461FE8}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{B38988F9-3E55-3584-AC7D-44A5229790A8}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{B6406164-BEED-309C-B0FD-9F055DDF7E1A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{B90F3724-195B-33C7-BCB2-EB7D48C4497F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{BB4F4887-B7E8-3483-82D4-C77B21CA984A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{C054C137-9B5A-3830-8B1C-A9955D5F1450}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{C88C785D-8EB2-3BD4-B4BB-6B261F4B46C8}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{CEB81839-B60D-3A2B-8445-EBD410FCBAD7}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{EBCB8E20-5468-300C-B4E5-61900BD9E341}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{EFC21CD6-B6E1-3A71-946C-73BB2F1F11CD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Ulli\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ulli\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ulli\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ulli\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ulli\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ulli\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ulli\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ulli\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ulli\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

28-01-2015 05:13:57 Windows Update
30-01-2015 09:39:32 DVDVideoSoftRestorePoint
02-02-2015 17:08:38 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1CD11D60-DFDF-4EEF-8083-EE201F4D4EFF} - System32\Tasks\{4B192C6B-1C4A-459B-A1B7-EB1D2C5DB14F} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/de/abandoninstall?page=tsMain
Task: {45583031-1E7F-4FBF-BAC7-71FA641308E2} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {754B7387-74BE-49B0-82D9-8C01B9902462} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3911576866-2457419995-2319590870-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {9120D1CD-EBE8-46B1-ADE5-9450B64AAC1E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)
Task: {C255F862-33C1-4647-A44D-BE1E81CEC1B4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-25] (Google Inc.)
Task: {D572FC10-7557-4D7C-982E-87B6103D6A56} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-25] (Google Inc.)
Task: {DB2D7868-DDCF-46EB-9414-9631A26C23C8} - System32\Tasks\{6A60C321-3331-4FFC-AB9A-94B4D0B8D123} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/de/abandoninstall?page=tsWLM
Task: {F6160409-8B3A-46EF-AA5B-2AA146EAB2B9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {FD49A7D5-46D3-4D71-8306-733B2368BACA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-10-24 09:36 - 2014-09-13 22:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-10-24 10:08 - 2011-08-22 13:44 - 01421216 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
2013-10-24 10:08 - 2012-07-30 10:48 - 01518504 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
2014-02-17 17:27 - 2013-06-03 13:06 - 03999512 _____ () C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
2014-06-04 15:51 - 2014-06-04 15:51 - 00692224 _____ () C:\Program Files (x86)\onlinebrief24.de\ebdhelper.exe
2014-06-09 08:25 - 2014-06-09 08:25 - 00059392 _____ () C:\Program Files\WindowsApps\CouchfunkGmbH.WM2014LiveApp_1.0.2.0_x64__3vz57y5v96hga\WM2014.exe
2013-08-22 08:19 - 2013-08-22 07:54 - 00792064 _____ () C:\Windows\system32\WinMetadata\Windows.UI.Xaml.winmd
2014-10-16 05:50 - 2014-10-16 05:50 - 01782784 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\3f4dc590466037f015f65bc07d1ea923\Windows.ApplicationModel.ni.dll
2014-06-09 08:25 - 2014-06-09 08:25 - 00150016 _____ () C:\Program Files\WindowsApps\CouchfunkGmbH.WM2014LiveApp_1.0.2.0_x64__3vz57y5v96hga\Couchfunk.Backend.DLL
2014-06-09 08:25 - 2014-06-09 08:25 - 00223744 _____ () C:\Program Files\WindowsApps\CouchfunkGmbH.WM2014LiveApp_1.0.2.0_x64__3vz57y5v96hga\Couchfunk.UIBase.DLL
2014-10-16 05:50 - 2014-10-16 05:50 - 00363520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll
2014-10-16 05:50 - 2014-10-16 05:50 - 01459712 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\4bd80968bf666252841ca7792faaff11\Windows.UI.ni.dll
2014-06-09 08:25 - 2014-06-09 08:25 - 00076288 _____ () C:\Program Files\WindowsApps\CouchfunkGmbH.WM2014LiveApp_1.0.2.0_x64__3vz57y5v96hga\Couchfunk.ViewModels.DLL
2013-08-22 08:19 - 2013-08-22 07:54 - 00121344 _____ () C:\Windows\system32\WinMetadata\Windows.Media.winmd
2013-08-22 08:19 - 2013-08-22 07:54 - 00054784 _____ () C:\Windows\system32\WinMetadata\Windows.Globalization.winmd
2014-06-09 08:25 - 2014-06-09 08:25 - 00014848 _____ () C:\Program Files\WindowsApps\CouchfunkGmbH.WM2014LiveApp_1.0.2.0_x64__3vz57y5v96hga\Couchfunk.WebApi.DLL
2014-06-09 08:25 - 2014-06-09 08:25 - 00034304 _____ () C:\Program Files\WindowsApps\CouchfunkGmbH.WM2014LiveApp_1.0.2.0_x64__3vz57y5v96hga\GoogleAnalytics.winmd
2014-06-09 08:25 - 2014-06-09 08:25 - 00047616 _____ () C:\Program Files\WindowsApps\CouchfunkGmbH.WM2014LiveApp_1.0.2.0_x64__3vz57y5v96hga\GoogleAnalytics.Core.winmd
2014-10-16 05:50 - 2014-10-16 05:50 - 01278464 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Storage\f9ac074d298db459c5eff6d3256861c8\Windows.Storage.ni.dll
2014-10-16 05:50 - 2014-10-16 05:50 - 00632320 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Security\c7f6d022c5d5aec4891cb6b3b9934336\Windows.Security.ni.dll
2014-10-16 05:50 - 2014-10-16 05:50 - 00521216 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Data\fae2b750f87849ca11806d20b2504bf2\Windows.Data.ni.dll
2013-08-22 08:19 - 2013-08-22 07:54 - 00112640 _____ () C:\Windows\system32\WinMetadata\Windows.Networking.winmd
2013-08-22 08:19 - 2013-08-22 07:54 - 00020480 _____ () C:\Windows\system32\WinMetadata\Windows.System.winmd
2013-08-22 08:19 - 2013-08-22 07:54 - 00049664 _____ () C:\Windows\system32\WinMetadata\Windows.Graphics.winmd
2013-08-22 08:19 - 2013-08-22 07:54 - 00169472 _____ () C:\Windows\system32\WinMetadata\Windows.Devices.winmd
2014-08-05 07:27 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 9.0\ouservice\PATCHW32.dll
2014-02-17 17:27 - 2013-06-03 13:06 - 09907712 _____ () C:\Program Files (x86)\Tobit Radio.fx\Client\TOBITCLT.dll
2014-02-17 17:27 - 2013-05-16 14:28 - 00242688 _____ () C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-client$.ger
2015-02-03 15:52 - 2015-02-03 15:52 - 00098816 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\win32api.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00110080 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\pywintypes27.dll
2015-02-03 15:52 - 2015-02-03 15:52 - 00364544 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\pythoncom27.dll
2015-02-03 15:52 - 2015-02-03 15:52 - 00045568 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\_socket.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 01160704 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\_ssl.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00320512 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\win32com.shell.shell.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00713216 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\_hashlib.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 01175040 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\wx._core_.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00805888 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\wx._gdi_.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00811008 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\wx._windows_.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 01062400 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\wx._controls_.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00735232 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\wx._misc_.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00557056 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\pysqlite2._sqlite.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00128512 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\_elementtree.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00127488 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\pyexpat.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00087552 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\_ctypes.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00119808 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\win32file.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00108544 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\win32security.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00007168 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\hashobjs_ext.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00167936 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\win32gui.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00018432 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\win32event.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00038912 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\win32inet.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00011264 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\win32crypt.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00070656 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\wx._html2.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00027136 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\_multiprocessing.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00035840 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\win32process.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00686080 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\unicodedata.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00122368 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\wx._wizard.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00024064 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\win32pipe.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00025600 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\win32pdh.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00525640 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\windows._lib_cacheinvalidation.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00010240 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\select.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00017408 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\win32profile.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00022528 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\win32ts.pyd
2015-02-03 15:52 - 2015-02-03 15:52 - 00078336 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI65482\wx._animate.pyd
2013-10-24 09:56 - 2013-08-05 08:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Ulli\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-03 15:53 - 2015-02-03 15:53 - 00043008 _____ () c:\users\ulli\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpibb4lt.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Ulli\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Ulli\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Ulli\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-01-31 01:33 - 2015-01-27 04:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll
2015-01-31 01:33 - 2015-01-27 04:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll
2014-01-26 11:52 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-01-31 01:33 - 2015-01-27 04:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll
2013-10-24 09:26 - 2013-09-04 00:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-12-05 17:32 - 2007-10-01 15:35 - 00155648 ____N () C:\NLBW\Programm\axberega.DLL
2015-01-31 01:33 - 2015-01-27 04:44 - 14913864 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Ulli\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\StartupApproved\StartupFolder: => "Logitech . Produktregistrierung.lnk"
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "Logitech . Produktregistrierung.lnk"

========================= Accounts: ==========================

Administrator (S-1-5-21-3911576866-2457419995-2319590870-500 - Administrator - Disabled)
Gast (S-1-5-21-3911576866-2457419995-2319590870-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3911576866-2457419995-2319590870-1004 - Limited - Enabled)
Ulli (S-1-5-21-3911576866-2457419995-2319590870-1002 - Administrator - Enabled) => C:\Users\Ulli

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/04/2015 04:21:37 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (02/03/2015 09:39:28 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MEDION_AKOYA)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/02/2015 05:10:36 PM) (Source: MsiInstaller) (EventID: 1013) (User: MEDION_AKOYA)
Description: Produkt: TuneUp Utilities 2014 -- Ungültiger Produktschlüssel

Error: (02/02/2015 05:03:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Power2Go8.exe, Version: 8.0.0.3202, Zeitstempel: 0x51fbbccc
Name des fehlerhaften Moduls: Power2Go8.exe, Version: 8.0.0.3202, Zeitstempel: 0x51fbbccc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001eb4d
ID des fehlerhaften Prozesses: 0x1d68
Startzeit der fehlerhaften Anwendung: 0xPower2Go8.exe0
Pfad der fehlerhaften Anwendung: Power2Go8.exe1
Pfad des fehlerhaften Moduls: Power2Go8.exe2
Berichtskennung: Power2Go8.exe3
Vollständiger Name des fehlerhaften Pakets: Power2Go8.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Power2Go8.exe5

Error: (02/02/2015 05:14:03 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (02/02/2015 05:11:14 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (02/01/2015 02:33:41 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (01/30/2015 10:30:32 AM) (Source: MsiInstaller) (EventID: 1013) (User: MEDION_AKOYA)
Description: Produkt: TuneUp Utilities 2014 -- Ungültiger Produktschlüssel

Error: (01/30/2015 09:47:32 AM) (Source: MsiInstaller) (EventID: 1013) (User: MEDION_AKOYA)
Description: Produkt: TuneUp Utilities 2014 -- Ungültiger Produktschlüssel

Error: (01/30/2015 09:43:42 AM) (Source: MsiInstaller) (EventID: 1013) (User: MEDION_AKOYA)
Description: Produkt: TuneUp Utilities 2014 -- Ungültiger Produktschlüssel


System errors:
=============
Error: (02/04/2015 03:09:47 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "SPEEDPORT.IP",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{48DB9C58-752C-400A-845E-0F672BF8456B}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (02/03/2015 03:52:19 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "SPEEDPORT.IP" zum Namen "MEDION_AKOYA" auf Transport "NetBT_Tcpip_{2DD379D7-8B65-4001-A248-2010D0D2803D}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (02/03/2015 03:29:08 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "SPEEDPORT.IP" zum Namen "MEDION_AKOYA" auf Transport "NetBT_Tcpip_{2DD379D7-8B65-4001-A248-2010D0D2803D}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (02/03/2015 02:46:33 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "SPEEDPORT.IP" zum Namen "MEDION_AKOYA" auf Transport "NetBT_Tcpip_{2DD379D7-8B65-4001-A248-2010D0D2803D}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (02/03/2015 08:48:57 AM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "SPEEDPORT.IP" zum Namen "MEDION_AKOYA" auf Transport "NetBT_Tcpip_{2DD379D7-8B65-4001-A248-2010D0D2803D}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (01/31/2015 11:25:34 AM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (01/31/2015 11:25:18 AM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (01/31/2015 11:25:12 AM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (01/31/2015 11:25:06 AM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (01/31/2015 11:24:58 AM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.


Microsoft Office Sessions:
=========================
Error: (02/04/2015 04:21:37 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: c:\Users\Ulli\AppData\Roaming\programme\smarttools\excel jahreskalender 2015\adxloader.dll.Manifestc:\Users\Ulli\AppData\Roaming\programme\smarttools\excel jahreskalender 2015\adxloader.dll.Manifest2

Error: (02/03/2015 09:39:28 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MEDION_AKOYA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927142

Error: (02/02/2015 05:10:36 PM) (Source: MsiInstaller) (EventID: 1013) (User: MEDION_AKOYA)
Description: Produkt: TuneUp Utilities 2014 -- Ungültiger Produktschlüssel(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/02/2015 05:03:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Power2Go8.exe8.0.0.320251fbbcccPower2Go8.exe8.0.0.320251fbbcccc00000050001eb4d1d6801d03d3f2d711983C:\Program Files (x86)\CyberLink\Power2Go8\Power2Go8.exeC:\Program Files (x86)\CyberLink\Power2Go8\Power2Go8.exe0ae1d54a-aaf5-11e4-82bf-d43d7eb05526

Error: (02/02/2015 05:14:03 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: c:\Users\Ulli\AppData\Roaming\programme\smarttools\excel jahreskalender 2015\adxloader.dll.Manifestc:\Users\Ulli\AppData\Roaming\programme\smarttools\excel jahreskalender 2015\adxloader.dll.Manifest2

Error: (02/02/2015 05:11:14 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: c:\Users\Ulli\AppData\Roaming\programme\smarttools\excel jahreskalender 2015\adxloader.dll.Manifestc:\Users\Ulli\AppData\Roaming\programme\smarttools\excel jahreskalender 2015\adxloader.dll.Manifest2

Error: (02/01/2015 02:33:41 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: c:\Users\Ulli\AppData\Roaming\programme\smarttools\excel jahreskalender 2015\adxloader.dll.Manifestc:\Users\Ulli\AppData\Roaming\programme\smarttools\excel jahreskalender 2015\adxloader.dll.Manifest2

Error: (01/30/2015 10:30:32 AM) (Source: MsiInstaller) (EventID: 1013) (User: MEDION_AKOYA)
Description: Produkt: TuneUp Utilities 2014 -- Ungültiger Produktschlüssel(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/30/2015 09:47:32 AM) (Source: MsiInstaller) (EventID: 1013) (User: MEDION_AKOYA)
Description: Produkt: TuneUp Utilities 2014 -- Ungültiger Produktschlüssel(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/30/2015 09:43:42 AM) (Source: MsiInstaller) (EventID: 1013) (User: MEDION_AKOYA)
Description: Produkt: TuneUp Utilities 2014 -- Ungültiger Produktschlüssel(NULL)(NULL)(NULL)(NULL)(NULL)


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 25%
Total physical RAM: 12244.35 MB
Available physical RAM: 9097.91 MB
Total Pagefile: 14100.35 MB
Available Pagefile: 10496.48 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:1801.3 GB) (Free:1463.48 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:45.04 GB) NTFS
Drive g: () (Removable) (Total:0.99 GB) (Free:0.87 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 1009 MB) (Disk ID: 004FA16F)
Partition 1: (Active) - (Size=1009 MB) - (Type=06)

==================== End Of Log ============================
         

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 03.02.2015
Scan Time: 14:56:22
Logfile: anti-malware.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.03.05
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Ulli

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 390720
Time Elapsed: 23 min, 5 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 6
PUP.Optional.FindPositive.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{30c85a3d-1d96-4589-b63f-91fb7ef45a41}, Quarantined, [66abca50e0aab97d34397c7b27db2ed2], 
PUP.Optional.FindPositive.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{63c63464-1423-4fdb-ba5d-6f75f491c63e}, Quarantined, [66abca50e0aab97d34397c7b27db2ed2], 
PUP.Optional.FindPositive.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{50F60937-910A-4C05-8E36-FE4E299191CF}, Quarantined, [66abca50e0aab97d34397c7b27db2ed2], 
PUP.Optional.FindPositive.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{50F60937-910A-4C05-8E36-FE4E299191CF}, Quarantined, [66abca50e0aab97d34397c7b27db2ed2], 
PUP.Optional.FindPositive.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{63c63464-1423-4fdb-ba5d-6f75f491c63e}, Quarantined, [66abca50e0aab97d34397c7b27db2ed2], 
PUP.Optional.FindPositive.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{30C85A3D-1D96-4589-B63F-91FB7EF45A41}, Quarantined, [66abca50e0aab97d34397c7b27db2ed2], 

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 9
PUP.Optional.Bunndle, C:\Program Files\CamStudio 2.7\BunndleOfferManager.exe, Quarantined, [a56ca3771d6de94dfe73302d52ae58a8], 
PUP.Optional.Conduit.A, C:\Users\Ulli\AppData\Local\Temp\nsj22DD.exe, Quarantined, [41d09f7bb1d938fee07b8c1ca061a858], 
PUP.Optional.SkyTech.A, C:\Users\Ulli\AppData\Local\Temp\268487171\268487171.zipDir\alilog.dll, Quarantined, [ef220812a3e715219fc8976404fd0af6], 
PUP.Optional.V9.A, C:\Users\Ulli\AppData\Local\Temp\268487171\268487171.zipDir\qSE.exe, Quarantined, [50c136e48dfd54e283a9fd4ce020ed13], 
PUP.Optional.Skytech.A, C:\Users\Ulli\AppData\Local\Temp\268487171\268487171.zipDir\UninstallManager.exe, Quarantined, [29e86fabc1c946f0d1fbe6c5a55c0ff1], 
PUP.Optional.IePluginService.A, C:\Users\Ulli\AppData\Local\Temp\268487171\268487171.zipDir\tmp\SupTab_Setup302.exe, Quarantined, [08098694157561d5c61bbdbeb1509967], 
PUP.Optional.SmileysWeLove.A, C:\Users\Ulli\AppData\Local\Temp\bhfiles\IEOpenServiceHelper.exe, Quarantined, [36db2af0aae0a5918eb979361ee3b64a], 
PUP.Adware.Agent, C:\Users\Ulli\AppData\Local\Temp\PositiveFinds\Setup.exe, Quarantined, [f61bf228eaa0bc7afad0e5217b857e82], 
PUP.Optional.PositiveFind.A, C:\Users\Ulli\AppData\Roaming\Mozilla\Firefox\Profiles\9eur0fyz.default\extensions\{29e2f58a-a791-4ede-8083-4f6919d1cb6d}.xpi, Quarantined, [ee23f426acde6ccaf1414839b350f010], 

Physical Sectors: 0
(No malicious items detected)


(end)
         

Alt 04.02.2015, 16:00   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Positive Finds - Windows 8.1 - Standard

Positive Finds - Windows 8.1



Hi und

Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 04.02.2015, 16:22   #3
UlliLang
 
Positive Finds - Windows 8.1 - Standard

Positive Finds - Windows 8.1



[CODEAdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.109 - Bericht erstellt am 04/02/2015 um 16:08:05
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-02-03.1 [Live]
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : Ulli - MEDION_AKOYA
# Gestartet von : C:\Users\Ulli\Desktop\AdwCleaner_4.109 (1).exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Ulli\AppData\Roaming\Tobit
Datei Gelöscht : C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v35.0.1 (x86 de)


-\\ Google Chrome v40.0.2214.94


-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [1276 octets] - [04/06/2014 18:13:50]
AdwCleaner[R1].txt - [8249 octets] - [20/06/2014 12:02:03]
AdwCleaner[R2].txt - [5318 octets] - [09/12/2014 07:24:52]
AdwCleaner[R3].txt - [2049 octets] - [03/02/2015 14:43:12]
AdwCleaner[R4].txt - [1896 octets] - [04/02/2015 16:04:21]
AdwCleaner[R5].txt - [1956 octets] - [04/02/2015 16:06:22]
AdwCleaner[S0].txt - [1337 octets] - [04/06/2014 18:15:56]
AdwCleaner[S1].txt - [5893 octets] - [20/06/2014 12:02:32]
AdwCleaner[S2].txt - [4957 octets] - [09/12/2014 07:27:16]
AdwCleaner[S3].txt - [2110 octets] - [03/02/2015 14:45:21]
AdwCleaner[S4].txt - [1877 octets] - [04/02/2015 16:08:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1937 octets] ##########
         
--- --- ---
][/CODE]


Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x64
Ran by Ulli on 04.02.2015 at 16:14:32,39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Users\Ulli\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Ulli\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.02.2015 at 16:16:55,42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

[CODE
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Ulli (administrator) on MEDION_AKOYA on 04-02-2015 16:18:36
Running from C:\Users\Ulli\Desktop
Loaded Profiles: Ulli (Available profiles: Ulli)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Tobit.Software) C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Pervasive Software Inc.) C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Dropbox, Inc.) C:\Users\Ulli\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\onlinebrief24.de\ebdhelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Thisisu) C:\Users\Ulli\Desktop\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [onlinebrief24-ebdhelper] => C:\Program Files (x86)\onlinebrief24.de\ebdhelper.exe [692224 2014-06-04] ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\Run: [rfxsrvtray] => C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\Run: [Google+ Auto Backup] => "C:\Users\Ulli\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\Run: [Power2GoExpress8] => NA
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\Run: [GoogleChromeAutoLaunch_F6A3317DD97F8A33E96BB46D3400FE8F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-27] (Google Inc.)
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\MountPoints2: {0b5c7df5-802c-11e4-82b7-d43d7eb05526} - "H:\startme.exe" 
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\MountPoints2: {79540f5c-8591-11e4-82b7-d43d7eb05526} - "I:\Startme.exe" 
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\MountPoints2: {90aa118e-87e7-11e3-8275-801f02ddb352} - "H:\setup64.exe" 
HKU\S-1-5-18\...\Run: [AppLauncher] => C:\Program Files (x86)\Ashampoo\Ashampoo AppLauncher\AppLauncher.exe [969632 2012-08-10] (Ashampoo)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Radio.fx.LNK
ShortcutTarget: Radio.fx.LNK -> C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-client.exe (Tobit.Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start Pervasive PSQL Workgroup Engine.lnk
ShortcutTarget: Start Pervasive PSQL Workgroup Engine.lnk -> C:\Windows\Installer\{0A3238D7-AB32-1010-B717-F3E3F18B4A8C}\WGE.14A03FCD_EA43_4130_A5C0_F02D38895A13.exe ()
Startup: C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ulli\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: ExplorerWatcher Class -> {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -> C:\Program Files (x86)\Clover\TabHelper64.dll (EJIE Technology)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files (x86)\ANDI 2014\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Ulli\AppData\Roaming\Mozilla\Firefox\Profiles\qlcv7kpz.default-1422973342051
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3911576866-2457419995-2319590870-1002: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-01-26]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3331400&octid=EB_ORIGINAL_CTID&ISID=MD18EECA1-4517-42A2-AE45-14F39DFA3445&SearchSource=55&CUI=&UM=6&UP=SPA6D04EAA-1147-47E8-BCE3-13A979B2B086&SSPV=
CHR StartupUrls: Default -> "https://mail.google.com/mail/u/0/#inbox", "chrome://newtab/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-06]
CHR Extension: (Google Docs) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-25]
CHR Extension: (Google Drive) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-25]
CHR Extension: (Adblock Plus) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-23]
CHR Extension: (Google-Suche) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-25]
CHR Extension: (Ultimate Google Docs Viewer) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\edgbhipncfdgcekflcoelhmnkcfdfjcl [2014-01-25]
CHR Extension: (Google Kalender) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-01-25]
CHR Extension: (Google Tabellen) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-06]
CHR Extension: (Avira Browserschutz) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-03-07]
CHR Extension: (AdBlock) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-25]
CHR Extension: (IE Tab) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2014-06-13]
CHR Extension: (Blogger) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejliakmhcfhakneflmicaoikhbicggc [2014-01-25]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-06]
CHR Extension: (Google Mail-Checker) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-01-25]
CHR Extension: (Google Wallet) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-25]
CHR Extension: (Google Quick Scroll) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2014-01-25]
CHR Extension: (Picasa) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-01-25]
CHR Extension: (Google Mail) - C:\Users\Ulli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-25]
CHR HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACT2_Service; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe [1421216 2011-08-22] ()
R2 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [1518504 2012-07-30] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation)
R2 hasplms; C:\Windows\system32\hasplms.exe [4683144 2014-06-02] (SafeNet Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-02-03] (SurfRight B.V.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation)
R2 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACT2PM; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys [15160 2011-06-10] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331608 2014-06-02] (SafeNet Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )
S3 USBTINSP; C:\Windows\System32\drivers\tinspusb.sys [142848 2010-03-29] (Texas Instruments)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 X86BDA; C:\Windows\system32\DRIVERS\OEMDrv.sys [268416 2011-06-08] ( )

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 16:16 - 2015-02-04 16:16 - 00000911 _____ () C:\Users\Ulli\Desktop\JRT.txt
2015-02-04 16:12 - 2015-02-04 16:12 - 01388274 _____ (Thisisu) C:\Users\Ulli\Desktop\JRT.exe
2015-02-04 16:09 - 2015-02-04 16:09 - 00000000 ____D () C:\Users\Ulli\AppData\Roaming\Tobit
2015-02-04 16:03 - 2015-02-04 16:03 - 02194432 _____ () C:\Users\Ulli\Desktop\AdwCleaner_4.109 (1).exe
2015-02-04 15:53 - 2015-02-04 15:53 - 00003328 _____ () C:\Users\Ulli\Desktop\anti-malware.txt
2015-02-04 15:26 - 2015-02-04 16:18 - 00025553 _____ () C:\Users\Ulli\Desktop\FRST.txt
2015-02-04 15:26 - 2015-02-04 15:26 - 00045627 _____ () C:\Users\Ulli\Desktop\Addition.txt
2015-02-04 15:26 - 2015-02-04 15:23 - 02131456 _____ (Farbar) C:\Users\Ulli\Desktop\FRST64.exe
2015-02-04 15:23 - 2015-02-04 16:18 - 00000000 ____D () C:\FRST
2015-02-03 15:50 - 2015-02-03 15:50 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-02-03 15:38 - 2015-02-03 15:38 - 00001925 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-02-03 15:38 - 2015-02-03 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-02-03 15:38 - 2015-02-03 15:38 - 00000000 ____D () C:\Program Files\HitmanPro
2015-02-03 15:37 - 2015-02-03 15:50 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-03 15:22 - 2015-02-03 15:22 - 00000000 ____D () C:\Users\Ulli\Desktop\Alte Firefox-Daten
2015-02-03 14:55 - 2015-02-04 15:52 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-03 14:55 - 2015-02-03 14:55 - 00001122 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-03 14:55 - 2015-02-03 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-03 14:55 - 2015-02-03 14:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-03 14:55 - 2015-02-03 14:55 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-03 14:55 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-03 14:55 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-03 14:55 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-02 17:09 - 2015-02-02 17:09 - 00000987 _____ () C:\Users\Public\Desktop\CDex.lnk
2015-02-02 17:09 - 2015-02-02 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDex
2015-02-02 17:08 - 2015-02-03 08:48 - 00000000 ____D () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
2015-01-31 11:13 - 2015-02-02 17:04 - 00000040 _____ () C:\Users\Ulli\AppData\Roaming\cdr.ini
2015-01-31 11:13 - 2015-01-31 11:13 - 00001018 _____ () C:\Users\Ulli\Desktop\Free CD to MP3 Converter.lnk
2015-01-31 11:13 - 2015-01-31 11:13 - 00000000 ____D () C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CD to MP3 Freeware
2015-01-31 11:13 - 2015-01-31 11:13 - 00000000 ____D () C:\Users\Ulli\AppData\Roaming\Eusing
2015-01-31 11:13 - 2015-01-31 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CD to MP3 Freeware
2015-01-31 11:13 - 2015-01-31 11:13 - 00000000 ____D () C:\Program Files (x86)\CD to MP3 Freeware
2015-01-31 11:13 - 2001-03-23 16:29 - 00880912 _____ (Microsoft Corporation) C:\Windows\WM8EUTIL.exe
2015-01-31 11:12 - 2015-01-31 11:12 - 01906385 _____ () C:\Users\Ulli\Downloads\cdtomp3freeware.exe
2015-01-30 10:29 - 2015-02-02 17:09 - 00000000 ____D () C:\Program Files (x86)\CDex
2015-01-30 10:29 - 2015-01-30 10:29 - 00000000 ____D () C:\Users\Ulli\AppData\Local\CDex
2015-01-30 09:38 - 2015-01-30 09:46 - 00000000 ____D () C:\Users\Ulli\AppData\Roaming\DVDVideoSoft
2015-01-28 13:39 - 2015-01-28 13:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-14 13:21 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 13:21 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 13:21 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-14 13:21 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 13:21 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 13:21 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-14 13:21 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 13:21 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 13:21 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 13:21 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 13:21 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 13:21 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 13:21 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 13:21 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 13:21 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-14 13:21 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-14 13:21 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-14 13:21 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-14 13:21 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-14 13:21 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-14 13:21 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-14 13:21 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-14 13:21 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-14 13:21 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 13:21 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 13:21 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 13:21 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-14 13:21 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-14 13:21 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 13:21 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 13:21 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 16:17 - 2014-09-19 17:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-04 16:10 - 2014-02-26 17:27 - 00000000 ____D () C:\Users\Ulli\Tracing
2015-02-04 16:10 - 2014-02-11 12:38 - 00000000 ___RD () C:\Users\Ulli\Documents\Google Drive
2015-02-04 16:10 - 2014-01-25 14:41 - 00000000 ___RD () C:\Users\Ulli\Dropbox
2015-02-04 16:10 - 2014-01-25 14:38 - 00000000 ____D () C:\Users\Ulli\AppData\Roaming\Dropbox
2015-02-04 16:09 - 2014-11-03 10:50 - 00000106 _____ () C:\Windows\system32\mfilemon.log
2015-02-04 16:09 - 2014-01-25 11:50 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-04 16:09 - 2014-01-25 11:47 - 00000000 ___DO () C:\Users\Ulli\SkyDrive
2015-02-04 16:08 - 2014-06-04 18:13 - 00000000 ____D () C:\AdwCleaner
2015-02-04 16:08 - 2013-10-24 09:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-04 16:08 - 2013-09-12 11:53 - 00163056 _____ () C:\Windows\PFRO.log
2015-02-04 16:08 - 2013-08-22 15:46 - 00111482 _____ () C:\Windows\setupact.log
2015-02-04 16:08 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-04 16:08 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-02-04 16:03 - 2014-09-26 15:07 - 00008704 ___SH () C:\Users\Ulli\Desktop\Thumbs.db
2015-02-04 16:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-04 15:31 - 2014-01-25 11:50 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-04 15:25 - 2014-01-25 12:26 - 00000000 ____D () C:\Users\Ulli\Downloads\Programme
2015-02-04 15:23 - 2013-12-19 10:46 - 01823947 _____ () C:\Windows\WindowsUpdate.log
2015-02-04 04:48 - 2014-01-26 10:01 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0
2015-02-03 20:27 - 2013-09-12 12:28 - 00765378 _____ () C:\Windows\system32\perfh007.dat
2015-02-03 20:27 - 2013-09-12 12:28 - 00159696 _____ () C:\Windows\system32\perfc007.dat
2015-02-03 20:27 - 2013-09-12 12:00 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-03 17:24 - 2014-01-25 11:51 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3911576866-2457419995-2319590870-1002
2015-02-03 17:11 - 2014-01-25 14:49 - 00000000 ____D () C:\Users\Ulli\Documents\Ulli
2015-02-03 15:28 - 2014-02-03 17:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-03 15:20 - 2014-05-12 19:00 - 00000000 ____D () C:\Program Files\CamStudio 2.7
2015-02-03 10:27 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-02 17:10 - 2014-12-08 13:29 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-01-31 01:33 - 2014-01-25 11:51 - 00002199 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-30 10:34 - 2014-01-25 12:25 - 00000432 _____ () C:\Windows\BRWMARK.INI
2015-01-30 10:34 - 2014-01-25 12:25 - 00000034 _____ () C:\Windows\SysWOW64\BD7420.DAT
2015-01-30 10:29 - 2014-01-25 17:16 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-30 09:43 - 2014-01-26 10:17 - 00000000 ____D () C:\Users\Ulli\StarMoney 9
2015-01-30 09:36 - 2014-10-30 17:23 - 00000000 ____D () C:\Program Files (x86)\Free mp3 Wma Converter
2015-01-29 16:31 - 2014-01-25 14:49 - 00000000 ____D () C:\Users\Ulli\Documents\Betrieb
2015-01-28 05:16 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-27 21:34 - 2014-01-25 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-26 11:06 - 2014-01-27 12:33 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-26 11:06 - 2014-01-26 12:03 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-26 11:05 - 2014-11-10 16:53 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-26 11:05 - 2014-11-10 16:53 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-26 11:05 - 2014-11-10 16:53 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-26 11:05 - 2014-11-10 16:53 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-26 11:05 - 2014-11-10 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-26 10:51 - 2014-01-25 14:15 - 00000000 ___RD () C:\Users\Ulli\Desktop\das war dabei
2015-01-24 21:20 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 21:17 - 2014-09-19 17:12 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-19 09:13 - 2014-01-25 14:46 - 00000000 ____D () C:\Users\Ulli\Documents\Mieter
2015-01-15 00:12 - 2014-06-19 18:13 - 00000028 _____ () C:\Windows\ODBC.INI
2015-01-14 13:51 - 2014-01-26 18:27 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 13:46 - 2014-01-26 18:27 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-05 13:09 - 2014-02-26 17:28 - 00000000 ____D () C:\Users\Ulli\AppData\Roaming\Windows Live Writer

==================== Files in the root of some directories =======

2014-05-12 19:04 - 2014-05-23 14:54 - 0000096 _____ () C:\Users\Ulli\AppData\Roaming\Camdata.ini
2014-05-12 19:04 - 2014-05-23 14:54 - 0000408 _____ () C:\Users\Ulli\AppData\Roaming\CamLayout.ini
2014-05-12 19:04 - 2014-05-23 14:54 - 0000408 _____ () C:\Users\Ulli\AppData\Roaming\CamShapes.ini
2014-05-12 19:04 - 2014-05-23 14:54 - 0004547 _____ () C:\Users\Ulli\AppData\Roaming\CamStudio.cfg
2015-01-31 11:13 - 2015-02-02 17:04 - 0000040 _____ () C:\Users\Ulli\AppData\Roaming\cdr.ini
2014-05-12 19:02 - 2014-05-23 14:36 - 0000096 _____ () C:\Users\Ulli\AppData\Roaming\version2.xml
2014-01-27 18:20 - 2014-01-28 00:16 - 0003584 _____ () C:\Users\Ulli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-24 09:46 - 2013-10-24 09:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-10-24 09:58 - 2013-10-24 09:58 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-10-24 09:52 - 2013-10-24 09:56 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-10-24 09:51 - 2013-10-24 09:51 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-10-24 09:57 - 2013-10-24 09:58 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
2013-10-24 09:51 - 2013-10-24 09:52 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log
2013-10-24 09:56 - 2013-10-24 09:56 - 0000110 _____ () C:\ProgramData\{E3D04529-6EDB-11D8-A372-0050BAE317E1}.log

Some content of TEMP:
====================
C:\Users\Ulli\AppData\Local\Temp\2630_3.22.1095_117Y.exe
C:\Users\Ulli\AppData\Local\Temp\amazonicon_v5.exe
C:\Users\Ulli\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Ulli\AppData\Local\Temp\AppLauncher.exe
C:\Users\Ulli\AppData\Local\Temp\avgnt.exe
C:\Users\Ulli\AppData\Local\Temp\COMAP.EXE
C:\Users\Ulli\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbggbjd.dll
C:\Users\Ulli\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Ulli\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Ulli\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Ulli\AppData\Local\Temp\FreeAudioConverter.exe
C:\Users\Ulli\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Ulli\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Ulli\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Ulli\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Ulli\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Ulli\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Ulli\AppData\Local\Temp\ms.exe
C:\Users\Ulli\AppData\Local\Temp\ose00000.exe
C:\Users\Ulli\AppData\Local\Temp\Quarantine.exe
C:\Users\Ulli\AppData\Local\Temp\repair4.exe
C:\Users\Ulli\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Ulli\AppData\Local\Temp\sdapskill.exe
C:\Users\Ulli\AppData\Local\Temp\sdaspwn.exe
C:\Users\Ulli\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Ulli\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Ulli\AppData\Local\Temp\sqlite3.dll
C:\Users\Ulli\AppData\Local\Temp\vlc-2.1.4-win64.exe
C:\Users\Ulli\AppData\Local\Temp\vlc-2.1.5-win64.exe
C:\Users\Ulli\AppData\Local\Temp\_isD299.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-04 04:19

==================== End Of Log ============================
         
--- --- ---
][/CODE]


__________________

Alt 04.02.2015, 16:38   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Positive Finds - Windows 8.1 - Standard

Positive Finds - Windows 8.1



Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.02.2015, 16:42   #5
UlliLang
 
Positive Finds - Windows 8.1 - Standard

Positive Finds - Windows 8.1



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Ulli at 2015-02-04 16:41:44
Running from C:\Users\Ulli\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 VIDEO DVR (HKLM-x32\...\{EBD0EE76-2CFC-4EE5-AFE6-7EEAA3B14332}) (Version: 2012.04.17 - -)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Agrilog (HKLM-x32\...\de.bertelsmann.agrilog.AgrilogPortal) (Version: 0.9.0 - UNKNOWN)
Agrilog (x32 Version: 0.9.0 - UNKNOWN) Hidden
ANDI 2014 (HKLM-x32\...\{4BA6AC5A-A6E5-457F-BE5B-23FBE3D20650}) (Version: 6.0.4 - LGLN Hannover)
Ashampoo AppLauncher v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 11 v.11.0.4 (HKLM-x32\...\Ashampoo Burning Studio 11_is1) (Version: 11.0.4 - Ashampoo GmbH & Co. KG)
Ashampoo Core Tuner 2 v.2.0.1 (HKLM-x32\...\Ashampoo Core Tuner 2_is1) (Version: 2.01 - Ashampoo GmbH & Co. KG)
Ashampoo GetBack Photo v.1.0.1 (HKLM-x32\...\Ashampoo GetBack Photo_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo HDD Control 2 v.2.1.0 (HKLM-x32\...\Ashampoo HDD Control 2_is1) (Version: 2.1.0 - Ashampoo GmbH & Co. KG)
Ashampoo Music Studio 4 v.4.0.1 (HKLM-x32\...\Ashampoo Music Studio 4_is1) (Version: 4.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander 10 v.10.1.3 (HKLM-x32\...\Ashampoo Photo Commander 10_is1) (Version: 10.1.3 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer 5 v.5.1.2 (HKLM-x32\...\Ashampoo Photo Optimizer 5_is1) (Version: 5.1.2 - Ashampoo GmbH & Co. KG)
Ashampoo Slideshow Studio HD 2 v.2.0.5 (HKLM-x32\...\Ashampoo Slideshow Studio HD 2_is1) (Version: 2.0.5 - Ashampoo GmbH & Co. KG)
Ashampoo Snap 5 v.5.1.5 (HKLM-x32\...\Ashampoo Snap 5_is1) (Version: 5.1.5 - Ashampoo GmbH & Co. KG)
Ashampoo UnInstaller 4 v.4.30 (HKLM-x32\...\Ashampoo UnInstaller 4_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG)
Ashampoo Video Styler v.1.0.1 (HKLM-x32\...\Ashampoo Video Styler_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 9 v.9.04.31 (HKLM-x32\...\Ashampoo WinOptimizer 9_is1) (Version: 9.04.31 - Ashampoo GmbH & Co. KG)
Avira (HKLM-x32\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Brother MFL-Pro Suite MFC-7420 (HKLM-x32\...\{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
calibre (HKLM-x32\...\{E1E819A4-112C-454D-A3BE-FB58C60A2D80}) (Version: 1.40.0 - Kovid Goyal)
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.77.0.2015 - Georgy Berdyshev)
Clover 3.0 (HKLM-x32\...\Clover) (Version: 3.0 - )
CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.0913 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.0913 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Farm Works Office (x32 Version: 2013.0.0526 - Trimble Navigation) Hidden
FarmPilotDispo (HKLM-x32\...\de.bertelsmann.farmpilot.FarmPilotDispo) (Version: 4.0.8 - UNKNOWN)
FarmPilotDispo (x32 Version: 4.0.8 - UNKNOWN) Hidden
FarmPilotFlotte (HKLM-x32\...\de.bertelsmann.farmpilot.FarmPilotFlotte) (Version: 4.0.10 - UNKNOWN)
FarmPilotFlotte (x32 Version: 4.0.10 - UNKNOWN) Hidden
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotosizer 2.09 (HKLM-x32\...\Fotosizer) (Version: 2.09.0.548 - Fotosizer.com)
Fotótár (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free CD to MP3 Converter (HKLM-x32\...\Free CD to MP3 Converter) (Version:  - Eusing Software)
FWAgDataFodd (HKLM-x32\...\{7A7578D3-B27B-4C2A-9C75-761E973C7782}) (Version: 1.0.28 - Farm Works Software)
FWLsbFOD (HKLM-x32\...\{37C6F31A-4ED1-4DFD-ADC0-31F02D77CE80}) (Version: 1.0.4 - Farm Works Software)
FWVygFOD (HKLM-x32\...\{4EC95BF9-674C-4FB6-94C1-56E2BE8979EE}) (Version: 1.0.74 - Farm Works Software)
Galeria de Fotografias (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Geogrid®-Viewer (x32 Version: 6.3.2.0000 - EADS Deutschland GmbH) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Greenshot 1.1.9.13 (HKLM\...\Greenshot_is1) (Version: 1.1.9.13 - Greenshot)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
honestech VHS to DVD 2.0 SE (HKLM-x32\...\{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}) (Version: 2.0 - honestech)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Joe (HKLM-x32\...\{0AD3DEBC-5321-457E-8B43-8F546940169B}) (Version: 4.00.0050 - Wirth IT Design)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla)
Mp3tag v2.62 (HKLM-x32\...\Mp3tag) (Version: v2.62 - Florian Heidenreich)
MSXML 4.0 SP2 (KB941833) (HKLM-x32\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1812 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
NVIDIA 3D Vision Controller-Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 344.11 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office (HKLM-x32\...\{0B1D6943-B40D-4C1A-81B5-8038AC7DA5E4}) (Version: 2013.0.0526 - )
onlinebrief24.de (HKLM-x32\...\eBriefdienst-onlinebrief24) (Version:  - )
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
PDF24 Creator 6.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.0 - Tracker Software Products Ltd)
Pervasive PSQL v10.10 Workgroup (32-bit) (HKLM-x32\...\Pervasive PSQL v10.10 Workgroup (32-bit)) (Version: 10.13.060 - Pervasive Software)
Pervasive PSQL v10.10 Workgroup (32-bit) (x32 Version: 10.13.060 - Pervasive Software) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Podstawowe programy Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Radio.fx (HKLM-x32\...\Tobit Radio.fx Server) (Version:  - Tobit.Software)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
SmartTools Publishing • Excel Jahreskalender 2015 (HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\SmartToolsExcelJahreskalender 2015) (Version: 7.00 - SmartTools Publishing)
SmartTools Publishing • Word Serienmailer (HKLM-x32\...\SmartToolsSerienmailerv3.22) (Version: v3.22 - SmartTools Publishing)
StarMoney (x32 Version: 4.0.3.24 - StarFinanz) Hidden
StarMoney 9.0  (HKLM-x32\...\{D7163305-57C0-4BD4-8A04-E4181F6CDEDE}) (Version: 9.0 - Star Finanz GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Top50 V5 Viewer (HKLM-x32\...\{FABDDA3C-3951-428C-AE27-8E180365A061}) (Version: 6.3.2.0000 - EADS Deutschland GmbH)
Valokuvavalikoima (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Συλλογή φωτογραφιών (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ulli\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{060D3CBD-8D3B-35C4-A0D8-49B3E040975A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{0911ECFC-FE5F-4C7F-A9A6-97ADAEE5D6FC}\InprocServer32 -> C:\Users\Ulli\AppData\Roaming\Programme\SmartTools\Excel Jahreskalender 2015\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{1B158A14-A79D-38C1-B6A1-1A880A3FA50A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{3BA6D0D1-DC24-3DBA-A132-06A1BA807DCB}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{59D15BAE-7C4E-3B51-8480-8C9CCB3C5D65}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{5B170D82-E562-3EFB-8139-93698F5A9322}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{5DFD9BFC-435D-3284-8C60-7C3203386798}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{6258287F-314C-3558-B92C-28D8EDAAC361}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{660F5B5C-6705-3B5C-B11C-869ED8217FCE}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{6CD2091E-15F6-3F2F-9D99-DF8A167B51D8}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{6EEDFCF0-D92D-3891-89F1-B7B745538E4A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{8324717F-46C4-3EE7-B07C-30122737A552}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{8634B281-0D37-317D-8F77-068938E82BFB}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{8F0209F9-EC9B-3FCF-997C-A3094FFEF45F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{93289D11-48CF-356C-8BC4-DEDD603DD03B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{958D61DA-921A-3AB8-8A38-0B2943518910}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{A80F214C-0B43-3C02-B064-1FB58E461FE8}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{B38988F9-3E55-3584-AC7D-44A5229790A8}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{B6406164-BEED-309C-B0FD-9F055DDF7E1A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{B90F3724-195B-33C7-BCB2-EB7D48C4497F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{BB4F4887-B7E8-3483-82D4-C77B21CA984A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{C054C137-9B5A-3830-8B1C-A9955D5F1450}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{C88C785D-8EB2-3BD4-B4BB-6B261F4B46C8}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{CEB81839-B60D-3A2B-8445-EBD410FCBAD7}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{EBCB8E20-5468-300C-B4E5-61900BD9E341}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{EFC21CD6-B6E1-3A71-946C-73BB2F1F11CD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Ulli\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ulli\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ulli\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ulli\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ulli\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ulli\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ulli\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ulli\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3911576866-2457419995-2319590870-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ulli\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

28-01-2015 05:13:57 Windows Update
30-01-2015 09:39:32 DVDVideoSoftRestorePoint
02-02-2015 17:08:38 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1CD11D60-DFDF-4EEF-8083-EE201F4D4EFF} - System32\Tasks\{4B192C6B-1C4A-459B-A1B7-EB1D2C5DB14F} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/de/abandoninstall?page=tsMain
Task: {379CEFCA-AC2B-4EF3-8FCF-A710C7AA0CE7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-14] (Microsoft Corporation)
Task: {45583031-1E7F-4FBF-BAC7-71FA641308E2} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {754B7387-74BE-49B0-82D9-8C01B9902462} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3911576866-2457419995-2319590870-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {9120D1CD-EBE8-46B1-ADE5-9450B64AAC1E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)
Task: {C255F862-33C1-4647-A44D-BE1E81CEC1B4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-25] (Google Inc.)
Task: {D572FC10-7557-4D7C-982E-87B6103D6A56} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-25] (Google Inc.)
Task: {DB2D7868-DDCF-46EB-9414-9631A26C23C8} - System32\Tasks\{6A60C321-3331-4FFC-AB9A-94B4D0B8D123} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/de/abandoninstall?page=tsWLM
Task: {F6160409-8B3A-46EF-AA5B-2AA146EAB2B9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-10-24 09:36 - 2014-09-13 22:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-10-24 10:08 - 2011-08-22 13:44 - 01421216 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
2013-10-24 10:08 - 2012-07-30 10:48 - 01518504 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
2014-02-17 17:27 - 2013-06-03 13:06 - 03999512 _____ () C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
2014-06-04 15:51 - 2014-06-04 15:51 - 00692224 _____ () C:\Program Files (x86)\onlinebrief24.de\ebdhelper.exe
2014-08-05 07:27 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 9.0\ouservice\PATCHW32.dll
2015-02-04 16:28 - 2015-02-04 16:28 - 00098816 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI60602\win32api.pyd
2015-02-04 16:28 - 2015-02-04 16:28 - 00110080 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI60602\pywintypes27.dll
2015-02-04 16:28 - 2015-02-04 16:28 - 00364544 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI60602\pythoncom27.dll
2015-02-04 16:28 - 2015-02-04 16:28 - 00045568 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI60602\_socket.pyd
2015-02-04 16:28 - 2015-02-04 16:28 - 01160704 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI60602\_ssl.pyd
2015-02-04 16:28 - 2015-02-04 16:28 - 00320512 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI60602\win32com.shell.shell.pyd
2015-02-04 16:28 - 2015-02-04 16:28 - 00713216 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI60602\_hashlib.pyd
2015-02-04 16:28 - 2015-02-04 16:28 - 01175040 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI60602\wx._core_.pyd
2015-02-04 16:28 - 2015-02-04 16:28 - 00805888 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI60602\wx._gdi_.pyd
2015-02-04 16:28 - 2015-02-04 16:28 - 00811008 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI60602\wx._windows_.pyd
2015-02-04 16:28 - 2015-02-04 16:28 - 01062400 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI60602\wx._controls_.pyd
2015-02-04 16:28 - 2015-02-04 16:28 - 00735232 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI60602\wx._misc_.pyd
2015-02-04 16:28 - 2015-02-04 16:28 - 00557056 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI60602\pysqlite2._sqlite.pyd
2015-02-04 16:28 - 2015-02-04 16:28 - 00128512 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI60602\_elementtree.pyd
2015-02-04 16:28 - 2015-02-04 16:28 - 00127488 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI60602\pyexpat.pyd
2015-02-04 16:28 - 2015-02-04 16:28 - 00087552 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI60602\_ctypes.pyd
2015-02-04 16:28 - 2015-02-04 16:28 - 00119808 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI60602\win32file.pyd
2015-02-04 16:28 - 2015-02-04 16:28 - 00108544 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI60602\win32security.pyd
2015-02-04 16:28 - 2015-02-04 16:28 - 00007168 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI60602\hashobjs_ext.pyd
2015-02-04 16:28 - 2015-02-04 16:28 - 00167936 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI60602\win32gui.pyd
2015-02-04 16:28 - 2015-02-04 16:28 - 00018432 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI60602\win32event.pyd
2015-02-04 16:28 - 2015-02-04 16:28 - 00038912 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI60602\win32inet.pyd
2015-02-04 16:28 - 2015-02-04 16:28 - 00011264 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI60602\win32crypt.pyd
2015-02-04 16:28 - 2015-02-04 16:28 - 00070656 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI60602\wx._html2.pyd
2015-02-04 16:28 - 2015-02-04 16:28 - 00027136 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI60602\_multiprocessing.pyd
2015-02-04 16:28 - 2015-02-04 16:28 - 00035840 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI60602\win32process.pyd
2015-02-04 16:28 - 2015-02-04 16:28 - 00686080 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI60602\unicodedata.pyd
2015-02-04 16:28 - 2015-02-04 16:28 - 00122368 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI60602\wx._wizard.pyd
2015-02-04 16:28 - 2015-02-04 16:28 - 00024064 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI60602\win32pipe.pyd
2015-02-04 16:28 - 2015-02-04 16:28 - 00025600 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI60602\win32pdh.pyd
2015-02-04 16:28 - 2015-02-04 16:28 - 00525640 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI60602\windows._lib_cacheinvalidation.pyd
2015-02-04 16:28 - 2015-02-04 16:28 - 00010240 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI60602\select.pyd
2015-02-04 16:28 - 2015-02-04 16:28 - 00017408 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI60602\win32profile.pyd
2015-02-04 16:28 - 2015-02-04 16:28 - 00022528 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI60602\win32ts.pyd
2015-02-04 16:28 - 2015-02-04 16:28 - 00078336 _____ () C:\Users\Ulli\AppData\Local\Temp\_MEI60602\wx._animate.pyd
2014-02-17 17:27 - 2013-06-03 13:06 - 09907712 _____ () C:\Program Files (x86)\Tobit Radio.fx\Client\TOBITCLT.dll
2014-02-17 17:27 - 2013-05-16 14:28 - 00242688 _____ () C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-client$.ger
2013-10-24 09:56 - 2013-08-05 08:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Ulli\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-04 16:28 - 2015-02-04 16:28 - 00043008 _____ () c:\users\ulli\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjt5utm.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Ulli\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Ulli\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Ulli\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-01-31 01:33 - 2015-01-27 04:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll
2015-01-31 01:33 - 2015-01-27 04:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll
2014-01-26 11:52 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-01-31 01:33 - 2015-01-27 04:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll
2013-10-24 09:26 - 2013-09-04 00:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2012-10-09 04:50 - 2014-02-24 10:56 - 00526464 _____ () C:\Program Files (x86)\SmartTools\Word Serienmailer\adxloader.dll
2013-08-07 10:10 - 2011-05-07 02:53 - 00190836 _____ () C:\Program Files (x86)\SmartTools\Word Serienmailer\STP_FuncLib.dll
2015-01-31 01:33 - 2015-01-27 04:44 - 14913864 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Ulli\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3911576866-2457419995-2319590870-1002\...\StartupApproved\StartupFolder: => "Logitech . Produktregistrierung.lnk"

========================= Accounts: ==========================

Administrator (S-1-5-21-3911576866-2457419995-2319590870-500 - Administrator - Disabled)
Gast (S-1-5-21-3911576866-2457419995-2319590870-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3911576866-2457419995-2319590870-1004 - Limited - Enabled)
Ulli (S-1-5-21-3911576866-2457419995-2319590870-1002 - Administrator - Enabled) => C:\Users\Ulli

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (02/04/2015 04:41:21 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "SPEEDPORT.IP" zum Namen "MEDION_AKOYA" auf Transport "NetBT_Tcpip_{2DD379D7-8B65-4001-A248-2010D0D2803D}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (02/04/2015 04:39:21 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "SPEEDPORT.IP" zum Namen "MEDION_AKOYA" auf Transport "NetBT_Tcpip_{2DD379D7-8B65-4001-A248-2010D0D2803D}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (02/04/2015 04:37:21 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "SPEEDPORT.IP" zum Namen "MEDION_AKOYA" auf Transport "NetBT_Tcpip_{2DD379D7-8B65-4001-A248-2010D0D2803D}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (02/04/2015 04:27:05 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "SPEEDPORT.IP" zum Namen "MEDION_AKOYA" auf Transport "NetBT_Tcpip_{2DD379D7-8B65-4001-A248-2010D0D2803D}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 21%
Total physical RAM: 12244.35 MB
Available physical RAM: 9559.88 MB
Total Pagefile: 14100.35 MB
Available Pagefile: 11240.04 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:1801.3 GB) (Free:1463.34 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:45.04 GB) NTFS
Drive g: () (Removable) (Total:0.99 GB) (Free:0.87 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 1009 MB) (Disk ID: 004FA16F)
Partition 1: (Active) - (Size=1009 MB) - (Type=06)

==================== End Of Log ============================
         


Alt 04.02.2015, 16:50   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Positive Finds - Windows 8.1 - Standard

Positive Finds - Windows 8.1



Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
--> Positive Finds - Windows 8.1

Alt 04.02.2015, 22:48   #7
UlliLang
 
Positive Finds - Windows 8.1 - Standard

Positive Finds - Windows 8.1



Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 04.02.2015
Suchlauf-Zeit: 19:50:19
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.04.09
Rootkit Datenbank: v2015.02.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Ulli

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 391140
Verstrichene Zeit: 21 Min, 37 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=eafe2870b0ce7943884dbc851b5cfc20
# engine=22308
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-04 07:43:49
# local_time=2015-02-04 08:43:49 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 19736 35727054 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 7247823 31437749 0 0
# scanned=27723
# found=12
# cleaned=0
# scan_time=1356
sh=C7C0F42A23562AA6DCCD60326FD8CC2AA41B5448 ft=1 fh=c053642cee9f3def vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=125B1C393F2104CBA08183E495C0907BFF7EDA22 ft=1 fh=ea25908c8365106f vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir"
sh=8E85792765D0E0BF52107CFF4A6620995DB19BB0 ft=1 fh=627da500ea2e265f vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterfacef32.dll.vir"
sh=2FCA2173F2DD16DF8F1F990170FA4479FC5D5BFC ft=1 fh=c528dd1cda99a111 vn="Variante von Win32/ELEX.AR evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir"
sh=6043D1ACD51FD373472020FBB748C405AAF22397 ft=1 fh=4c716dbbae6c21b9 vn="Win32/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir"
sh=FF431CD8693F4045BD7BD87DBCE54B820F000FC0 ft=1 fh=16c2e1bd3fd6b7e2 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir"
sh=5836A5DF3860241F6B69F2292ABCE592A13689B6 ft=1 fh=a3db04555f559ea8 vn="Variante von Win32/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv32.dll.vir"
sh=E97CBDBD7CFED2C58464C1ABF186520022DE5666 ft=1 fh=7a2ea5ecc33ad0e3 vn="Variante von Win64/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv64.dll.vir"
sh=9DC13DB9C123270C2356ED410128E11D5ADF7C6E ft=1 fh=023ab782f0a9b07d vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=56659F7FF1F1FA7906A77228E315F65F38BCEF73 ft=1 fh=0ff759dfc352fd03 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=BA5D225FE04ED9E21278011D1A6F6BBECB9134D8 ft=1 fh=57ab8a13e6ab5320 vn="Variante von Win32/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ulli\AppData\Local\Temp\SetupDataMngr_Searchqu.exe.vir"
sh=2714DB0A06F74A4282CDDC307EA1599670422E09 ft=1 fh=dbe7f66a91f8fadc vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ulli\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=eafe2870b0ce7943884dbc851b5cfc20
# engine=22308
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-04 09:38:15
# local_time=2015-02-04 10:38:15 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 26602 35733920 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 7254689 31444615 0 0
# scanned=416924
# found=18
# cleaned=0
# scan_time=6762
sh=C7C0F42A23562AA6DCCD60326FD8CC2AA41B5448 ft=1 fh=c053642cee9f3def vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=125B1C393F2104CBA08183E495C0907BFF7EDA22 ft=1 fh=ea25908c8365106f vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir"
sh=8E85792765D0E0BF52107CFF4A6620995DB19BB0 ft=1 fh=627da500ea2e265f vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterfacef32.dll.vir"
sh=2FCA2173F2DD16DF8F1F990170FA4479FC5D5BFC ft=1 fh=c528dd1cda99a111 vn="Variante von Win32/ELEX.AR evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir"
sh=6043D1ACD51FD373472020FBB748C405AAF22397 ft=1 fh=4c716dbbae6c21b9 vn="Win32/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir"
sh=FF431CD8693F4045BD7BD87DBCE54B820F000FC0 ft=1 fh=16c2e1bd3fd6b7e2 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir"
sh=5836A5DF3860241F6B69F2292ABCE592A13689B6 ft=1 fh=a3db04555f559ea8 vn="Variante von Win32/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv32.dll.vir"
sh=E97CBDBD7CFED2C58464C1ABF186520022DE5666 ft=1 fh=7a2ea5ecc33ad0e3 vn="Variante von Win64/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv64.dll.vir"
sh=9DC13DB9C123270C2356ED410128E11D5ADF7C6E ft=1 fh=023ab782f0a9b07d vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=56659F7FF1F1FA7906A77228E315F65F38BCEF73 ft=1 fh=0ff759dfc352fd03 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=BA5D225FE04ED9E21278011D1A6F6BBECB9134D8 ft=1 fh=57ab8a13e6ab5320 vn="Variante von Win32/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ulli\AppData\Local\Temp\SetupDataMngr_Searchqu.exe.vir"
sh=2714DB0A06F74A4282CDDC307EA1599670422E09 ft=1 fh=dbe7f66a91f8fadc vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ulli\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=4841381AFCF100CC9F978099AEA59E8FA71F16B1 ft=1 fh=ee997e683c5fed1e vn="MSIL/Toolbar.SmileysLove.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ulli\AppData\Local\Temp\bhfiles\BrowserHelper.exe"
sh=B57EE6EE4A361F571CFB9BCE74156FC964719A82 ft=1 fh=b31826bf975269af vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ulli\Downloads\wm201414.0610xxl - CHIP-Installer.exe"
sh=9FE5AB3557C71FD7DFE9E3065032756EB6A42BDD ft=1 fh=146d7656c6e2a282 vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ulli\Downloads\Programme\Calibre-lnstall.exe"
sh=BAEB738A5AA6656AC0742EB8A47751881DC6A8C2 ft=1 fh=97960255c0dfeafb vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ulli\Downloads\Programme\Fotosizer - CHIP-Installer.exe"
sh=D857C664CE9D248816CDB2E9BCA065343657502A ft=1 fh=a85b5fee098ab53d vn="Win32/Somoto.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ulli\Downloads\Programme\m4a-to-mp3-83converter.exe"
sh=8BE4C277A62F2400C3B0A20F39297D310774E2AC ft=1 fh=d69c639933d87dfe vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ulli\Downloads\Programme\Setup21_FreeConverter.exe"
         

Alt 04.02.2015, 23:12   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Positive Finds - Windows 8.1 - Standard

Positive Finds - Windows 8.1



Vor dem jetzigen Fix mit FRST bitte Virenscanner deaktivieren...

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\Ulli\AppData\Local\Temp\bhfiles\BrowserHelper.exe
C:\Users\Ulli\Downloads\wm201414.0610xxl - CHIP-Installer.exe
C:\Users\Ulli\Downloads\Programme\Calibre-lnstall.exe
C:\Users\Ulli\Downloads\Programme\Fotosizer - CHIP-Installer.exe
C:\Users\Ulli\Downloads\Programme\m4a-to-mp3-83converter.exe
C:\Users\Ulli\Downloads\Programme\Setup21_FreeConverter.exe
EmptyTemp:
Hosts:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.02.2015, 07:18   #9
UlliLang
 
Positive Finds - Windows 8.1 - Standard

Positive Finds - Windows 8.1



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-02-2015 01
Ran by Ulli at 2015-02-05 06:59:13 Run:1
Running from C:\Users\Ulli\Desktop
Loaded Profiles: Ulli &  (Available profiles: Ulli)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Ulli\AppData\Local\Temp\bhfiles\BrowserHelper.exe
C:\Users\Ulli\Downloads\wm201414.0610xxl - CHIP-Installer.exe
C:\Users\Ulli\Downloads\Programme\Calibre-lnstall.exe
C:\Users\Ulli\Downloads\Programme\Fotosizer - CHIP-Installer.exe
C:\Users\Ulli\Downloads\Programme\m4a-to-mp3-83converter.exe
C:\Users\Ulli\Downloads\Programme\Setup21_FreeConverter.exe
EmptyTemp:
Hosts:
*****************

C:\Users\Ulli\AppData\Local\Temp\bhfiles\BrowserHelper.exe => Moved successfully.
C:\Users\Ulli\Downloads\wm201414.0610xxl - CHIP-Installer.exe => Moved successfully.
C:\Users\Ulli\Downloads\Programme\Calibre-lnstall.exe => Moved successfully.
C:\Users\Ulli\Downloads\Programme\Fotosizer - CHIP-Installer.exe => Moved successfully.
C:\Users\Ulli\Downloads\Programme\m4a-to-mp3-83converter.exe => Moved successfully.
C:\Users\Ulli\Downloads\Programme\Setup21_FreeConverter.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 6.3 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 07:04:44 ====
         

Alt 05.02.2015, 11:55   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Positive Finds - Windows 8.1 - Standard

Positive Finds - Windows 8.1



Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) empfehle ich die Erweiterung Ghostery, diese verhindert weitgehend Usertracking bzw. das Anzeigen von Werbebannern.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.02.2015, 12:13   #11
UlliLang
 
Positive Finds - Windows 8.1 - Standard

Positive Finds - Windows 8.1



Hallo cosinus,

vielen Dank für die viele Mühe und Hilfe.
Leider besteht das zuerst genannte Problem immer noch.
Es poppen immer wieder Werbebanner von positive finds auf und die Links auf andere Seiten werden umgeleitet. Es ist also noch genaus so, wie ich es in der ersten Nachricht beschrieben habe. Habe jetzt schon überlegt, ob ich Windows ganz neu installiere?

cu

Ulli

Alt 05.02.2015, 12:18   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Positive Finds - Windows 8.1 - Standard

Positive Finds - Windows 8.1



Erstell dir mal ein neues Profil und teste:

Firefox => http://support.mozilla.com/de/kb/Profile%20verwalten
Chrome => https://support.google.com/chrome/answer/3296214?hl=de
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.02.2015, 12:34   #13
UlliLang
 
Positive Finds - Windows 8.1 - Standard

Positive Finds - Windows 8.1



Was meinst du mit neues Profil erstellen?

Alt 05.02.2015, 13:02   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Positive Finds - Windows 8.1 - Standard

Positive Finds - Windows 8.1



verlinkten Artikel einfach mal lesen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.02.2015, 19:58   #15
UlliLang
 
Positive Finds - Windows 8.1 - Standard

Positive Finds - Windows 8.1



Hallo cosinus.

Bei firefox ist positve finds jetzt nicht mehr aufgetaucht. Bei chrome hat das Zurücksetzen allerdings nichts genutzt. Hier tauchen immer noch plötzlich Werbebanner von positve finds auf und beim anklicken von links wir man auf andere Seiten umgeleitet. Ich habe chrome jetzt erstmal deinstalliert.
Hast du denn im Verlauf unserer Aktionen den Eindruck gewonnen, dass tatsächlich etwas gefunden und entfernt wurde? Ich konnt bei den vielen Scans und log-Dateien mit meinem Wissen nicht so richtig folgen.
Wenn ich jetzt chrome neu installiere ist der Unterschied zum Zurücksetzen wahrscheinlich so gering, dass keine Besserung zu erwarten ist, oder?
Kann ist sonst noch etwas unternehmen oder bleibt als letzte Lösung dann doch nur das Neuaufsetzen des Systems?

vielen Dank für die Hilfe und vor allem für die Geduld!!!

Ulli

Habe chrome versucht zu deinstallieren. Das hat zuerst aber auch nicht geklappt da immer eine Meldung kam, dass ich alle chrome-Fenster schließen müsse.
Habe dann im Taskmanager alles was mit chrome zu tun hatte manuell geschlossen. Dann ließ es sich deinstallieren. Bis jetzt ist positive finds nicht mehr aufgetaucht.
Was jetzt geholfen hat? Wer weiß es genau.
Nochmal vielen Dank!

Ulli

Antwort

Themen zu Positive Finds - Windows 8.1
fehlercode 0xc0000005, installmanager.exe, msil/toolbar.smileyslove.b, onedrive, positivefinds, pup.adware.agent, pup.optional.bunndle, pup.optional.conduit.a, pup.optional.findpositive.a, pup.optional.iepluginservice.a, pup.optional.positivefind.a, pup.optional.skytech.a, pup.optional.smileyswelove.a, pup.optional.v9.a, remotecomputer, starmoney, tracker, win32/downloadsponsor.c, win32/elex.ar, win32/elex.av, win32/somoto.e, win32/thinknice.a, win32/thinknice.b, win32/thinknice.c, win32/toolbar.searchsuite, win32/toolbar.searchsuite.a, win32/winloadsda.d, win64/thinknice.a, win64/thinknice.c



Ähnliche Themen: Positive Finds - Windows 8.1


  1. Windows 8.1 ACER Laptop ist langsam geworden, Positive Finds unauffindbar, ständig Werbung
    Log-Analyse und Auswertung - 27.02.2015 (19)
  2. Positive Finds ads
    Plagegeister aller Art und deren Bekämpfung - 26.02.2015 (10)
  3. Windows 8: Webseiten werden auf Werbung von Positive Finds umgeleitet
    Log-Analyse und Auswertung - 21.02.2015 (11)
  4. Windows 8: Positive Finds Ads
    Plagegeister aller Art und deren Bekämpfung - 20.02.2015 (11)
  5. Positive Finds ads, ABP
    Log-Analyse und Auswertung - 19.02.2015 (8)
  6. Windows 7: Probleme mit Positive Finds / Werbeanzeigen bleiben trotz Löschung der Software
    Log-Analyse und Auswertung - 18.02.2015 (7)
  7. Positive finds
    Plagegeister aller Art und deren Bekämpfung - 15.02.2015 (13)
  8. Positive finds auf Acer Laptop/Windows 8/ 64bit
    Plagegeister aller Art und deren Bekämpfung - 13.02.2015 (18)
  9. Positive finds
    Plagegeister aller Art und deren Bekämpfung - 12.02.2015 (52)
  10. ads by positive finds
    Plagegeister aller Art und deren Bekämpfung - 08.02.2015 (11)
  11. Windows 7: positive finds ads eingefangen
    Log-Analyse und Auswertung - 07.02.2015 (8)
  12. Positive finds malware auf Windows 8
    Log-Analyse und Auswertung - 06.02.2015 (9)
  13. Positive Finds - MP3-Converter - Windows 7 - Ergriffene Maßnahmen ohne Erfolg
    Plagegeister aller Art und deren Bekämpfung - 06.02.2015 (11)
  14. Windows 7, habe mir positive finds eingefangen
    Log-Analyse und Auswertung - 06.02.2015 (11)
  15. positive finds ads Problem unter windows 7
    Log-Analyse und Auswertung - 05.02.2015 (8)
  16. Positive Finds Ads
    Plagegeister aller Art und deren Bekämpfung - 04.02.2015 (13)
  17. Windows 8.1 --> Positive Finds eingefangen
    Plagegeister aller Art und deren Bekämpfung - 03.02.2015 (5)

Zum Thema Positive Finds - Windows 8.1 - Moin. Ich habe mir (scheinbar durch die Installation von einem mp3 ripper) positive finds eingefangen und werde es nicht mehr los! Was ich bisher getan habe: 1. positve finds in - Positive Finds - Windows 8.1...
Archiv
Du betrachtest: Positive Finds - Windows 8.1 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.