Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   MultiPlug-FVQ (https://www.trojaner-board.de/164667-multiplug-fvq.html)

Xorrie 03.03.2015 20:18
MultiPlug-FVQ
 
Hallo zusammen,

ich bin nicht mehr der Jüngste (66) und habe eine Frage:
Ich habe McAfee Internet Security auf meinem PC und der hat mich vor: MultiPlug-FVQ
gewarnt.
Was ist das und kann ich das "Ding" zulassen, oder soll ich es isolieren?

Vielen Dank schon mal im Voraus.

Xorrie

deeprybka 03.03.2015 23:44
:hallo:

Bei dieser Meldung handelt es sich vermutlich um Adware. Z.B. Malware scan of 0594fd5f291.exe ca878341459ad0f4c2b9099a76b83192af4501b7 - herdProtect

Das ist jetzt nichts "schlimmes" aber dennoch "unerwünscht". Also "Blockieren" oder in "Quarantäne" verschieben wählen.

Wenn Du möchtest, dass Dein PC genauer untersucht wird, lasse es mich bitte wissen. ;)

Xorrie 04.03.2015 00:28
MultiPlug-FVQ
 
Herzlichen Dank für Deine Information und Deine Mühe.
Ich habe MultiPlug-FVQ durch McAfee isolieren lassen.
Wie kann ich den PC genauer untersuchen lassen?

Besten Gruß und nochmals vielen Dank:party:

Xorrie

Xorrie 04.03.2015 01:00
Nochmals ein Hallo!
Ich habe mal AdwCleaner suchen lassen und das ist dabei, siehe Anhang, heraus gekommen.

C:\Program Files\SereneScreen ist ein Aquarium-Bildschirmschoner.

Mit freundlichen Grüßen

Xorrie

deeprybka 04.03.2015 11:04
Hi,
da sollten wir schon eine Bereinigung durchziehen.

:hallo:

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...:abklatsch:
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean :daumenhoc bekommst.



Los geht's:

Schritt 1
http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://deeprybka.trojaner-board.de/tdss/codetags.gif

Xorrie 04.03.2015 20:17
MultiPlug-FVQ
 
Hallo Jürgen,
vielen Dank schon mal im Voraus.
Ich hoffe, dass ich alles richtig gemacht habe.
Mein Name ist Franz-Xaver, deshalb mein Spitzname "Xorrie" als Benutzername.[CODE][/CO
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2015
Ran by Franz-Xaver (administrator) on ASTERIX on 04-03-2015 19:51:54
Running from C:\Users\Franz-Xaver\Downloads
Loaded Profiles: Franz-Xaver (Available profiles: Franz-Xaver)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Users\Franz-Xaver\AppData\LocalLow\WOT\IE\WOTUpdater.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Daniel Manger Software) C:\Program Files\Kalenderchen\Kalenderchen.exe
(TomTom) C:\Program Files\MyDrive Connect\MyDriveConnect.exe
(Google Inc.) C:\Users\Franz-Xaver\AppData\Local\Google\Update\GoogleUpdate.exe
(Advanced Micro Devices Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ATI Technologies Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe [748232 2014-11-20] (Advanced Micro Devices, Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\...\Run: [DMS-Kalenderchen] => C:\Program Files\Kalenderchen\Kalenderchen.exe [3494912 2010-03-16] (Daniel Manger Software)
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\...\Run: [Google Update] => C:\Users\Franz-Xaver\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2015-02-21] (Google Inc.)
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\...\Run: [Google+ Auto Backup] => C:\Users\Franz-Xaver\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.)
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\MA2_6.scr [2936832 2006-02-28] ()
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\Franz-Xaver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Franz-Xaver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 1000 J110 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 1000 J110 series.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50588;https=127.0.0.1:50588
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: WOT -> {9E571C81-21E7-496B-9E6B-127E60263022} -> C:\Users\Franz-Xaver\AppData\LocalLow\WOT\IE\WOT.dll (WOT Services Oy)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Eyeo GmbH)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog9 01 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 02 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 03 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 04 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 15 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Franz-Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\oyabea71.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF SelectedSearchEngine: webssearches
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\npmcsnffpl.dll ()
FF Plugin: @mcafee.com/MVT -> C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=17.0.12.0 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=17.0.12 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=17.0.12.0 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1708056501-3709124106-2672143446-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Franz-Xaver\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1708056501-3709124106-2672143446-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Franz-Xaver\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Franz-Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\oyabea71.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Franz-Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\oyabea71.default\searchplugins\google-maps.xml
FF Extension: Google Translator for Firefox - C:\Users\Franz-Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\oyabea71.default\Extensions\translator@zoli.bod.xpi [2015-02-17]
FF Extension: {011f2b37-2728-4487-80d7-47da9dddd46c} - C:\Users\Franz-Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\oyabea71.default\Extensions\{011f2b37-2728-4487-80d7-47da9dddd46c}.xpi [2015-02-15]
FF Extension: Adblock Plus - C:\Users\Franz-Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\oyabea71.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-16]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: No Name - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-09-19]
FF HKLM\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\Franz-Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\oyabea71.default\extensions\searchengine@gmail.com
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-01-13]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [nphjeokkkbngjpiofnfpnafjeofjomfb] - C:\Users\Franz-Xaver\AppData\LocalLow\WOT\CHROME\WOT.crx [2012-01-12]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-10-08] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2015-01-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-24] ()
R2 RealPlayer Cloud Service; c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-09-20] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-24] () [File not signed]
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 WOTUpdater; C:\Users\Franz-Xaver\AppData\LocalLow\WOT\IE\WOTUpdater.exe [18432 2012-01-12] () [File not signed]
S2 HPSLPSVC; C:\Users\Franz-Xaver\AppData\Local\Temp\7zS03AD\hpslpsvc32.dll [X]
S2 JetDrive WindowsClosingService; C:\Windows\System32\WindowsClosingService [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-01-23] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
S3 jetdrive; C:\Windows\System32\DRIVERS\jddrv.sys [29056 2012-05-22] (Abelssoft GmbH)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-25] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [575984 2015-01-13] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [350240 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81296 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217224 2014-06-20] (McAfee, Inc.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2014-11-28] (Secunia)
S3 cpuz134; \??\C:\Users\FRANZ-~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
U3 DfSdkS; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 19:51 - 2015-03-04 19:52 - 00017963 _____ () C:\Users\Franz-Xaver\Downloads\FRST.txt
2015-03-04 19:51 - 2015-03-04 19:52 - 00000000 ____D () C:\FRST
2015-03-04 19:50 - 2015-03-04 19:50 - 01132544 _____ (Farbar) C:\Users\Franz-Xaver\Downloads\FRST.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 17142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 11220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 04240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-04 18:33 - 2015-03-04 18:33 - 02166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 01926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-04 18:33 - 2015-03-04 18:33 - 01818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-03-04 18:33 - 2015-03-04 18:33 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-04 18:33 - 2015-03-04 18:33 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-03-04 18:33 - 2015-03-04 18:33 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-04 18:31 - 2015-03-04 18:36 - 00010829 _____ () C:\Windows\IE11_main.log
2015-03-04 18:03 - 2015-03-04 18:04 - 06821496 _____ (TomTom International B.V.) C:\Users\Franz-Xaver\Downloads\InstallMyDriveConnect(1).exe
2015-03-04 18:02 - 2015-03-02 09:17 - 06821496 _____ (TomTom International B.V.) C:\Users\Franz-Xaver\Downloads\InstallMyDriveConnect_3_3_0_1812.exe
2015-03-04 17:59 - 2015-03-04 17:59 - 00000064 ____H () C:\Users\Franz-Xaver\Downloads\.picasa.ini
2015-03-03 15:13 - 2015-03-03 15:13 - 00002308 _____ () C:\Windows\PFRO.log
2015-03-02 10:15 - 2015-03-02 10:17 - 00000000 ____D () C:\Users\Franz-Xaver\Documents\P-Wort
2015-03-02 10:04 - 2015-03-02 10:11 - 00000000 ____D () C:\Users\Franz-Xaver\Documents\Regisry
2015-03-02 10:01 - 2015-01-10 19:09 - 00010240 _____ () C:\Users\Franz-Xaver\Documents\Gesamt--GAS.wps
2015-03-02 09:34 - 2015-03-02 09:38 - 40822424 _____ () C:\Users\Franz-Xaver\Downloads\Firefox_Setup_36.0.exe
2015-03-02 09:22 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-03-02 09:05 - 2015-03-04 18:38 - 00000448 _____ () C:\Windows\setupact.log
2015-03-02 09:05 - 2015-03-02 09:05 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-27 21:56 - 2015-03-02 09:02 - 00000000 ____D () C:\Program Files\Opera
2015-02-25 17:38 - 2015-02-25 17:39 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-25 17:37 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-25 17:37 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-25 17:36 - 2015-03-02 09:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-25 17:36 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-21 20:48 - 2015-02-21 20:48 - 00663000 _____ () C:\Users\Franz-Xaver\Downloads\MeinWetter_CB-DL-Manager.exe
2015-02-21 20:14 - 2015-03-04 19:19 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708056501-3709124106-2672143446-1001UA.job
2015-02-21 20:14 - 2015-03-03 20:19 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708056501-3709124106-2672143446-1001Core.job
2015-02-21 20:14 - 2015-03-02 09:03 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2015-02-21 20:12 - 2015-02-21 20:12 - 00001068 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
2015-02-21 20:12 - 2015-02-21 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-02-21 19:56 - 2015-02-21 19:56 - 00000000 ____D () C:\Users\Franz-Xaver\Documents\OneNote-Notizbücher
2015-02-20 09:46 - 2015-02-20 09:46 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2015-02-20 01:06 - 2015-03-02 23:59 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\Apps\2.0
2015-02-17 12:40 - 2015-02-17 12:40 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
2015-02-17 12:11 - 2015-02-17 12:11 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-02-17 11:49 - 2015-02-20 13:49 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-17 11:48 - 2015-02-20 13:49 - 00000000 ____D () C:\ProgramData\IObit
2015-02-17 11:48 - 2015-02-17 11:48 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\IObit
2015-02-15 23:41 - 2015-02-15 23:41 - 00000000 ____D () C:\Program Files\b06aa4c3-c9f0-4250-b86a-8700e8851354
2015-02-15 23:40 - 2015-02-21 19:51 - 00000000 ____D () C:\Program Files\I - Cinema
2015-02-15 23:30 - 2015-02-15 23:30 - 00005336 _____ () C:\Windows\system32\ColorMedia.ini
2015-02-15 23:30 - 2015-02-15 23:30 - 00002928 _____ () C:\Windows\system32\ColorMediaOff.ini
2015-02-15 23:30 - 2015-02-07 21:45 - 00318616 _____ (Over the Rainbow Tech) C:\Windows\system32\ColorMedia.dll
2015-02-15 22:33 - 2015-02-15 22:33 - 00666568 _____ () C:\Users\Franz-Xaver\Downloads\adblock-plus-firefox.exe
2015-02-15 22:07 - 2015-03-02 09:39 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2015-02-15 21:54 - 2015-03-03 15:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-15 21:54 - 2015-03-02 09:47 - 00001127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-15 21:54 - 2015-03-02 09:47 - 00001115 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-15 21:54 - 2015-03-02 09:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-14 01:04 - 2015-02-14 01:04 - 00000000 ____D () C:\Program Files\MagiCSS  Live CSS Editor
2015-02-14 01:03 - 2015-03-02 09:03 - 00000000 ____D () C:\Program Files\UniDeals
2015-02-14 01:02 - 2015-03-02 09:03 - 00000000 ____D () C:\ProgramData\fcmjkjjhnlggamjbjkoohmnflagmljcn
2015-02-14 01:01 - 2015-02-22 09:51 - 00000000 ____D () C:\ProgramData\{0b22c01c-79a4-4523-0b22-2c01c79a0071}
2015-02-13 12:47 - 2015-02-13 12:47 - 04575232 _____ (Google Inc.) C:\Windows\system32\GPhotos.scr
2015-02-12 00:29 - 2015-01-09 03:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-12 00:29 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-12 00:29 - 2015-01-09 03:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-11 22:27 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-02-11 22:27 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 22:26 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 22:26 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 22:26 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 22:26 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 22:26 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 22:26 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 22:26 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 22:26 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 22:26 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 22:26 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 22:26 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 22:26 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 22:26 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 22:26 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 22:25 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 22:25 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 22:25 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 22:25 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 22:25 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 22:25 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 22:25 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 22:25 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 22:25 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 22:25 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 22:25 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 22:22 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 22:21 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 00:09 - 2014-07-16 10:24 - 00036152 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll
2015-02-10 23:13 - 2015-03-04 18:45 - 01004380 _____ () C:\Windows\WindowsUpdate.log
2015-02-10 22:36 - 2015-03-02 17:00 - 00000276 _____ () C:\Windows\Tasks\JetDrive.job
2015-02-10 22:24 - 2015-02-16 00:03 - 00000000 ____D () C:\Program Files\NirSoft
2015-02-10 22:21 - 2015-02-10 22:21 - 01198368 _____ () C:\Users\Franz-Xaver\Downloads\Mail PassView - CHIP-Installer(2).exe
2015-02-10 21:49 - 2015-03-02 09:03 - 00000000 ____D () C:\Program Files\WajNEnhance
2015-02-10 21:42 - 2015-02-10 21:42 - 00620920 _____ () C:\Users\Franz-Xaver\Downloads\passwordfox.exe
2015-02-10 12:38 - 2015-02-11 00:18 - 00000000 ____D () C:\Users\Franz-Xaver\Tracing
2015-02-10 12:36 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-02-10 12:36 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-02-10 12:36 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-02-10 12:36 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-02-10 12:36 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-02-10 12:35 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-02-10 01:55 - 2015-02-10 01:55 - 00002023 _____ () C:\Users\Franz-Xaver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lingoes.lnk
2015-02-10 01:54 - 2015-02-10 01:54 - 00001993 _____ () C:\Users\Franz-Xaver\Desktop\Lingoes.lnk
2015-02-10 01:54 - 2015-02-10 01:54 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lingoes
2015-02-10 01:54 - 2015-02-10 01:54 - 00000000 ____D () C:\Program Files\Lingoes
2015-02-10 01:52 - 2015-02-10 01:52 - 01198368 _____ () C:\Users\Franz-Xaver\Downloads\Lingoes - CHIP-Installer.exe
2015-02-09 12:27 - 2015-03-04 18:40 - 00000400 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Franz-Xaver.job
2015-02-09 12:27 - 2015-03-02 10:30 - 00000394 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Franz-Xaver.job
2015-02-09 12:26 - 2015-03-02 12:30 - 00000390 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Franz-Xaver.job
2015-02-08 17:55 - 2015-03-04 00:48 - 00000000 ____D () C:\AdwCleaner
2015-02-07 19:31 - 2014-07-16 10:24 - 00036664 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2015-02-07 19:31 - 2014-07-16 10:24 - 00025400 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2015-02-07 19:30 - 2015-02-07 19:30 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\TuneUp Software
2015-02-07 19:30 - 2015-02-07 19:30 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\TuneUp Software
2015-02-07 19:28 - 2015-02-20 13:47 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-07 19:25 - 2015-02-07 19:26 - 00621048 _____ () C:\Users\Franz-Xaver\Downloads\Kalenderchen6_setup_CB-DL-Manager.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 19:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-03-04 19:33 - 2009-07-14 05:34 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-04 19:33 - 2009-07-14 05:34 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-04 19:06 - 2015-01-23 15:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-04 18:44 - 2015-01-13 05:26 - 00001844 _____ () C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
2015-03-04 18:44 - 2015-01-13 04:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-03-04 18:39 - 2014-09-14 13:07 - 00000000 ____D () C:\Windows\Panther
2015-03-04 18:38 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-04 18:37 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-03-04 18:29 - 2014-09-15 09:01 - 00000000 ____D () C:\Users\Franz-Xaver\TapinRadio
2015-03-04 18:04 - 2014-09-14 19:12 - 00000000 ____D () C:\Program Files\MyDrive Connect
2015-03-04 17:41 - 2014-09-25 15:03 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-04 17:25 - 2014-09-17 19:56 - 00000000 ____D () C:\Program Files\Google
2015-03-04 17:24 - 2014-09-16 17:15 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\CrashDumps
2015-03-04 00:55 - 2014-09-22 15:04 - 00000000 ____D () C:\Users\Franz-Xaver\Desktop\ebay
2015-03-02 10:00 - 2014-09-16 08:26 - 00000602 _____ () C:\Users\Franz-Xaver\AppData\Roaming\wklnhst.dat
2015-03-02 10:00 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-03-02 09:41 - 2009-07-14 05:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-02 09:22 - 2014-09-14 12:18 - 01637016 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-02 09:07 - 2014-09-17 19:56 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\Google
2015-03-02 09:05 - 2014-09-14 12:16 - 00000000 ____D () C:\Users\Franz-Xaver
2015-03-02 09:04 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-03-02 09:03 - 2015-01-25 01:43 - 00000000 ____D () C:\Users\Franz-Xaver\Downloads\pstpassword_1.7
2015-03-02 09:03 - 2014-12-02 21:51 - 00000000 ____D () C:\Program Files\Secunia
2015-03-02 09:03 - 2014-11-20 18:55 - 00000000 ____D () C:\Users\Franz-Xaver\Downloads\mailpv_1.83
2015-03-02 09:03 - 2014-10-19 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-02 09:03 - 2014-09-20 16:49 - 00000000 ____D () C:\Program Files\Common Files\xing shared
2015-03-02 09:03 - 2014-09-20 15:58 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\vlc
2015-03-02 09:03 - 2014-09-19 23:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2015-03-02 09:03 - 2014-09-19 23:55 - 00000000 ____D () C:\Program Files\RealNetworks
2015-03-02 09:03 - 2014-09-19 23:50 - 00000000 ____D () C:\ProgramData\RealNetworks
2015-03-02 09:03 - 2014-09-15 14:00 - 00000000 ____D () C:\ProgramData\Real
2015-03-02 09:03 - 2014-09-15 14:00 - 00000000 ____D () C:\Program Files\Real
2015-03-02 09:03 - 2014-09-14 19:12 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\TomTom
2015-03-02 09:03 - 2014-09-14 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2015-03-02 09:03 - 2014-09-14 12:47 - 00000000 ____D () C:\Program Files\McAfee
2015-03-02 09:03 - 2014-09-14 12:32 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-03-02 09:03 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-02 09:02 - 2014-09-15 14:10 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\RealNetworks
2015-03-02 09:02 - 2014-09-15 13:59 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\Real
2015-03-02 09:02 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-03-02 09:01 - 2014-09-14 13:28 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-02 09:01 - 2014-09-14 12:32 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-02 08:59 - 2014-10-19 14:58 - 00000000 ____D () C:\Program Files\Java
2015-03-02 08:58 - 2014-09-16 09:53 - 00000000 __RHD () C:\MSOCache
2015-02-27 21:56 - 2014-09-15 18:35 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\Opera Software
2015-02-27 21:56 - 2014-09-15 18:35 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\Opera Software
2015-02-25 17:04 - 2014-09-28 08:00 - 00034712 _____ () C:\Windows\system32\MyDefrag.dat
2015-02-25 17:04 - 2014-09-28 08:00 - 00000549 _____ () C:\Windows\system32\MyDefrag.debuglog
2015-02-24 20:13 - 2014-09-14 12:56 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-23 23:20 - 2014-09-14 12:53 - 00000000 ____D () C:\Program Files\ScanWizard 5
2015-02-20 17:51 - 2014-09-22 14:57 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\Daniel_Reust
2015-02-20 17:31 - 2014-09-16 16:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2015-02-20 17:31 - 2014-09-16 15:59 - 00000000 ____D () C:\Program Files\Ashampoo
2015-02-20 15:48 - 2014-09-16 10:01 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-20 15:48 - 2014-09-14 15:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-20 15:46 - 2014-10-19 14:58 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-02-20 13:50 - 2015-01-29 01:55 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-02-20 13:50 - 2014-11-04 01:01 - 00000000 ____D () C:\Program Files\SumatraPDF
2015-02-20 13:50 - 2014-11-02 00:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyKeyFinder
2015-02-20 13:50 - 2014-11-02 00:00 - 00000000 ____D () C:\Program Files\MyKeyFinder
2015-02-20 13:50 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\security
2015-02-20 13:49 - 2009-07-14 09:56 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-02-20 13:48 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-02-17 10:53 - 2014-09-14 19:11 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\Windows Live
2015-02-16 00:12 - 2014-09-16 16:58 - 00000000 ____D () C:\ProgramData\Live Aquarium HD
2015-02-16 00:01 - 2014-11-07 00:15 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\IrfanView
2015-02-15 23:52 - 2014-09-14 13:16 - 00001122 _____ () C:\Users\Franz-Xaver\Desktop\Internet Explorer.lnk
2015-02-15 23:52 - 2014-09-14 12:18 - 00001152 _____ () C:\Users\Franz-Xaver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-15 22:35 - 2015-01-27 01:03 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\dlg
2015-02-13 00:11 - 2009-07-14 03:03 - 57147392 _____ () C:\Windows\system32\config\SOFTWARE.rcbak
2015-02-13 00:11 - 2009-07-14 03:03 - 25165824 _____ () C:\Windows\system32\config\SYSTEM.rcbak
2015-02-13 00:11 - 2009-07-14 03:03 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.rcbak
2015-02-13 00:11 - 2009-07-14 03:03 - 00057344 _____ () C:\Windows\system32\config\SAM.rcbak
2015-02-13 00:11 - 2009-07-14 03:03 - 00024576 _____ () C:\Windows\system32\config\SECURITY.rcbak
2015-02-12 02:31 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing
2015-02-12 00:01 - 2009-07-14 05:33 - 00444472 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 23:58 - 2014-12-10 19:47 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 23:58 - 2014-09-14 19:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 23:53 - 2014-09-14 18:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 23:46 - 2014-09-14 18:34 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 23:45 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-11 23:42 - 2009-07-14 03:04 - 00000478 _____ () C:\Windows\win.ini
2015-02-11 00:21 - 2014-09-21 22:59 - 00000000 ____D () C:\Windows\pss
2015-02-11 00:03 - 2014-09-14 20:14 - 00000000 ____D () C:\Program Files\Windows Live
2015-02-10 01:55 - 2014-09-15 23:18 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\Lingoes
2015-02-08 19:37 - 2014-09-14 12:16 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\VirtualStore
2015-02-07 19:52 - 2014-09-22 23:44 - 00001883 _____ () C:\Users\Public\Desktop\Kalenderchen 5.lnk
2015-02-07 19:52 - 2014-09-22 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalenderchen5
2015-02-07 19:49 - 2014-09-15 15:08 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\Kalenderchen6
2015-02-07 19:36 - 2014-10-03 14:19 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\HpUpdate
2015-02-07 19:36 - 2014-09-14 15:01 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\Microsoft Help
2015-02-05 17:29 - 2014-09-16 15:59 - 00000000 ____D () C:\ProgramData\Ashampoo
2015-02-05 17:06 - 2014-09-14 19:17 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 17:06 - 2014-09-14 19:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-09-16 08:26 - 2015-03-02 10:00 - 0000602 _____ () C:\Users\Franz-Xaver\AppData\Roaming\wklnhst.dat
2014-09-28 14:17 - 2014-09-28 14:17 - 0007598 _____ () C:\Users\Franz-Xaver\AppData\Local\Resmon.ResmonCfg
2014-10-08 12:23 - 2014-10-08 12:23 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-02-17 12:40 - 2015-02-17 12:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-24 16:23

==================== End Of Log ============================
--- --- ---
[CODE][/COAdditional scan result of Farbar Recovery Scan Tool (x86) Version: 04-03-2015
Ran by Franz-Xaver at 2015-03-04 19:52:54
Running from C:\Users\Franz-Xaver\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader OCR Engine für ScanWizard (HKLM\...\{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}) (Version: - )
Adblock Plus für IE (32-Bit) (HKLM\...\{654F389B-E402-4F7B-BA6D-DA732BB57ACB}) (Version: 1.4 - Eyeo GmbH)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{DE7D695C-2EC7-AFDF-F786-6E938DE83175}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Ashampoo Burning Studio 11 v.11.0.4 (HKLM\...\{91B33C97-D47B-F71A-455D-533CD6C3DC09}_is1) (Version: 11.0.4 - Ashampoo GmbH & Co. KG)
CardRecovery 6.10 (HKLM\...\{88D68A69-D247-466B-90DD-575F6BE16230}_is1) (Version: - WinRecovery Software)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
EVEREST Home Edition v2.20 (HKLM\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Fences (Version: 1.0 - Stardock Corporation) Hidden
Fotogalerie (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\...\Google+ Auto Backup) (Version: 1.0.27.161 - Google, Inc.)
HP Deskjet 1000 J110 series - Grundlegende Software für das Gerät (HKLM\...\{71F4FC17-1942-48E6-BC9F-56271AE74755}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Hilfe (HKLM\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kalenderchen 5 (HKLM\...\{11464943-4682-4F6B-A96D-D4E8C26DD111}_is1) (Version: - Daniel Manger)
Lingoes 2.9.2 (HKLM\...\Lingoes Translator_is1) (Version: 2.9.2 - Lingoes Project)
McAfee Internet Security Suite (HKLM\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
McAfee Virtual Technician (HKLM\...\McAfee Virtual Technician) (Version: 7.6.0.202 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0 (x86 de) (HKLM\...\Mozilla Firefox 36.0 (x86 de)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
Mozilla Thunderbird 31.1.2 (x86 de) (HKLM\...\Mozilla Thunderbird 31.1.2 (x86 de)) (Version: 31.1.2 - Mozilla)
MyDriveConnect 3.3.0.1812 (HKLM\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
MyKeyFinder (HKLM\...\MyKeyFinder_is1) (Version: 2014 - Abelssoft)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
RealDownloader (Version: 17.0.12 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM\...\RealPlayer 17.0) (Version: 17.0.12 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
ScanWizard 5 (HKLM\...\{B08D262E-D902-11D5-9C28-0080C85A0C2D}) (Version: - )
Secunia PSI (3.0.0.10004) (HKLM\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
SereneScreen Marine Aquarium 2.6 (HKLM\...\SereneScreen Marine Aquarium 2.6_is1) (Version: 2.6 - Prolific Publishing, Inc.)
SereneScreen Marine Aquarium 3 (HKLM\...\SereneScreen Marine Aquarium 3_is1) (Version: 3.0 - Prolific Publishing, Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Studie zur Verbesserung von HP Deskjet 1000 J110 series Produkten (HKLM\...\{2F8EFDA0-1160-4484-B575-B24279DED5F4}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
swix (HKLM\...\{DAE0C545-FEFE-49C5-9474-670051E3CBA9}_is1) (Version: 4.2 - Daniel Reust)
TapinRadio 1.60.1 (HKLM\...\TapinRadio_is1) (Version: - Raimersoft)
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.340 - TuneUp Software) Hidden
UpdateService (Version: 1.0.0 - RealNetworks, Inc.) Hidden
Vista Shortcut Manager (HKLM\...\{47609E69-4C5E-48B1-A889-24C6B82B5C04}) (Version: 2.0 - Frameworkx)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WEB.DE MailCheck für Mozilla Firefox (HKLM\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 3.0.2.1739 - 1&1 Mail & Media GmbH)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Franz-Xaver\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Franz-Xaver\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Franz-Xaver\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Franz-Xaver\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Franz-Xaver\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Franz-Xaver\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Franz-Xaver\AppData\Local\Google\Update\1.3.22.3\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Franz-Xaver\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Franz-Xaver\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Franz-Xaver\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Franz-Xaver\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Franz-Xaver\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Franz-Xaver\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Franz-Xaver\AppData\Local\Google\Update\1.3.22.3\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Franz-Xaver\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Franz-Xaver\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation)

==================== Restore Points =========================

27-02-2015 14:48:23 McAfee Vulnerability Scanner
27-02-2015 21:03:51 Wiederherstellungsvorgang
27-02-2015 21:38:36 Revo Uninstaller's restore point - Google Chrome
27-02-2015 21:40:40 Revo Uninstaller's restore point - Google Chrome
27-02-2015 21:41:23 Revo Uninstaller's restore point - Google Chrome
27-02-2015 21:42:10 Revo Uninstaller's restore point - Google+ Auto Backup
27-02-2015 22:18:53 Windows Update
27-02-2015 22:43:06 Revo Uninstaller's restore point - RealPlayer Cloud
27-02-2015 22:46:57 Revo Uninstaller's restore point - RealPlayer Cloud
02-03-2015 00:28:44 Wiederherstellungsvorgang
02-03-2015 00:43:39 Revo Uninstaller's restore point - JetDrive
02-03-2015 00:46:03 Revo Uninstaller's restore point - Spybot - Search & Destroy
02-03-2015 00:48:06 Revo Uninstaller's restore point - Spybot - Search & Destroy
02-03-2015 00:51:34 Revo Uninstaller's restore point - CCleaner
02-03-2015 00:54:16 Revo Uninstaller's restore point - Secunia PSI (3.0.0.10004)
02-03-2015 01:01:59 Windows Update
02-03-2015 01:33:37 Revo Uninstaller's restore point - RealPlayer Cloud
02-03-2015 01:37:02 Revo Uninstaller's restore point - RealPlayer Cloud
02-03-2015 08:50:17 Revo Uninstaller's restore point - MyDriveConnect 3.3.0.1756
02-03-2015 08:56:23 Wiederherstellungsvorgang
02-03-2015 09:21:41 Windows Update
02-03-2015 09:37:59 Installed Adblock Plus for IE (32-bit)
02-03-2015 09:51:22 Revo Uninstaller's restore point - Malwarebytes Anti-Malware Version 2.0.4.1028
02-03-2015 10:44:57 Alles läuft
02-03-2015 20:05:29 Windows-Sicherung
04-03-2015 17:24:05 Revo Uninstaller's restore point - Google Chrome
04-03-2015 17:37:02 Revo Uninstaller's restore point - JetDrive
04-03-2015 17:40:29 Revo Uninstaller's restore point - Spybot - Search & Destroy
04-03-2015 17:41:41 Revo Uninstaller's restore point - CCleaner
04-03-2015 18:08:31 Revo Uninstaller's restore point - Aquamarin Haushaltsbuch 2.9.2 b
04-03-2015 18:31:35 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {09255380-7327-4480-B91D-89A8CE8B614E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {129A7EEF-6DF8-4824-97C4-AC11E0E8713E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1708056501-3709124106-2672143446-1001UA => C:\Users\Franz-Xaver\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-21] (Google Inc.)
Task: {1FCFC5BD-4D7E-4F1D-825E-383D44086EBD} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1708056501-3709124106-2672143446-1001 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {2DA867B0-7ED8-435D-9F56-0D6C7EF01811} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1708056501-3709124106-2672143446-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {2DF7EC4F-8233-4152-9F18-A7920FEB4149} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {2E32999F-7743-4104-88C1-2391AA4D8B06} - System32\Tasks\{DC14020A-4F8C-4DC3-B81B-E5AB812FED78} => pcalua.exe -a "C:\Program Files\Lavalys\EVEREST Home Edition\everest.exe" -d C:\Users\Franz-Xaver\Desktop\Icons
Task: {4A475CED-BF82-4518-AFCB-BDE670AA0269} - System32\Tasks\ReclaimerUpdateXML_Franz-Xaver => C:\Users\Franz-Xaver\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.04\agent\rnupgagent.exe [2015-02-08] (RealNetworks, Inc.)
Task: {70874997-D9FA-4106-80E3-61D49776BFFB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {72578D24-B841-4D47-81AC-F9E2203EC1C3} - System32\Tasks\RNUpgradeHelperLogonPrompt_Franz-Xaver => C:\Users\Franz-Xaver\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.04\agent\rnupgagent.exe [2015-02-08] (RealNetworks, Inc.)
Task: {786CCA5B-3C99-46BB-B0C7-F226211EEBCD} - System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series => C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {79A8BAAD-8F2A-471C-8037-8B117A027613} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {7C054148-0A95-4C45-B19F-99F04C8BFAD0} - System32\Tasks\{7F423AD6-73BE-4378-9935-21303B0F6712} => pcalua.exe -a C:\Users\Franz-Xaver\Downloads\irfanview_plugins_438_setup(1).exe -d C:\Users\Franz-Xaver\Downloads
Task: {81ED74FA-89C3-4CE6-8A30-3DF6697DA6DA} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1708056501-3709124106-2672143446-1001 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {8450E2FE-D8F9-4702-B404-BBC188C6792A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {8C6B1131-6FED-4108-9452-824F3FE6407B} - System32\Tasks\{512A0E43-8380-45B2-A6FB-82AEA58C28F6} => pcalua.exe -a C:\Users\Franz-Xaver\Downloads\pantsoff(1).exe -d C:\Users\Franz-Xaver\Downloads
Task: {8DD99137-62A4-4A78-9C62-9C4D76E5419E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {95424444-AFF8-4071-AB94-E025DC863AEC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {A69EFA21-4D51-47EA-96CB-5D4C2DE0DDB9} - System32\Tasks\RNUpgradeHelperResumePrompt_Franz-Xaver => C:\Users\Franz-Xaver\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.04\agent\rnupgagent.exe [2015-02-08] (RealNetworks, Inc.)
Task: {B4927734-B506-4644-9C29-DDF7A9ADF950} - System32\Tasks\SUSSXGQ => C:\ProgramData\ff8e396d4c654c0eaab0bc98beb6cf02\ff8e396d4c654c0eaab0bc98beb6cf02.exe
Task: {BE59BFB8-0193-444A-B10A-22664AC3F56C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1708056501-3709124106-2672143446-1001Core => C:\Users\Franz-Xaver\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-21] (Google Inc.)
Task: {C02A339B-CE32-4786-B54E-9EC9298D845B} - System32\Tasks\JetDrive => C:\Program Files\JetDrive\JetDrive.exe
Task: {C58EFEC2-592A-4741-BDCB-F39AE77F6DF5} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ASTERIX-Franz-Xaver ASTERIX => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-01-21] (Microsoft Corporation)
Task: {C6421B43-189F-4198-BD5F-916FBBEECA5C} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {C712A019-562C-49B3-92C3-15AD7CDA93C2} - System32\Tasks\SuperEasy Registry Cleaner => C:\Program Files\SuperEasy Software\Registry Cleaner\SuperEasyRC.exe
Task: {D3C57CB6-2780-4456-B09A-D59B4F1265A5} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1708056501-3709124106-2672143446-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {DDB7CD3A-8E87-4B77-BD6D-DFEB952F3180} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe
Task: {E7972BC0-177E-4610-905C-F9065ABC892A} - System32\Tasks\ReclaimerUpdateFiles_Franz-Xaver => C:\Users\Franz-Xaver\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.04\agent\rnupgagent.exe [2015-02-08] (RealNetworks, Inc.)
Task: {E863073C-BDC4-4468-A728-F0F98A1AB90D} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1708056501-3709124106-2672143446-1001 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2014-07-24] (RealNetworks, Inc.)
Task: {EC2413E2-7B15-4D4A-AAA1-51BE04867C03} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {EED16CA5-DDAA-4323-BD5E-2F9EDF2C30D5} - System32\Tasks\PhotoProduct.exe => C:\Program Files\HP Photo Creations\PhotoProduct.exe [2010-07-01] (Visan / RocketLife)
Task: {F449E389-E5F0-40CC-9C43-13F4538A2339} - System32\Tasks\{D9630860-E8D5-4EB5-AAB3-38A7FF8AA0BC} => pcalua.exe -a C:\Users\Franz-Xaver\Downloads\irfanview_plugins_438_setup.exe -d C:\Users\Franz-Xaver\Downloads

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708056501-3709124106-2672143446-1001Core.job => C:\Users\Franz-Xaver\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708056501-3709124106-2672143446-1001UA.job => C:\Users\Franz-Xaver\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\JetDrive.job => C:\Program Files\JetDrive\JetDrive.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Franz-Xaver.job => C:\Users\Franz-Xaver\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.04\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Franz-Xaver.job => C:\Users\Franz-Xaver\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.04\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Franz-Xaver.job => C:\Users\Franz-Xaver\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.04\agent\rnupgagent.exe

==================== Loaded Modules (whitelisted) ==============

2014-07-24 11:47 - 2014-07-24 11:47 - 00039568 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-09-20 16:48 - 2014-09-20 16:48 - 00861784 _____ () c:\program files\real\realplayer\RPDS\Plugins\cldplin.dll
2014-07-24 14:06 - 2014-07-24 14:06 - 00023552 _____ () C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
2012-01-12 11:23 - 2012-01-12 11:23 - 00018432 _____ () C:\Users\Franz-Xaver\AppData\LocalLow\WOT\IE\WOTUpdater.exe
2014-10-03 13:04 - 2014-10-03 13:04 - 00026488 _____ () C:\Program Files\MyDrive Connect\DeviceDetection.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00087416 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterBase.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00398712 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterProxy.dll
2015-02-05 17:06 - 2015-02-05 17:06 - 16852144 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Franz-Xaver\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\Windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scanner Finder.lnk => C:\Windows\pss\Scanner Finder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Franz-Xaver^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OptimizerPro.lnk => C:\Windows\pss\OptimizerPro.lnk.Startup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: GoogleChromeAutoLaunch_D2C13C9444C4943518BADCD59958BD86 => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Lingoes => C:\Program Files\Lingoes\Translator2\Lingoes.exe -minimize
MSCONFIG\startupreg: SDTray => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: TkBellExe => "c:\program files\real\realplayer\Update\realsched.exe" -osboot

==================== Accounts: =============================

Administrator (S-1-5-21-1708056501-3709124106-2672143446-500 - Administrator - Disabled)
Franz-Xaver (S-1-5-21-1708056501-3709124106-2672143446-1001 - Administrator - Enabled) => C:\Users\Franz-Xaver
Gast (S-1-5-21-1708056501-3709124106-2672143446-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1708056501-3709124106-2672143446-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Coprozessor
Description: Coprozessor
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/04/2015 07:30:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/04/2015 07:30:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/04/2015 07:29:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/04/2015 07:29:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/04/2015 06:38:49 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (03/04/2015 06:31:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service Spybot-S&D 2 Security Center Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (03/04/2015 06:31:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service Spybot-S&D 2 Updating Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (03/04/2015 06:31:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service Spybot-S&D 2 Scanner Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (03/04/2015 06:08:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service Spybot-S&D 2 Security Center Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (03/04/2015 06:08:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service Spybot-S&D 2 Updating Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.


System errors:
=============
Error: (03/04/2015 06:42:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126

Error: (03/04/2015 05:17:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126

Error: (03/04/2015 05:13:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126

Error: (03/04/2015 05:10:54 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎04.‎03.‎2015 um 01:16:08 unerwartet heruntergefahren.

Error: (03/04/2015 00:42:20 AM) (Source: DCOM) (EventID: 10016) (User: ASTERIX)
Description: AnwendungsspezifischLokalAktivierung{0C0A3666-30C9-11D0-8F20-00805F2CD064}{9209B1A6-964A-11D0-9372-00A0C9034910}ASTERIXFranz-XaverS-1-5-21-1708056501-3709124106-2672143446-1001LocalHost (unter Verwendung von LRPC)

Error: (03/04/2015 00:41:56 AM) (Source: DCOM) (EventID: 10016) (User: ASTERIX)
Description: AnwendungsspezifischLokalAktivierung{0C0A3666-30C9-11D0-8F20-00805F2CD064}{9209B1A6-964A-11D0-9372-00A0C9034910}ASTERIXFranz-XaverS-1-5-21-1708056501-3709124106-2672143446-1001LocalHost (unter Verwendung von LRPC)

Error: (03/04/2015 00:41:51 AM) (Source: DCOM) (EventID: 10016) (User: ASTERIX)
Description: AnwendungsspezifischLokalAktivierung{0C0A3666-30C9-11D0-8F20-00805F2CD064}{9209B1A6-964A-11D0-9372-00A0C9034910}ASTERIXFranz-XaverS-1-5-21-1708056501-3709124106-2672143446-1001LocalHost (unter Verwendung von LRPC)

Error: (03/04/2015 00:41:51 AM) (Source: DCOM) (EventID: 10016) (User: ASTERIX)
Description: AnwendungsspezifischLokalAktivierung{0C0A3666-30C9-11D0-8F20-00805F2CD064}{9209B1A6-964A-11D0-9372-00A0C9034910}ASTERIXFranz-XaverS-1-5-21-1708056501-3709124106-2672143446-1001LocalHost (unter Verwendung von LRPC)

Error: (03/04/2015 00:16:14 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ehRecvr erreicht.

Error: (03/04/2015 00:15:44 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ehRecvr erreicht.


Microsoft Office Sessions:
=========================
Error: (03/04/2015 07:30:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\program files\tapinradio\CrashReport.exe

Error: (03/04/2015 07:30:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\AMD\ATI.ACE\core-static\SLSTaskbar64.exe

Error: (03/04/2015 07:29:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 1000 J110 series\DriverStore\Pipeline\amd64\hpinkins8811.exe

Error: (03/04/2015 07:29:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{7722483A-5FB8-4A2E-9422-6DA527A9173F}\recordingmanager.exe

Error: (03/04/2015 06:38:49 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (03/04/2015 06:31:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Spybot-S&D 2 Security Center Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (03/04/2015 06:31:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Spybot-S&D 2 Updating Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (03/04/2015 06:31:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Spybot-S&D 2 Scanner Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (03/04/2015 06:08:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Spybot-S&D 2 Security Center Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (03/04/2015 06:08:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Spybot-S&D 2 Updating Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU E5400 @ 2.70GHz
Percentage of memory in use: 50%
Total physical RAM: 3071.3 MB
Available physical RAM: 1521.16 MB
Total Pagefile: 6440.9 MB
Available Pagefile: 4598.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 1869.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:471.91 GB) (Free:416.22 GB) NTFS
Drive h: (Volume) (Fixed) (Total:459.5 GB) (Free:457.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 009CCE01)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=471.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=459.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================DE]DE]

deeprybka 04.03.2015 21:23
Hi Xorrie,
mach mal bitte folgenden Fix:


Schritt 1

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...st/frstfix.png

Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
CloseProcesses:
C:\Program Files\SereneScreen
C:\Program Files\UniDeals
C:\Program Files\WajNEnhance
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SereneScreen
Task: {B4927734-B506-4644-9C29-DDF7A9ADF950} - System32\Tasks\SUSSXGQ => C:\ProgramData\ff8e396d4c654c0eaab0bc98beb6cf02\ff8e396d4c654c0eaab0bc98beb6cf02.exe
Task: {C6421B43-189F-4198-BD5F-916FBBEECA5C} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {C712A019-562C-49B3-92C3-15AD7CDA93C2} - System32\Tasks\SuperEasy Registry Cleaner => C:\Program Files\SuperEasy Software\Registry Cleaner\SuperEasyRC.exe
C:\Program Files\Enigma Software Group\
C:\Program Files\SuperEasy Software\
C:\ProgramData\ff8e396d4c654c0eaab0bc98beb6cf02
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50588;https=127.0.0.1:50588
Reg: Reg delete "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v "SavedLegacySettings" /f
Reg: Reg delete "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v "DefaultConnectionSettings" /f
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Winsock: Catalog9 01 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 02 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 03 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 04 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 15 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-01-23] ()
C:\Windows\System32\DRIVERS\EsgScanner.sys
2015-02-15 23:30 - 2015-02-15 23:30 - 00005336 _____ () C:\Windows\system32\ColorMedia.ini
2015-02-15 23:30 - 2015-02-15 23:30 - 00002928 _____ () C:\Windows\system32\ColorMediaOff.ini
2015-02-15 23:30 - 2015-02-07 21:45 - 00318616 _____ (Over the Rainbow Tech) C:\Windows\system32\ColorMedia.dll
cmd: netsh winsock reset
Reboot:
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.

Nach dem Reboot:

Schritt 2

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, markiere auch die checkbox http://deeprybka.trojaner-board.de/b...t/addition.pngund drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

Xorrie 04.03.2015 22:08
Hallo Jürgen,
wenn ich den Fix-Button anklicke erscheint:
No fixlist.txt found.
The fixlist.txt should be in the same folder/directory the tool is located.

deeprybka 04.03.2015 22:16
Speichere die Fixlist auch hier:

Code:
Running from C:\Users\Franz-Xaver\Downloads

Xorrie 04.03.2015 22:38
[COAdditional scan result of Farbar Recovery Scan Tool (x86) Version: 04-03-2015
Ran by Franz-Xaver at 2015-03-04 22:33:03
Running from C:\Users\Franz-Xaver\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader OCR Engine für ScanWizard (HKLM\...\{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}) (Version: - )
Adblock Plus für IE (32-Bit) (HKLM\...\{654F389B-E402-4F7B-BA6D-DA732BB57ACB}) (Version: 1.4 - Eyeo GmbH)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{DE7D695C-2EC7-AFDF-F786-6E938DE83175}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Ashampoo Burning Studio 11 v.11.0.4 (HKLM\...\{91B33C97-D47B-F71A-455D-533CD6C3DC09}_is1) (Version: 11.0.4 - Ashampoo GmbH & Co. KG)
CardRecovery 6.10 (HKLM\...\{88D68A69-D247-466B-90DD-575F6BE16230}_is1) (Version: - WinRecovery Software)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
EVEREST Home Edition v2.20 (HKLM\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Fences (Version: 1.0 - Stardock Corporation) Hidden
Fotogalerie (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\...\Google+ Auto Backup) (Version: 1.0.27.161 - Google, Inc.)
HP Deskjet 1000 J110 series - Grundlegende Software für das Gerät (HKLM\...\{71F4FC17-1942-48E6-BC9F-56271AE74755}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Hilfe (HKLM\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kalenderchen 5 (HKLM\...\{11464943-4682-4F6B-A96D-D4E8C26DD111}_is1) (Version: - Daniel Manger)
Lingoes 2.9.2 (HKLM\...\Lingoes Translator_is1) (Version: 2.9.2 - Lingoes Project)
McAfee Internet Security Suite (HKLM\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
McAfee Virtual Technician (HKLM\...\McAfee Virtual Technician) (Version: 7.6.0.202 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0 (x86 de) (HKLM\...\Mozilla Firefox 36.0 (x86 de)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
Mozilla Thunderbird 31.1.2 (x86 de) (HKLM\...\Mozilla Thunderbird 31.1.2 (x86 de)) (Version: 31.1.2 - Mozilla)
MyDriveConnect 3.3.0.1812 (HKLM\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
MyKeyFinder (HKLM\...\MyKeyFinder_is1) (Version: 2014 - Abelssoft)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
RealDownloader (Version: 17.0.12 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM\...\RealPlayer 17.0) (Version: 17.0.12 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
ScanWizard 5 (HKLM\...\{B08D262E-D902-11D5-9C28-0080C85A0C2D}) (Version: - )
Secunia PSI (3.0.0.10004) (HKLM\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
SereneScreen Marine Aquarium 2.6 (HKLM\...\SereneScreen Marine Aquarium 2.6_is1) (Version: 2.6 - Prolific Publishing, Inc.)
SereneScreen Marine Aquarium 3 (HKLM\...\SereneScreen Marine Aquarium 3_is1) (Version: 3.0 - Prolific Publishing, Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Studie zur Verbesserung von HP Deskjet 1000 J110 series Produkten (HKLM\...\{2F8EFDA0-1160-4484-B575-B24279DED5F4}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
swix (HKLM\...\{DAE0C545-FEFE-49C5-9474-670051E3CBA9}_is1) (Version: 4.2 - Daniel Reust)
TapinRadio 1.60.1 (HKLM\...\TapinRadio_is1) (Version: - Raimersoft)
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.340 - TuneUp Software) Hidden
UpdateService (Version: 1.0.0 - RealNetworks, Inc.) Hidden
Vista Shortcut Manager (HKLM\...\{47609E69-4C5E-48B1-A889-24C6B82B5C04}) (Version: 2.0 - Frameworkx)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WEB.DE MailCheck für Mozilla Firefox (HKLM\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 3.0.2.1739 - 1&1 Mail & Media GmbH)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Franz-Xaver\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Franz-Xaver\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Franz-Xaver\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Franz-Xaver\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Franz-Xaver\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Franz-Xaver\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Franz-Xaver\AppData\Local\Google\Update\1.3.22.3\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Franz-Xaver\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Franz-Xaver\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Franz-Xaver\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Franz-Xaver\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Franz-Xaver\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Franz-Xaver\AppData\Local\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Franz-Xaver\AppData\Local\Google\Update\1.3.22.3\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Franz-Xaver\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Franz-Xaver\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation)

==================== Restore Points =========================

27-02-2015 14:48:23 McAfee Vulnerability Scanner
27-02-2015 21:03:51 Wiederherstellungsvorgang
27-02-2015 21:38:36 Revo Uninstaller's restore point - Google Chrome
27-02-2015 21:40:40 Revo Uninstaller's restore point - Google Chrome
27-02-2015 21:41:23 Revo Uninstaller's restore point - Google Chrome
27-02-2015 21:42:10 Revo Uninstaller's restore point - Google+ Auto Backup
27-02-2015 22:18:53 Windows Update
27-02-2015 22:43:06 Revo Uninstaller's restore point - RealPlayer Cloud
27-02-2015 22:46:57 Revo Uninstaller's restore point - RealPlayer Cloud
02-03-2015 00:28:44 Wiederherstellungsvorgang
02-03-2015 00:43:39 Revo Uninstaller's restore point - JetDrive
02-03-2015 00:46:03 Revo Uninstaller's restore point - Spybot - Search & Destroy
02-03-2015 00:48:06 Revo Uninstaller's restore point - Spybot - Search & Destroy
02-03-2015 00:51:34 Revo Uninstaller's restore point - CCleaner
02-03-2015 00:54:16 Revo Uninstaller's restore point - Secunia PSI (3.0.0.10004)
02-03-2015 01:01:59 Windows Update
02-03-2015 01:33:37 Revo Uninstaller's restore point - RealPlayer Cloud
02-03-2015 01:37:02 Revo Uninstaller's restore point - RealPlayer Cloud
02-03-2015 08:50:17 Revo Uninstaller's restore point - MyDriveConnect 3.3.0.1756
02-03-2015 08:56:23 Wiederherstellungsvorgang
02-03-2015 09:21:41 Windows Update
02-03-2015 09:37:59 Installed Adblock Plus for IE (32-bit)
02-03-2015 09:51:22 Revo Uninstaller's restore point - Malwarebytes Anti-Malware Version 2.0.4.1028
02-03-2015 10:44:57 Alles läuft
02-03-2015 20:05:29 Windows-Sicherung
04-03-2015 17:24:05 Revo Uninstaller's restore point - Google Chrome
04-03-2015 17:37:02 Revo Uninstaller's restore point - JetDrive
04-03-2015 17:40:29 Revo Uninstaller's restore point - Spybot - Search & Destroy
04-03-2015 17:41:41 Revo Uninstaller's restore point - CCleaner
04-03-2015 18:08:31 Revo Uninstaller's restore point - Aquamarin Haushaltsbuch 2.9.2 b
04-03-2015 18:31:35 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {09255380-7327-4480-B91D-89A8CE8B614E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {129A7EEF-6DF8-4824-97C4-AC11E0E8713E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1708056501-3709124106-2672143446-1001UA => C:\Users\Franz-Xaver\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-21] (Google Inc.)
Task: {1FCFC5BD-4D7E-4F1D-825E-383D44086EBD} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1708056501-3709124106-2672143446-1001 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {2DA867B0-7ED8-435D-9F56-0D6C7EF01811} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1708056501-3709124106-2672143446-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {2DF7EC4F-8233-4152-9F18-A7920FEB4149} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {2E32999F-7743-4104-88C1-2391AA4D8B06} - System32\Tasks\{DC14020A-4F8C-4DC3-B81B-E5AB812FED78} => pcalua.exe -a "C:\Program Files\Lavalys\EVEREST Home Edition\everest.exe" -d C:\Users\Franz-Xaver\Desktop\Icons
Task: {4A475CED-BF82-4518-AFCB-BDE670AA0269} - System32\Tasks\ReclaimerUpdateXML_Franz-Xaver => C:\Users\Franz-Xaver\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.04\agent\rnupgagent.exe [2015-02-08] (RealNetworks, Inc.)
Task: {70874997-D9FA-4106-80E3-61D49776BFFB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {72578D24-B841-4D47-81AC-F9E2203EC1C3} - System32\Tasks\RNUpgradeHelperLogonPrompt_Franz-Xaver => C:\Users\Franz-Xaver\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.04\agent\rnupgagent.exe [2015-02-08] (RealNetworks, Inc.)
Task: {786CCA5B-3C99-46BB-B0C7-F226211EEBCD} - System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series => C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {79A8BAAD-8F2A-471C-8037-8B117A027613} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {7C054148-0A95-4C45-B19F-99F04C8BFAD0} - System32\Tasks\{7F423AD6-73BE-4378-9935-21303B0F6712} => pcalua.exe -a C:\Users\Franz-Xaver\Downloads\irfanview_plugins_438_setup(1).exe -d C:\Users\Franz-Xaver\Downloads
Task: {81ED74FA-89C3-4CE6-8A30-3DF6697DA6DA} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1708056501-3709124106-2672143446-1001 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {8450E2FE-D8F9-4702-B404-BBC188C6792A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {8C6B1131-6FED-4108-9452-824F3FE6407B} - System32\Tasks\{512A0E43-8380-45B2-A6FB-82AEA58C28F6} => pcalua.exe -a C:\Users\Franz-Xaver\Downloads\pantsoff(1).exe -d C:\Users\Franz-Xaver\Downloads
Task: {8DD99137-62A4-4A78-9C62-9C4D76E5419E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {95424444-AFF8-4071-AB94-E025DC863AEC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {A69EFA21-4D51-47EA-96CB-5D4C2DE0DDB9} - System32\Tasks\RNUpgradeHelperResumePrompt_Franz-Xaver => C:\Users\Franz-Xaver\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.04\agent\rnupgagent.exe [2015-02-08] (RealNetworks, Inc.)
Task: {B4927734-B506-4644-9C29-DDF7A9ADF950} - System32\Tasks\SUSSXGQ => C:\ProgramData\ff8e396d4c654c0eaab0bc98beb6cf02\ff8e396d4c654c0eaab0bc98beb6cf02.exe
Task: {BE59BFB8-0193-444A-B10A-22664AC3F56C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1708056501-3709124106-2672143446-1001Core => C:\Users\Franz-Xaver\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-21] (Google Inc.)
Task: {C02A339B-CE32-4786-B54E-9EC9298D845B} - System32\Tasks\JetDrive => C:\Program Files\JetDrive\JetDrive.exe
Task: {C58EFEC2-592A-4741-BDCB-F39AE77F6DF5} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ASTERIX-Franz-Xaver ASTERIX => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-01-21] (Microsoft Corporation)
Task: {C6421B43-189F-4198-BD5F-916FBBEECA5C} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {C712A019-562C-49B3-92C3-15AD7CDA93C2} - System32\Tasks\SuperEasy Registry Cleaner => C:\Program Files\SuperEasy Software\Registry Cleaner\SuperEasyRC.exe
Task: {D3C57CB6-2780-4456-B09A-D59B4F1265A5} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1708056501-3709124106-2672143446-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {DDB7CD3A-8E87-4B77-BD6D-DFEB952F3180} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe
Task: {E7972BC0-177E-4610-905C-F9065ABC892A} - System32\Tasks\ReclaimerUpdateFiles_Franz-Xaver => C:\Users\Franz-Xaver\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.04\agent\rnupgagent.exe [2015-02-08] (RealNetworks, Inc.)
Task: {E863073C-BDC4-4468-A728-F0F98A1AB90D} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1708056501-3709124106-2672143446-1001 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2014-07-24] (RealNetworks, Inc.)
Task: {EC2413E2-7B15-4D4A-AAA1-51BE04867C03} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {EED16CA5-DDAA-4323-BD5E-2F9EDF2C30D5} - System32\Tasks\PhotoProduct.exe => C:\Program Files\HP Photo Creations\PhotoProduct.exe [2010-07-01] (Visan / RocketLife)
Task: {F449E389-E5F0-40CC-9C43-13F4538A2339} - System32\Tasks\{D9630860-E8D5-4EB5-AAB3-38A7FF8AA0BC} => pcalua.exe -a C:\Users\Franz-Xaver\Downloads\irfanview_plugins_438_setup.exe -d C:\Users\Franz-Xaver\Downloads

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708056501-3709124106-2672143446-1001Core.job => C:\Users\Franz-Xaver\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708056501-3709124106-2672143446-1001UA.job => C:\Users\Franz-Xaver\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\JetDrive.job => C:\Program Files\JetDrive\JetDrive.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Franz-Xaver.job => C:\Users\Franz-Xaver\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.04\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Franz-Xaver.job => C:\Users\Franz-Xaver\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.04\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Franz-Xaver.job => C:\Users\Franz-Xaver\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.04\agent\rnupgagent.exe

==================== Loaded Modules (whitelisted) ==============

2014-07-24 11:47 - 2014-07-24 11:47 - 00039568 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-09-20 16:48 - 2014-09-20 16:48 - 00861784 _____ () c:\program files\real\realplayer\RPDS\Plugins\cldplin.dll
2014-07-24 14:06 - 2014-07-24 14:06 - 00023552 _____ () C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
2012-01-12 11:23 - 2012-01-12 11:23 - 00018432 _____ () C:\Users\Franz-Xaver\AppData\LocalLow\WOT\IE\WOTUpdater.exe
2014-10-03 13:04 - 2014-10-03 13:04 - 00026488 _____ () C:\Program Files\MyDrive Connect\DeviceDetection.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00087416 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterBase.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00398712 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterProxy.dll
2015-02-05 17:06 - 2015-02-05 17:06 - 16852144 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Franz-Xaver\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\Windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scanner Finder.lnk => C:\Windows\pss\Scanner Finder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Franz-Xaver^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OptimizerPro.lnk => C:\Windows\pss\OptimizerPro.lnk.Startup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: GoogleChromeAutoLaunch_D2C13C9444C4943518BADCD59958BD86 => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Lingoes => C:\Program Files\Lingoes\Translator2\Lingoes.exe -minimize
MSCONFIG\startupreg: SDTray => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: TkBellExe => "c:\program files\real\realplayer\Update\realsched.exe" -osboot

==================== Accounts: =============================

Administrator (S-1-5-21-1708056501-3709124106-2672143446-500 - Administrator - Disabled)
Franz-Xaver (S-1-5-21-1708056501-3709124106-2672143446-1001 - Administrator - Enabled) => C:\Users\Franz-Xaver
Gast (S-1-5-21-1708056501-3709124106-2672143446-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1708056501-3709124106-2672143446-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Coprozessor
Description: Coprozessor
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/04/2015 07:30:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/04/2015 07:30:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/04/2015 07:29:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/04/2015 07:29:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/04/2015 06:38:49 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (03/04/2015 06:31:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service Spybot-S&D 2 Security Center Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (03/04/2015 06:31:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service Spybot-S&D 2 Updating Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (03/04/2015 06:31:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service Spybot-S&D 2 Scanner Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (03/04/2015 06:08:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service Spybot-S&D 2 Security Center Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (03/04/2015 06:08:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service Spybot-S&D 2 Updating Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.


System errors:
=============
Error: (03/04/2015 06:42:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126

Error: (03/04/2015 05:17:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126

Error: (03/04/2015 05:13:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126

Error: (03/04/2015 05:10:54 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎04.‎03.‎2015 um 01:16:08 unerwartet heruntergefahren.

Error: (03/04/2015 00:42:20 AM) (Source: DCOM) (EventID: 10016) (User: ASTERIX)
Description: AnwendungsspezifischLokalAktivierung{0C0A3666-30C9-11D0-8F20-00805F2CD064}{9209B1A6-964A-11D0-9372-00A0C9034910}ASTERIXFranz-XaverS-1-5-21-1708056501-3709124106-2672143446-1001LocalHost (unter Verwendung von LRPC)

Error: (03/04/2015 00:41:56 AM) (Source: DCOM) (EventID: 10016) (User: ASTERIX)
Description: AnwendungsspezifischLokalAktivierung{0C0A3666-30C9-11D0-8F20-00805F2CD064}{9209B1A6-964A-11D0-9372-00A0C9034910}ASTERIXFranz-XaverS-1-5-21-1708056501-3709124106-2672143446-1001LocalHost (unter Verwendung von LRPC)

Error: (03/04/2015 00:41:51 AM) (Source: DCOM) (EventID: 10016) (User: ASTERIX)
Description: AnwendungsspezifischLokalAktivierung{0C0A3666-30C9-11D0-8F20-00805F2CD064}{9209B1A6-964A-11D0-9372-00A0C9034910}ASTERIXFranz-XaverS-1-5-21-1708056501-3709124106-2672143446-1001LocalHost (unter Verwendung von LRPC)

Error: (03/04/2015 00:41:51 AM) (Source: DCOM) (EventID: 10016) (User: ASTERIX)
Description: AnwendungsspezifischLokalAktivierung{0C0A3666-30C9-11D0-8F20-00805F2CD064}{9209B1A6-964A-11D0-9372-00A0C9034910}ASTERIXFranz-XaverS-1-5-21-1708056501-3709124106-2672143446-1001LocalHost (unter Verwendung von LRPC)

Error: (03/04/2015 00:16:14 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ehRecvr erreicht.

Error: (03/04/2015 00:15:44 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ehRecvr erreicht.


Microsoft Office Sessions:
=========================
Error: (03/04/2015 07:30:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\program files\tapinradio\CrashReport.exe

Error: (03/04/2015 07:30:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\AMD\ATI.ACE\core-static\SLSTaskbar64.exe

Error: (03/04/2015 07:29:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 1000 J110 series\DriverStore\Pipeline\amd64\hpinkins8811.exe

Error: (03/04/2015 07:29:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{7722483A-5FB8-4A2E-9422-6DA527A9173F}\recordingmanager.exe

Error: (03/04/2015 06:38:49 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (03/04/2015 06:31:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Spybot-S&D 2 Security Center Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (03/04/2015 06:31:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Spybot-S&D 2 Updating Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (03/04/2015 06:31:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Spybot-S&D 2 Scanner Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (03/04/2015 06:08:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Spybot-S&D 2 Security Center Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (03/04/2015 06:08:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Spybot-S&D 2 Updating Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU E5400 @ 2.70GHz
Percentage of memory in use: 53%
Total physical RAM: 3071.3 MB
Available physical RAM: 1421.71 MB
Total Pagefile: 6440.9 MB
Available Pagefile: 4445.41 MB
Total Virtual: 2047.88 MB
Available Virtual: 1889.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:471.91 GB) (Free:414.89 GB) NTFS
Drive h: (Volume) (Fixed) (Total:459.5 GB) (Free:457.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 009CCE01)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=471.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=459.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Code:
[/CO
FRST Logfile:

       
Code:

       
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2015
Ran by Franz-Xaver (administrator) on ASTERIX on 04-03-2015 22:32:24
Running from C:\Users\Franz-Xaver\Downloads
Loaded Profiles: Franz-Xaver (Available profiles: Franz-Xaver)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Users\Franz-Xaver\AppData\LocalLow\WOT\IE\WOTUpdater.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Daniel Manger Software) C:\Program Files\Kalenderchen\Kalenderchen.exe
(TomTom) C:\Program Files\MyDrive Connect\MyDriveConnect.exe
(Google Inc.) C:\Users\Franz-Xaver\AppData\Local\Google\Update\GoogleUpdate.exe
(Advanced Micro Devices Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ATI Technologies Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Farbar) C:\Users\Franz-Xaver\Downloads\FRST(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe [748232 2014-11-20] (Advanced Micro Devices, Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\...\Run: [DMS-Kalenderchen] => C:\Program Files\Kalenderchen\Kalenderchen.exe [3494912 2010-03-16] (Daniel Manger Software)
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\...\Run: [Google Update] => C:\Users\Franz-Xaver\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2015-02-21] (Google Inc.)
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\...\Run: [Google+ Auto Backup] => C:\Users\Franz-Xaver\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.)
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\MA2_6.scr [2936832 2006-02-28] ()
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\Franz-Xaver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Franz-Xaver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 1000 J110 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 1000 J110 series.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50588;https=127.0.0.1:50588
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: WOT -> {9E571C81-21E7-496B-9E6B-127E60263022} -> C:\Users\Franz-Xaver\AppData\LocalLow\WOT\IE\WOT.dll (WOT Services Oy)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Eyeo GmbH)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog9 01 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 02 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 03 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 04 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 15 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Franz-Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\oyabea71.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF SelectedSearchEngine: webssearches
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\npmcsnffpl.dll ()
FF Plugin: @mcafee.com/MVT -> C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=17.0.12.0 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=17.0.12 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=17.0.12.0 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1708056501-3709124106-2672143446-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Franz-Xaver\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1708056501-3709124106-2672143446-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Franz-Xaver\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Franz-Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\oyabea71.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Franz-Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\oyabea71.default\searchplugins\google-maps.xml
FF Extension: Google Translator for Firefox - C:\Users\Franz-Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\oyabea71.default\Extensions\translator@zoli.bod.xpi [2015-02-17]
FF Extension: {011f2b37-2728-4487-80d7-47da9dddd46c} - C:\Users\Franz-Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\oyabea71.default\Extensions\{011f2b37-2728-4487-80d7-47da9dddd46c}.xpi [2015-02-15]
FF Extension: Adblock Plus - C:\Users\Franz-Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\oyabea71.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-16]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: No Name - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-09-19]
FF HKLM\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\Franz-Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\oyabea71.default\extensions\searchengine@gmail.com
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-01-13]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [nphjeokkkbngjpiofnfpnafjeofjomfb] - C:\Users\Franz-Xaver\AppData\LocalLow\WOT\CHROME\WOT.crx [2012-01-12]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-10-08] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2015-01-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-24] ()
R2 RealPlayer Cloud Service; c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-09-20] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-24] () [File not signed]
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 WOTUpdater; C:\Users\Franz-Xaver\AppData\LocalLow\WOT\IE\WOTUpdater.exe [18432 2012-01-12] () [File not signed]
S2 HPSLPSVC; C:\Users\Franz-Xaver\AppData\Local\Temp\7zS03AD\hpslpsvc32.dll [X]
S2 JetDrive WindowsClosingService; C:\Windows\System32\WindowsClosingService [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-01-23] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
S3 jetdrive; C:\Windows\System32\DRIVERS\jddrv.sys [29056 2012-05-22] (Abelssoft GmbH)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-25] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [575984 2015-01-13] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [350240 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81296 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217224 2014-06-20] (McAfee, Inc.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2014-11-28] (Secunia)
S3 cpuz134; \??\C:\Users\FRANZ-~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
U3 DfSdkS; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 21:59 - 2015-03-04 21:59 - 01132544 _____ (Farbar) C:\Users\Franz-Xaver\Downloads\FRST(1).exe
2015-03-04 21:23 - 2015-03-04 21:23 - 02126848 _____ () C:\Users\Franz-Xaver\Downloads\AdwCleaner_4.111.exe
2015-03-04 19:56 - 2015-03-04 19:56 - 00046802 _____ () C:\Users\Franz-Xaver\Desktop\FRST.txt
2015-03-04 19:56 - 2015-03-04 19:56 - 00039039 _____ () C:\Users\Franz-Xaver\Desktop\Addition.txt
2015-03-04 19:52 - 2015-03-04 19:53 - 00039039 _____ () C:\Users\Franz-Xaver\Downloads\Addition.txt
2015-03-04 19:51 - 2015-03-04 22:32 - 00017936 _____ () C:\Users\Franz-Xaver\Downloads\FRST.txt
2015-03-04 19:51 - 2015-03-04 22:32 - 00000000 ____D () C:\FRST
2015-03-04 19:50 - 2015-03-04 19:50 - 01132544 _____ (Farbar) C:\Users\Franz-Xaver\Downloads\FRST.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 17142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 11220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 04240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-04 18:33 - 2015-03-04 18:33 - 02166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 01926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-04 18:33 - 2015-03-04 18:33 - 01818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-03-04 18:33 - 2015-03-04 18:33 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-04 18:33 - 2015-03-04 18:33 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-03-04 18:33 - 2015-03-04 18:33 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-04 18:31 - 2015-03-04 18:36 - 00010829 _____ () C:\Windows\IE11_main.log
2015-03-04 18:03 - 2015-03-04 18:04 - 06821496 _____ (TomTom International B.V.) C:\Users\Franz-Xaver\Downloads\InstallMyDriveConnect(1).exe
2015-03-04 18:02 - 2015-03-02 09:17 - 06821496 _____ (TomTom International B.V.) C:\Users\Franz-Xaver\Downloads\InstallMyDriveConnect_3_3_0_1812.exe
2015-03-04 17:59 - 2015-03-04 17:59 - 00000064 ____H () C:\Users\Franz-Xaver\Downloads\.picasa.ini
2015-03-03 15:13 - 2015-03-03 15:13 - 00002308 _____ () C:\Windows\PFRO.log
2015-03-02 10:15 - 2015-03-02 10:17 - 00000000 ____D () C:\Users\Franz-Xaver\Documents\P-Wort
2015-03-02 10:04 - 2015-03-02 10:11 - 00000000 ____D () C:\Users\Franz-Xaver\Documents\Regisry
2015-03-02 10:01 - 2015-01-10 19:09 - 00010240 _____ () C:\Users\Franz-Xaver\Documents\Gesamt--GAS.wps
2015-03-02 09:34 - 2015-03-02 09:38 - 40822424 _____ () C:\Users\Franz-Xaver\Downloads\Firefox_Setup_36.0.exe
2015-03-02 09:22 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-03-02 09:05 - 2015-03-04 18:38 - 00000448 _____ () C:\Windows\setupact.log
2015-03-02 09:05 - 2015-03-02 09:05 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-27 21:56 - 2015-03-02 09:02 - 00000000 ____D () C:\Program Files\Opera
2015-02-25 17:38 - 2015-02-25 17:39 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-25 17:37 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-25 17:37 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-25 17:36 - 2015-03-02 09:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-25 17:36 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-21 20:48 - 2015-02-21 20:48 - 00663000 _____ () C:\Users\Franz-Xaver\Downloads\MeinWetter_CB-DL-Manager.exe
2015-02-21 20:14 - 2015-03-04 22:19 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708056501-3709124106-2672143446-1001UA.job
2015-02-21 20:14 - 2015-03-04 20:19 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708056501-3709124106-2672143446-1001Core.job
2015-02-21 20:14 - 2015-03-02 09:03 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2015-02-21 20:12 - 2015-02-21 20:12 - 00001068 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
2015-02-21 20:12 - 2015-02-21 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-02-21 19:56 - 2015-02-21 19:56 - 00000000 ____D () C:\Users\Franz-Xaver\Documents\OneNote-Notizbücher
2015-02-20 09:46 - 2015-02-20 09:46 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2015-02-20 01:06 - 2015-03-02 23:59 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\Apps\2.0
2015-02-17 12:40 - 2015-02-17 12:40 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
2015-02-17 12:11 - 2015-02-17 12:11 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-02-17 11:49 - 2015-02-20 13:49 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-17 11:48 - 2015-02-20 13:49 - 00000000 ____D () C:\ProgramData\IObit
2015-02-17 11:48 - 2015-02-17 11:48 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\IObit
2015-02-15 23:41 - 2015-02-15 23:41 - 00000000 ____D () C:\Program Files\b06aa4c3-c9f0-4250-b86a-8700e8851354
2015-02-15 23:40 - 2015-02-21 19:51 - 00000000 ____D () C:\Program Files\I - Cinema
2015-02-15 23:30 - 2015-02-15 23:30 - 00005336 _____ () C:\Windows\system32\ColorMedia.ini
2015-02-15 23:30 - 2015-02-15 23:30 - 00002928 _____ () C:\Windows\system32\ColorMediaOff.ini
2015-02-15 23:30 - 2015-02-07 21:45 - 00318616 _____ (Over the Rainbow Tech) C:\Windows\system32\ColorMedia.dll
2015-02-15 22:33 - 2015-02-15 22:33 - 00666568 _____ () C:\Users\Franz-Xaver\Downloads\adblock-plus-firefox.exe
2015-02-15 22:07 - 2015-03-02 09:39 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2015-02-15 21:54 - 2015-03-03 15:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-15 21:54 - 2015-03-02 09:47 - 00001127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-15 21:54 - 2015-03-02 09:47 - 00001115 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-15 21:54 - 2015-03-02 09:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-14 01:04 - 2015-02-14 01:04 - 00000000 ____D () C:\Program Files\MagiCSS  Live CSS Editor
2015-02-14 01:03 - 2015-03-02 09:03 - 00000000 ____D () C:\Program Files\UniDeals
2015-02-14 01:02 - 2015-03-02 09:03 - 00000000 ____D () C:\ProgramData\fcmjkjjhnlggamjbjkoohmnflagmljcn
2015-02-14 01:01 - 2015-02-22 09:51 - 00000000 ____D () C:\ProgramData\{0b22c01c-79a4-4523-0b22-2c01c79a0071}
2015-02-13 12:47 - 2015-02-13 12:47 - 04575232 _____ (Google Inc.) C:\Windows\system32\GPhotos.scr
2015-02-12 00:29 - 2015-01-09 03:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-12 00:29 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-12 00:29 - 2015-01-09 03:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-11 22:27 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-02-11 22:27 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 22:26 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 22:26 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 22:26 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 22:26 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 22:26 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 22:26 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 22:26 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 22:26 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 22:26 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 22:26 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 22:26 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 22:26 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 22:26 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 22:26 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 22:25 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 22:25 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 22:25 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 22:25 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 22:25 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 22:25 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 22:25 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 22:25 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 22:25 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 22:25 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 22:25 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 22:22 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 22:21 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 00:09 - 2014-07-16 10:24 - 00036152 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll
2015-02-10 23:13 - 2015-03-04 18:45 - 01004380 _____ () C:\Windows\WindowsUpdate.log
2015-02-10 22:36 - 2015-03-02 17:00 - 00000276 _____ () C:\Windows\Tasks\JetDrive.job
2015-02-10 22:24 - 2015-02-16 00:03 - 00000000 ____D () C:\Program Files\NirSoft
2015-02-10 22:21 - 2015-02-10 22:21 - 01198368 _____ () C:\Users\Franz-Xaver\Downloads\Mail PassView - CHIP-Installer(2).exe
2015-02-10 21:49 - 2015-03-02 09:03 - 00000000 ____D () C:\Program Files\WajNEnhance
2015-02-10 21:42 - 2015-02-10 21:42 - 00620920 _____ () C:\Users\Franz-Xaver\Downloads\passwordfox.exe
2015-02-10 12:38 - 2015-02-11 00:18 - 00000000 ____D () C:\Users\Franz-Xaver\Tracing
2015-02-10 12:36 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-02-10 12:36 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-02-10 12:36 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-02-10 12:36 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-02-10 12:36 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-02-10 12:35 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-02-10 01:55 - 2015-02-10 01:55 - 00002023 _____ () C:\Users\Franz-Xaver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lingoes.lnk
2015-02-10 01:54 - 2015-02-10 01:54 - 00001993 _____ () C:\Users\Franz-Xaver\Desktop\Lingoes.lnk
2015-02-10 01:54 - 2015-02-10 01:54 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lingoes
2015-02-10 01:54 - 2015-02-10 01:54 - 00000000 ____D () C:\Program Files\Lingoes
2015-02-10 01:52 - 2015-02-10 01:52 - 01198368 _____ () C:\Users\Franz-Xaver\Downloads\Lingoes - CHIP-Installer.exe
2015-02-09 12:27 - 2015-03-04 18:40 - 00000400 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Franz-Xaver.job
2015-02-09 12:27 - 2015-03-02 10:30 - 00000394 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Franz-Xaver.job
2015-02-09 12:26 - 2015-03-02 12:30 - 00000390 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Franz-Xaver.job
2015-02-08 17:55 - 2015-03-04 21:25 - 00000000 ____D () C:\AdwCleaner
2015-02-07 19:31 - 2014-07-16 10:24 - 00036664 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2015-02-07 19:31 - 2014-07-16 10:24 - 00025400 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2015-02-07 19:30 - 2015-02-07 19:30 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\TuneUp Software
2015-02-07 19:30 - 2015-02-07 19:30 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\TuneUp Software
2015-02-07 19:28 - 2015-02-20 13:47 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-07 19:25 - 2015-02-07 19:26 - 00621048 _____ () C:\Users\Franz-Xaver\Downloads\Kalenderchen6_setup_CB-DL-Manager.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 22:06 - 2015-01-23 15:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-04 21:37 - 2014-09-22 15:04 - 00000000 ____D () C:\Users\Franz-Xaver\Desktop\ebay
2015-03-04 20:26 - 2009-07-14 05:34 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-04 20:26 - 2009-07-14 05:34 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-04 20:02 - 2015-01-13 05:26 - 00001844 _____ () C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
2015-03-04 20:02 - 2015-01-13 04:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-03-04 19:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-03-04 18:39 - 2014-09-14 13:07 - 00000000 ____D () C:\Windows\Panther
2015-03-04 18:38 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-04 18:37 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-03-04 18:29 - 2014-09-15 09:01 - 00000000 ____D () C:\Users\Franz-Xaver\TapinRadio
2015-03-04 18:04 - 2014-09-14 19:12 - 00000000 ____D () C:\Program Files\MyDrive Connect
2015-03-04 17:41 - 2014-09-25 15:03 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-04 17:25 - 2014-09-17 19:56 - 00000000 ____D () C:\Program Files\Google
2015-03-04 17:24 - 2014-09-16 17:15 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\CrashDumps
2015-03-02 10:00 - 2014-09-16 08:26 - 00000602 _____ () C:\Users\Franz-Xaver\AppData\Roaming\wklnhst.dat
2015-03-02 10:00 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-03-02 09:41 - 2009-07-14 05:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-02 09:22 - 2014-09-14 12:18 - 01637016 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-02 09:07 - 2014-09-17 19:56 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\Google
2015-03-02 09:05 - 2014-09-14 12:16 - 00000000 ____D () C:\Users\Franz-Xaver
2015-03-02 09:04 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-03-02 09:03 - 2015-01-25 01:43 - 00000000 ____D () C:\Users\Franz-Xaver\Downloads\pstpassword_1.7
2015-03-02 09:03 - 2014-12-02 21:51 - 00000000 ____D () C:\Program Files\Secunia
2015-03-02 09:03 - 2014-11-20 18:55 - 00000000 ____D () C:\Users\Franz-Xaver\Downloads\mailpv_1.83
2015-03-02 09:03 - 2014-10-19 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-02 09:03 - 2014-09-20 16:49 - 00000000 ____D () C:\Program Files\Common Files\xing shared
2015-03-02 09:03 - 2014-09-20 15:58 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\vlc
2015-03-02 09:03 - 2014-09-19 23:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2015-03-02 09:03 - 2014-09-19 23:55 - 00000000 ____D () C:\Program Files\RealNetworks
2015-03-02 09:03 - 2014-09-19 23:50 - 00000000 ____D () C:\ProgramData\RealNetworks
2015-03-02 09:03 - 2014-09-15 14:00 - 00000000 ____D () C:\ProgramData\Real
2015-03-02 09:03 - 2014-09-15 14:00 - 00000000 ____D () C:\Program Files\Real
2015-03-02 09:03 - 2014-09-14 19:12 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\TomTom
2015-03-02 09:03 - 2014-09-14 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2015-03-02 09:03 - 2014-09-14 12:47 - 00000000 ____D () C:\Program Files\McAfee
2015-03-02 09:03 - 2014-09-14 12:32 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-03-02 09:03 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-02 09:02 - 2014-09-15 14:10 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\RealNetworks
2015-03-02 09:02 - 2014-09-15 13:59 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\Real
2015-03-02 09:02 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-03-02 09:01 - 2014-09-14 13:28 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-02 09:01 - 2014-09-14 12:32 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-02 08:59 - 2014-10-19 14:58 - 00000000 ____D () C:\Program Files\Java
2015-03-02 08:58 - 2014-09-16 09:53 - 00000000 __RHD () C:\MSOCache
2015-02-27 21:56 - 2014-09-15 18:35 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\Opera Software
2015-02-27 21:56 - 2014-09-15 18:35 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\Opera Software
2015-02-25 17:04 - 2014-09-28 08:00 - 00034712 _____ () C:\Windows\system32\MyDefrag.dat
2015-02-25 17:04 - 2014-09-28 08:00 - 00000549 _____ () C:\Windows\system32\MyDefrag.debuglog
2015-02-24 20:13 - 2014-09-14 12:56 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-23 23:20 - 2014-09-14 12:53 - 00000000 ____D () C:\Program Files\ScanWizard 5
2015-02-20 17:51 - 2014-09-22 14:57 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\Daniel_Reust
2015-02-20 17:31 - 2014-09-16 16:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2015-02-20 17:31 - 2014-09-16 15:59 - 00000000 ____D () C:\Program Files\Ashampoo
2015-02-20 15:48 - 2014-09-16 10:01 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-20 15:48 - 2014-09-14 15:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-20 15:46 - 2014-10-19 14:58 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-02-20 13:50 - 2015-01-29 01:55 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-02-20 13:50 - 2014-11-04 01:01 - 00000000 ____D () C:\Program Files\SumatraPDF
2015-02-20 13:50 - 2014-11-02 00:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyKeyFinder
2015-02-20 13:50 - 2014-11-02 00:00 - 00000000 ____D () C:\Program Files\MyKeyFinder
2015-02-20 13:50 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\security
2015-02-20 13:49 - 2009-07-14 09:56 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-02-20 13:48 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-02-17 10:53 - 2014-09-14 19:11 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\Windows Live
2015-02-16 00:12 - 2014-09-16 16:58 - 00000000 ____D () C:\ProgramData\Live Aquarium HD
2015-02-16 00:01 - 2014-11-07 00:15 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\IrfanView
2015-02-15 23:52 - 2014-09-14 13:16 - 00001122 _____ () C:\Users\Franz-Xaver\Desktop\Internet Explorer.lnk
2015-02-15 23:52 - 2014-09-14 12:18 - 00001152 _____ () C:\Users\Franz-Xaver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-15 22:35 - 2015-01-27 01:03 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\dlg
2015-02-13 00:11 - 2009-07-14 03:03 - 57147392 _____ () C:\Windows\system32\config\SOFTWARE.rcbak
2015-02-13 00:11 - 2009-07-14 03:03 - 25165824 _____ () C:\Windows\system32\config\SYSTEM.rcbak
2015-02-13 00:11 - 2009-07-14 03:03 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.rcbak
2015-02-13 00:11 - 2009-07-14 03:03 - 00057344 _____ () C:\Windows\system32\config\SAM.rcbak
2015-02-13 00:11 - 2009-07-14 03:03 - 00024576 _____ () C:\Windows\system32\config\SECURITY.rcbak
2015-02-12 02:31 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing
2015-02-12 00:01 - 2009-07-14 05:33 - 00444472 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 23:58 - 2014-12-10 19:47 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 23:58 - 2014-09-14 19:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 23:53 - 2014-09-14 18:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 23:46 - 2014-09-14 18:34 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 23:45 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-11 23:42 - 2009-07-14 03:04 - 00000478 _____ () C:\Windows\win.ini
2015-02-11 00:21 - 2014-09-21 22:59 - 00000000 ____D () C:\Windows\pss
2015-02-11 00:03 - 2014-09-14 20:14 - 00000000 ____D () C:\Program Files\Windows Live
2015-02-10 01:55 - 2014-09-15 23:18 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\Lingoes
2015-02-08 19:37 - 2014-09-14 12:16 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\VirtualStore
2015-02-07 19:52 - 2014-09-22 23:44 - 00001883 _____ () C:\Users\Public\Desktop\Kalenderchen 5.lnk
2015-02-07 19:52 - 2014-09-22 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalenderchen5
2015-02-07 19:49 - 2014-09-15 15:08 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\Kalenderchen6
2015-02-07 19:36 - 2014-10-03 14:19 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\HpUpdate
2015-02-07 19:36 - 2014-09-14 15:01 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\Microsoft Help
2015-02-05 17:29 - 2014-09-16 15:59 - 00000000 ____D () C:\ProgramData\Ashampoo
2015-02-05 17:06 - 2014-09-14 19:17 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 17:06 - 2014-09-14 19:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-09-16 08:26 - 2015-03-02 10:00 - 0000602 _____ () C:\Users\Franz-Xaver\AppData\Roaming\wklnhst.dat
2014-09-28 14:17 - 2014-09-28 14:17 - 0007598 _____ () C:\Users\Franz-Xaver\AppData\Local\Resmon.ResmonCfg
2014-10-08 12:23 - 2014-10-08 12:23 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-02-17 12:40 - 2015-02-17 12:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-24 16:23

==================== End Of Log ============================

--- --- ---
DE]DE]

deeprybka 04.03.2015 22:47
Bist Du sicher dass Du auch den Fix ausgeführt hast?

Nochmal: Bitte lade die angehängte Datei ins Downloadsverzeichnis. Starte FRST, drücke den FIX Button. Warte bis der Fix durchgelaufen ist, starte den PC neu. Poste das Fixlog.txt (auch im Downloadverzeichnis) und dann wiederhole den Scan und poste die beiden Logs.

Xorrie 04.03.2015 23:17
Ich habe FRST gestartet, Fix angeklickt und es tut sich nichts, es erscheint nur:

No fixlist.txt found.

The fixlist.txt should be in the same folder/directory the tool is located.

deeprybka 04.03.2015 23:21
Die FRST.exe liegt hier:

Code:
C:\Users\Franz-Xaver\Downloads
Dort muss auch die Fixlist.txt gespeichert werden damit der Fix funktioniert.

Nicht ohne Grund weisen wir die User an, alles auf den Desktop zu speichern... ;)

Xorrie 04.03.2015 23:36
Ich hoffe, dass das richtig ist.?

[COD
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2015
Ran by Franz-Xaver (administrator) on ASTERIX on 04-03-2015 23:26:57
Running from C:\Users\Franz-Xaver\Downloads
Loaded Profiles: Franz-Xaver (Available profiles: Franz-Xaver)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Users\Franz-Xaver\AppData\LocalLow\WOT\IE\WOTUpdater.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Daniel Manger Software) C:\Program Files\Kalenderchen\Kalenderchen.exe
(TomTom) C:\Program Files\MyDrive Connect\MyDriveConnect.exe
(Google Inc.) C:\Users\Franz-Xaver\AppData\Local\Google\Update\GoogleUpdate.exe
(Advanced Micro Devices Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ATI Technologies Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
(Lingoes Project) C:\Program Files\Lingoes\Translator2\Lingoes.exe
(Farbar) C:\Users\Franz-Xaver\Downloads\FRST(1).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe [748232 2014-11-20] (Advanced Micro Devices, Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\...\Run: [DMS-Kalenderchen] => C:\Program Files\Kalenderchen\Kalenderchen.exe [3494912 2010-03-16] (Daniel Manger Software)
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\...\Run: [Google Update] => C:\Users\Franz-Xaver\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2015-02-21] (Google Inc.)
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\...\Run: [Google+ Auto Backup] => C:\Users\Franz-Xaver\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.)
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\MA2_6.scr [2936832 2006-02-28] ()
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\Franz-Xaver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Franz-Xaver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 1000 J110 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 1000 J110 series.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50588;https=127.0.0.1:50588
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: WOT -> {9E571C81-21E7-496B-9E6B-127E60263022} -> C:\Users\Franz-Xaver\AppData\LocalLow\WOT\IE\WOT.dll (WOT Services Oy)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Eyeo GmbH)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog9 01 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 02 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 03 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 04 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 15 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Franz-Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\oyabea71.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF SelectedSearchEngine: webssearches
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\npmcsnffpl.dll ()
FF Plugin: @mcafee.com/MVT -> C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=17.0.12.0 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=17.0.12 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=17.0.12.0 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1708056501-3709124106-2672143446-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Franz-Xaver\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1708056501-3709124106-2672143446-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Franz-Xaver\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Franz-Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\oyabea71.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Franz-Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\oyabea71.default\searchplugins\google-maps.xml
FF Extension: Google Translator for Firefox - C:\Users\Franz-Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\oyabea71.default\Extensions\translator@zoli.bod.xpi [2015-02-17]
FF Extension: {011f2b37-2728-4487-80d7-47da9dddd46c} - C:\Users\Franz-Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\oyabea71.default\Extensions\{011f2b37-2728-4487-80d7-47da9dddd46c}.xpi [2015-02-15]
FF Extension: Adblock Plus - C:\Users\Franz-Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\oyabea71.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-16]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: No Name - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-09-19]
FF HKLM\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\Franz-Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\oyabea71.default\extensions\searchengine@gmail.com
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-01-13]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [nphjeokkkbngjpiofnfpnafjeofjomfb] - C:\Users\Franz-Xaver\AppData\LocalLow\WOT\CHROME\WOT.crx [2012-01-12]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-10-08] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2015-01-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-24] ()
R2 RealPlayer Cloud Service; c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-09-20] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-24] () [File not signed]
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 WOTUpdater; C:\Users\Franz-Xaver\AppData\LocalLow\WOT\IE\WOTUpdater.exe [18432 2012-01-12] () [File not signed]
S2 HPSLPSVC; C:\Users\Franz-Xaver\AppData\Local\Temp\7zS03AD\hpslpsvc32.dll [X]
S2 JetDrive WindowsClosingService; C:\Windows\System32\WindowsClosingService [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-01-23] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
S3 jetdrive; C:\Windows\System32\DRIVERS\jddrv.sys [29056 2012-05-22] (Abelssoft GmbH)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-25] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [575984 2015-01-13] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [350240 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81296 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217224 2014-06-20] (McAfee, Inc.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2014-11-28] (Secunia)
S3 cpuz134; \??\C:\Users\FRANZ-~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
U3 DfSdkS; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 23:26 - 2015-03-04 23:27 - 00018221 _____ () C:\Users\Franz-Xaver\Downloads\FRST.txt
2015-03-04 23:26 - 2015-03-04 23:26 - 01132544 _____ (Farbar) C:\Users\Franz-Xaver\Downloads\FRST(1).exe
2015-03-04 23:10 - 2015-03-04 23:10 - 01132544 _____ (Farbar) C:\Users\Franz-Xaver\Downloads\FRST.exe
2015-03-04 21:23 - 2015-03-04 21:23 - 02126848 _____ () C:\Users\Franz-Xaver\Downloads\AdwCleaner_4.111.exe
2015-03-04 19:51 - 2015-03-04 23:27 - 00000000 ____D () C:\FRST
2015-03-04 18:33 - 2015-03-04 18:33 - 17142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 11220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 04240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-04 18:33 - 2015-03-04 18:33 - 02166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 01926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-04 18:33 - 2015-03-04 18:33 - 01818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-03-04 18:33 - 2015-03-04 18:33 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-04 18:33 - 2015-03-04 18:33 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-03-04 18:33 - 2015-03-04 18:33 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-04 18:31 - 2015-03-04 18:36 - 00010829 _____ () C:\Windows\IE11_main.log
2015-03-04 18:03 - 2015-03-04 18:04 - 06821496 _____ (TomTom International B.V.) C:\Users\Franz-Xaver\Downloads\InstallMyDriveConnect(1).exe
2015-03-04 18:02 - 2015-03-02 09:17 - 06821496 _____ (TomTom International B.V.) C:\Users\Franz-Xaver\Downloads\InstallMyDriveConnect_3_3_0_1812.exe
2015-03-04 17:59 - 2015-03-04 17:59 - 00000064 ____H () C:\Users\Franz-Xaver\Downloads\.picasa.ini
2015-03-03 15:13 - 2015-03-03 15:13 - 00002308 _____ () C:\Windows\PFRO.log
2015-03-02 10:15 - 2015-03-02 10:17 - 00000000 ____D () C:\Users\Franz-Xaver\Documents\P-Wort
2015-03-02 10:04 - 2015-03-02 10:11 - 00000000 ____D () C:\Users\Franz-Xaver\Documents\Regisry
2015-03-02 10:01 - 2015-01-10 19:09 - 00010240 _____ () C:\Users\Franz-Xaver\Documents\Gesamt--GAS.wps
2015-03-02 09:34 - 2015-03-02 09:38 - 40822424 _____ () C:\Users\Franz-Xaver\Downloads\Firefox_Setup_36.0.exe
2015-03-02 09:22 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-03-02 09:05 - 2015-03-04 18:38 - 00000448 _____ () C:\Windows\setupact.log
2015-03-02 09:05 - 2015-03-02 09:05 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-27 21:56 - 2015-03-02 09:02 - 00000000 ____D () C:\Program Files\Opera
2015-02-25 17:38 - 2015-02-25 17:39 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-25 17:37 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-25 17:37 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-25 17:36 - 2015-03-02 09:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-25 17:36 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-21 20:48 - 2015-02-21 20:48 - 00663000 _____ () C:\Users\Franz-Xaver\Downloads\MeinWetter_CB-DL-Manager.exe
2015-02-21 20:14 - 2015-03-04 23:19 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708056501-3709124106-2672143446-1001UA.job
2015-02-21 20:14 - 2015-03-04 20:19 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708056501-3709124106-2672143446-1001Core.job
2015-02-21 20:14 - 2015-03-02 09:03 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2015-02-21 20:12 - 2015-02-21 20:12 - 00001068 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
2015-02-21 20:12 - 2015-02-21 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-02-21 19:56 - 2015-02-21 19:56 - 00000000 ____D () C:\Users\Franz-Xaver\Documents\OneNote-Notizbücher
2015-02-20 09:46 - 2015-02-20 09:46 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2015-02-20 01:06 - 2015-03-02 23:59 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\Apps\2.0
2015-02-17 12:40 - 2015-02-17 12:40 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
2015-02-17 12:11 - 2015-02-17 12:11 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-02-17 11:49 - 2015-02-20 13:49 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-17 11:48 - 2015-02-20 13:49 - 00000000 ____D () C:\ProgramData\IObit
2015-02-17 11:48 - 2015-02-17 11:48 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\IObit
2015-02-15 23:41 - 2015-02-15 23:41 - 00000000 ____D () C:\Program Files\b06aa4c3-c9f0-4250-b86a-8700e8851354
2015-02-15 23:40 - 2015-02-21 19:51 - 00000000 ____D () C:\Program Files\I - Cinema
2015-02-15 23:30 - 2015-02-15 23:30 - 00005336 _____ () C:\Windows\system32\ColorMedia.ini
2015-02-15 23:30 - 2015-02-15 23:30 - 00002928 _____ () C:\Windows\system32\ColorMediaOff.ini
2015-02-15 23:30 - 2015-02-07 21:45 - 00318616 _____ (Over the Rainbow Tech) C:\Windows\system32\ColorMedia.dll
2015-02-15 22:33 - 2015-02-15 22:33 - 00666568 _____ () C:\Users\Franz-Xaver\Downloads\adblock-plus-firefox.exe
2015-02-15 22:07 - 2015-03-02 09:39 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2015-02-15 21:54 - 2015-03-03 15:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-15 21:54 - 2015-03-02 09:47 - 00001127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-15 21:54 - 2015-03-02 09:47 - 00001115 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-15 21:54 - 2015-03-02 09:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-14 01:04 - 2015-02-14 01:04 - 00000000 ____D () C:\Program Files\MagiCSS  Live CSS Editor
2015-02-14 01:03 - 2015-03-02 09:03 - 00000000 ____D () C:\Program Files\UniDeals
2015-02-14 01:02 - 2015-03-02 09:03 - 00000000 ____D () C:\ProgramData\fcmjkjjhnlggamjbjkoohmnflagmljcn
2015-02-14 01:01 - 2015-02-22 09:51 - 00000000 ____D () C:\ProgramData\{0b22c01c-79a4-4523-0b22-2c01c79a0071}
2015-02-13 12:47 - 2015-02-13 12:47 - 04575232 _____ (Google Inc.) C:\Windows\system32\GPhotos.scr
2015-02-12 00:29 - 2015-01-09 03:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-12 00:29 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-12 00:29 - 2015-01-09 03:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-11 22:27 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-02-11 22:27 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 22:26 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 22:26 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 22:26 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 22:26 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 22:26 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 22:26 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 22:26 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 22:26 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 22:26 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 22:26 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 22:26 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 22:26 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 22:26 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 22:26 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 22:25 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 22:25 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 22:25 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 22:25 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 22:25 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 22:25 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 22:25 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 22:25 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 22:25 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 22:25 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 22:25 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 22:22 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 22:21 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 00:09 - 2014-07-16 10:24 - 00036152 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll
2015-02-10 23:13 - 2015-03-04 18:45 - 01004380 _____ () C:\Windows\WindowsUpdate.log
2015-02-10 22:36 - 2015-03-02 17:00 - 00000276 _____ () C:\Windows\Tasks\JetDrive.job
2015-02-10 22:24 - 2015-02-16 00:03 - 00000000 ____D () C:\Program Files\NirSoft
2015-02-10 22:21 - 2015-02-10 22:21 - 01198368 _____ () C:\Users\Franz-Xaver\Downloads\Mail PassView - CHIP-Installer(2).exe
2015-02-10 21:49 - 2015-03-02 09:03 - 00000000 ____D () C:\Program Files\WajNEnhance
2015-02-10 21:42 - 2015-02-10 21:42 - 00620920 _____ () C:\Users\Franz-Xaver\Downloads\passwordfox.exe
2015-02-10 12:38 - 2015-02-11 00:18 - 00000000 ____D () C:\Users\Franz-Xaver\Tracing
2015-02-10 12:36 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-02-10 12:36 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-02-10 12:36 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-02-10 12:36 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-02-10 12:36 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-02-10 12:35 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-02-10 01:55 - 2015-02-10 01:55 - 00002023 _____ () C:\Users\Franz-Xaver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lingoes.lnk
2015-02-10 01:54 - 2015-02-10 01:54 - 00001993 _____ () C:\Users\Franz-Xaver\Desktop\Lingoes.lnk
2015-02-10 01:54 - 2015-02-10 01:54 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lingoes
2015-02-10 01:54 - 2015-02-10 01:54 - 00000000 ____D () C:\Program Files\Lingoes
2015-02-10 01:52 - 2015-02-10 01:52 - 01198368 _____ () C:\Users\Franz-Xaver\Downloads\Lingoes - CHIP-Installer.exe
2015-02-09 12:27 - 2015-03-04 18:40 - 00000400 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Franz-Xaver.job
2015-02-09 12:27 - 2015-03-02 10:30 - 00000394 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Franz-Xaver.job
2015-02-09 12:26 - 2015-03-02 12:30 - 00000390 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Franz-Xaver.job
2015-02-08 17:55 - 2015-03-04 21:25 - 00000000 ____D () C:\AdwCleaner
2015-02-07 19:31 - 2014-07-16 10:24 - 00036664 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2015-02-07 19:31 - 2014-07-16 10:24 - 00025400 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2015-02-07 19:30 - 2015-02-07 19:30 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\TuneUp Software
2015-02-07 19:30 - 2015-02-07 19:30 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\TuneUp Software
2015-02-07 19:28 - 2015-02-20 13:47 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-07 19:25 - 2015-02-07 19:26 - 00621048 _____ () C:\Users\Franz-Xaver\Downloads\Kalenderchen6_setup_CB-DL-Manager.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 23:06 - 2015-01-23 15:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-04 22:59 - 2014-09-22 15:04 - 00000000 ____D () C:\Users\Franz-Xaver\Desktop\EGun
2015-03-04 21:37 - 2014-09-22 15:04 - 00000000 ____D () C:\Users\Franz-Xaver\Desktop\ebay
2015-03-04 20:26 - 2009-07-14 05:34 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-04 20:26 - 2009-07-14 05:34 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-04 20:02 - 2015-01-13 05:26 - 00001844 _____ () C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
2015-03-04 20:02 - 2015-01-13 04:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-03-04 19:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-03-04 18:39 - 2014-09-14 13:07 - 00000000 ____D () C:\Windows\Panther
2015-03-04 18:38 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-04 18:37 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-03-04 18:29 - 2014-09-15 09:01 - 00000000 ____D () C:\Users\Franz-Xaver\TapinRadio
2015-03-04 18:04 - 2014-09-14 19:12 - 00000000 ____D () C:\Program Files\MyDrive Connect
2015-03-04 17:41 - 2014-09-25 15:03 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-04 17:25 - 2014-09-17 19:56 - 00000000 ____D () C:\Program Files\Google
2015-03-04 17:24 - 2014-09-16 17:15 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\CrashDumps
2015-03-02 10:00 - 2014-09-16 08:26 - 00000602 _____ () C:\Users\Franz-Xaver\AppData\Roaming\wklnhst.dat
2015-03-02 10:00 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-03-02 09:41 - 2009-07-14 05:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-02 09:22 - 2014-09-14 12:18 - 01637016 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-02 09:07 - 2014-09-17 19:56 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\Google
2015-03-02 09:05 - 2014-09-14 12:16 - 00000000 ____D () C:\Users\Franz-Xaver
2015-03-02 09:04 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-03-02 09:03 - 2015-01-25 01:43 - 00000000 ____D () C:\Users\Franz-Xaver\Downloads\pstpassword_1.7
2015-03-02 09:03 - 2014-12-02 21:51 - 00000000 ____D () C:\Program Files\Secunia
2015-03-02 09:03 - 2014-11-20 18:55 - 00000000 ____D () C:\Users\Franz-Xaver\Downloads\mailpv_1.83
2015-03-02 09:03 - 2014-10-19 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-02 09:03 - 2014-09-20 16:49 - 00000000 ____D () C:\Program Files\Common Files\xing shared
2015-03-02 09:03 - 2014-09-20 15:58 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\vlc
2015-03-02 09:03 - 2014-09-19 23:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2015-03-02 09:03 - 2014-09-19 23:55 - 00000000 ____D () C:\Program Files\RealNetworks
2015-03-02 09:03 - 2014-09-19 23:50 - 00000000 ____D () C:\ProgramData\RealNetworks
2015-03-02 09:03 - 2014-09-15 14:00 - 00000000 ____D () C:\ProgramData\Real
2015-03-02 09:03 - 2014-09-15 14:00 - 00000000 ____D () C:\Program Files\Real
2015-03-02 09:03 - 2014-09-14 19:12 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\TomTom
2015-03-02 09:03 - 2014-09-14 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2015-03-02 09:03 - 2014-09-14 12:47 - 00000000 ____D () C:\Program Files\McAfee
2015-03-02 09:03 - 2014-09-14 12:32 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-03-02 09:03 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-02 09:02 - 2014-09-15 14:10 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\RealNetworks
2015-03-02 09:02 - 2014-09-15 13:59 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\Real
2015-03-02 09:02 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-03-02 09:01 - 2014-09-14 13:28 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-02 09:01 - 2014-09-14 12:32 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-02 08:59 - 2014-10-19 14:58 - 00000000 ____D () C:\Program Files\Java
2015-03-02 08:58 - 2014-09-16 09:53 - 00000000 __RHD () C:\MSOCache
2015-02-27 21:56 - 2014-09-15 18:35 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\Opera Software
2015-02-27 21:56 - 2014-09-15 18:35 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\Opera Software
2015-02-25 17:04 - 2014-09-28 08:00 - 00034712 _____ () C:\Windows\system32\MyDefrag.dat
2015-02-25 17:04 - 2014-09-28 08:00 - 00000549 _____ () C:\Windows\system32\MyDefrag.debuglog
2015-02-24 20:13 - 2014-09-14 12:56 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-23 23:20 - 2014-09-14 12:53 - 00000000 ____D () C:\Program Files\ScanWizard 5
2015-02-20 17:51 - 2014-09-22 14:57 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\Daniel_Reust
2015-02-20 17:31 - 2014-09-16 16:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2015-02-20 17:31 - 2014-09-16 15:59 - 00000000 ____D () C:\Program Files\Ashampoo
2015-02-20 15:48 - 2014-09-16 10:01 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-20 15:48 - 2014-09-14 15:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-20 15:46 - 2014-10-19 14:58 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-02-20 13:50 - 2015-01-29 01:55 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-02-20 13:50 - 2014-11-04 01:01 - 00000000 ____D () C:\Program Files\SumatraPDF
2015-02-20 13:50 - 2014-11-02 00:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyKeyFinder
2015-02-20 13:50 - 2014-11-02 00:00 - 00000000 ____D () C:\Program Files\MyKeyFinder
2015-02-20 13:50 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\security
2015-02-20 13:49 - 2009-07-14 09:56 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-02-20 13:48 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-02-17 10:53 - 2014-09-14 19:11 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\Windows Live
2015-02-16 00:12 - 2014-09-16 16:58 - 00000000 ____D () C:\ProgramData\Live Aquarium HD
2015-02-16 00:01 - 2014-11-07 00:15 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\IrfanView
2015-02-15 23:52 - 2014-09-14 13:16 - 00001122 _____ () C:\Users\Franz-Xaver\Desktop\Internet Explorer.lnk
2015-02-15 23:52 - 2014-09-14 12:18 - 00001152 _____ () C:\Users\Franz-Xaver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-15 22:35 - 2015-01-27 01:03 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\dlg
2015-02-13 00:11 - 2009-07-14 03:03 - 57147392 _____ () C:\Windows\system32\config\SOFTWARE.rcbak
2015-02-13 00:11 - 2009-07-14 03:03 - 25165824 _____ () C:\Windows\system32\config\SYSTEM.rcbak
2015-02-13 00:11 - 2009-07-14 03:03 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.rcbak
2015-02-13 00:11 - 2009-07-14 03:03 - 00057344 _____ () C:\Windows\system32\config\SAM.rcbak
2015-02-13 00:11 - 2009-07-14 03:03 - 00024576 _____ () C:\Windows\system32\config\SECURITY.rcbak
2015-02-12 02:31 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing
2015-02-12 00:01 - 2009-07-14 05:33 - 00444472 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 23:58 - 2014-12-10 19:47 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 23:58 - 2014-09-14 19:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 23:53 - 2014-09-14 18:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 23:46 - 2014-09-14 18:34 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 23:45 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-11 23:42 - 2009-07-14 03:04 - 00000478 _____ () C:\Windows\win.ini
2015-02-11 00:21 - 2014-09-21 22:59 - 00000000 ____D () C:\Windows\pss
2015-02-11 00:03 - 2014-09-14 20:14 - 00000000 ____D () C:\Program Files\Windows Live
2015-02-10 01:55 - 2014-09-15 23:18 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\Lingoes
2015-02-08 19:37 - 2014-09-14 12:16 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\VirtualStore
2015-02-07 19:52 - 2014-09-22 23:44 - 00001883 _____ () C:\Users\Public\Desktop\Kalenderchen 5.lnk
2015-02-07 19:52 - 2014-09-22 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalenderchen5
2015-02-07 19:49 - 2014-09-15 15:08 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\Kalenderchen6
2015-02-07 19:36 - 2014-10-03 14:19 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\HpUpdate
2015-02-07 19:36 - 2014-09-14 15:01 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\Microsoft Help
2015-02-05 17:29 - 2014-09-16 15:59 - 00000000 ____D () C:\ProgramData\Ashampoo
2015-02-05 17:06 - 2014-09-14 19:17 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 17:06 - 2014-09-14 19:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-09-16 08:26 - 2015-03-02 10:00 - 0000602 _____ () C:\Users\Franz-Xaver\AppData\Roaming\wklnhst.dat
2014-09-28 14:17 - 2014-09-28 14:17 - 0007598 _____ () C:\Users\Franz-Xaver\AppData\Local\Resmon.ResmonCfg
2014-10-08 12:23 - 2014-10-08 12:23 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-02-17 12:40 - 2015-02-17 12:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-24 16:23

==================== End Of Log ============================
--- --- ---
E][/CODE]

deeprybka 04.03.2015 23:39
Hast Du auf den Fix-Button geklickt? Wo ist das Fixlog....:)

Xorrie 04.03.2015 23:48
Ich habe auf den Fix Button geklickt.

Das Ergebnis:
No fixlist.txt found.

The fixlist.txt should be in the same folder/directory the tool is located.

deeprybka 04.03.2015 23:51
Die Fixlist.txt und die FRST.exe müssen im gleichen Verzeichnis liegen. Bei Dir liegt die FRST.exe im Download-Ordner richtig?

Xorrie 04.03.2015 23:57
FRST und Addition liegen auf dem Desktop und im Downloadordner, sonst nichts anderes.
Wie geschrieben, wenn ich den Fix-Button anklicke, erscheint nur ein kleines Fenster mit dem Inhalt: No fixlist.txt found.
The fixlist.txt should be in the same folder/directory the tool is located.

deeprybka 05.03.2015 00:03
Es geht nicht darum wo die FRST.txt und die Addition.txt liegt, sondern wo die http://filepony.de/icon/frst.png (FRST.exe) Datei ist. Laut Log ist diese hier:

Code:
Running from C:\Users\Franz-Xaver\Downloads
Code:
2015-03-04 23:26 - 2015-03-04 23:26 - 01132544 _____ (Farbar) C:\Users\Franz-Xaver\Downloads\FRST(1).exe
2015-03-04 23:10 - 2015-03-04 23:10 - 01132544 _____ (Farbar) C:\Users\Franz-Xaver\Downloads\FRST.exe
In diesem Verzeichnis muss die fixlist.txt auch liegen, damit der Fix funktioniert.

Xorrie 05.03.2015 00:15
In dem Ordner ist nur das, nach Datum sortiert:
FRST, Addition und Scan Tool.

deeprybka 05.03.2015 00:32
Ja und in den Ordner vom Scantool muss die Fixlist. http://www.trojaner-board.de/attachm...vq-fixlist.txt

Und dann auf Fix drücken...

Xorrie 05.03.2015 00:51
Ich habe die Liste kopiert, in das Scantool eingefügt, auf Fix geklickt und das Ergebnis ist dasselbe:
No fixlist.txt found.
The fixlist.txt should be in the same folder/directory the tool is located.

Ich glaube ich gebe auf, im Moment kann ich kaum noch denken.

deeprybka 05.03.2015 00:54
Liste der Anhänge anzeigen (Anzahl: 1)
Du sollst sie nicht einfügen. Du sollst die Anweisungen lesen und die Dateien einfach im selben Verzeichnis ablegen und auf Fix drücken. :)

http://www.trojaner-board.de/attachm...1&d=1425513392

Xorrie 05.03.2015 01:04
Ich habe keinen Plan mehr.
Welche Anweisungen? Ich sehe keine.
Ich gebe auf!
Danke für Deine Mühe und für die Zeit, die Du für mich geopfert hast.
Ich bin halt doch schon zu alt für das WWW.:killpc:

Ich schalte jetzt den PC ab und versuche mich zu beruhigen und zu schlafen.

Beste Grüße :dankeschoen:

Frannz-Xaver

deeprybka 05.03.2015 11:38
Hi,
es geht um diesen Schritt. Das war die Anweisung. Als Hilfe hatte ich Dir die Fixlist sogar angehängt. :)

Zitat:
Zitat von deeprybka (Beitrag 1436331)
Hi Xorrie,
mach mal bitte folgenden Fix:


Schritt 1

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...st/frstfix.png

Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
CloseProcesses:
C:\Program Files\SereneScreen
C:\Program Files\UniDeals
C:\Program Files\WajNEnhance
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SereneScreen
Task: {B4927734-B506-4644-9C29-DDF7A9ADF950} - System32\Tasks\SUSSXGQ => C:\ProgramData\ff8e396d4c654c0eaab0bc98beb6cf02\ff8e396d4c654c0eaab0bc98beb6cf02.exe
Task: {C6421B43-189F-4198-BD5F-916FBBEECA5C} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {C712A019-562C-49B3-92C3-15AD7CDA93C2} - System32\Tasks\SuperEasy Registry Cleaner => C:\Program Files\SuperEasy Software\Registry Cleaner\SuperEasyRC.exe
C:\Program Files\Enigma Software Group\
C:\Program Files\SuperEasy Software\
C:\ProgramData\ff8e396d4c654c0eaab0bc98beb6cf02
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50588;https=127.0.0.1:50588
Reg: Reg delete "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v "SavedLegacySettings" /f
Reg: Reg delete "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v "DefaultConnectionSettings" /f
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Winsock: Catalog9 01 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 02 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 03 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 04 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 15 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-01-23] ()
C:\Windows\System32\DRIVERS\EsgScanner.sys
2015-02-15 23:30 - 2015-02-15 23:30 - 00005336 _____ () C:\Windows\system32\ColorMedia.ini
2015-02-15 23:30 - 2015-02-15 23:30 - 00002928 _____ () C:\Windows\system32\ColorMediaOff.ini
2015-02-15 23:30 - 2015-02-07 21:45 - 00318616 _____ (Over the Rainbow Tech) C:\Windows\system32\ColorMedia.dll
cmd: netsh winsock reset
Reboot:
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.

Nach dem Reboot:

Schritt 2

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, markiere auch die checkbox http://deeprybka.trojaner-board.de/b...t/addition.pngund drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

Xorrie 05.03.2015 20:59
Hallo Jürgen,
ich hoffe, dass das jetzt richtig ist.

[CO
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2015
Ran by Franz-Xaver (administrator) on ASTERIX on 05-03-2015 20:06:30
Running from C:\Users\Franz-Xaver\Downloads
Loaded Profiles: Franz-Xaver (Available profiles: Franz-Xaver)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Users\Franz-Xaver\AppData\LocalLow\WOT\IE\WOTUpdater.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Daniel Manger Software) C:\Program Files\Kalenderchen\Kalenderchen.exe
(Advanced Micro Devices Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe
(TomTom) C:\Program Files\MyDrive Connect\MyDriveConnect.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(ATI Technologies Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Franz-Xaver\Downloads\FRST(2).exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [499352 2014-09-17] (McAfee, Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe [748232 2014-11-20] (Advanced Micro Devices, Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\...\Run: [DMS-Kalenderchen] => C:\Program Files\Kalenderchen\Kalenderchen.exe [3494912 2010-03-16] (Daniel Manger Software)
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\...\Run: [Google Update] => C:\Users\Franz-Xaver\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2015-02-21] (Google Inc.)
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\...\Run: [Google+ Auto Backup] => C:\Users\Franz-Xaver\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.)
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\MA2_6.scr [2936832 2006-02-28] ()
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\Franz-Xaver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Franz-Xaver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 1000 J110 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 1000 J110 series.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
SearchScopes: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: WOT -> {9E571C81-21E7-496B-9E6B-127E60263022} -> C:\Users\Franz-Xaver\AppData\LocalLow\WOT\IE\WOT.dll (WOT Services Oy)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Eyeo GmbH)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Franz-Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\oyabea71.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF SelectedSearchEngine: webssearches
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\npmcsnffpl.dll ()
FF Plugin: @mcafee.com/MVT -> C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=17.0.12.0 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=17.0.12 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=17.0.12.0 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1708056501-3709124106-2672143446-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Franz-Xaver\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1708056501-3709124106-2672143446-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Franz-Xaver\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Franz-Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\oyabea71.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Franz-Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\oyabea71.default\searchplugins\google-maps.xml
FF Extension: Google Translator for Firefox - C:\Users\Franz-Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\oyabea71.default\Extensions\translator@zoli.bod.xpi [2015-02-17]
FF Extension: {011f2b37-2728-4487-80d7-47da9dddd46c} - C:\Users\Franz-Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\oyabea71.default\Extensions\{011f2b37-2728-4487-80d7-47da9dddd46c}.xpi [2015-02-15]
FF Extension: Adblock Plus - C:\Users\Franz-Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\oyabea71.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-16]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: No Name - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-09-19]
FF HKLM\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\Franz-Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\oyabea71.default\extensions\searchengine@gmail.com
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-01-13]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [nphjeokkkbngjpiofnfpnafjeofjomfb] - C:\Users\Franz-Xaver\AppData\LocalLow\WOT\CHROME\WOT.crx [2012-01-12]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [529216 2014-10-06] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [338160 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471560 2014-12-03] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [661088 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [171368 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179608 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-10-31] (McAfee, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-24] ()
R2 RealPlayer Cloud Service; c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-09-20] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-24] () [File not signed]
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 WOTUpdater; C:\Users\Franz-Xaver\AppData\LocalLow\WOT\IE\WOTUpdater.exe [18432 2012-01-12] () [File not signed]
S2 HPSLPSVC; C:\Users\Franz-Xaver\AppData\Local\Temp\7zS03AD\hpslpsvc32.dll [X]
S2 JetDrive WindowsClosingService; C:\Windows\System32\WindowsClosingService [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62840 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
S3 jetdrive; C:\Windows\System32\DRIVERS\jddrv.sys [29056 2012-05-22] (Abelssoft GmbH)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-25] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135880 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238312 2014-10-01] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67824 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371712 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [575992 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [352360 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81304 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217232 2014-10-01] (McAfee, Inc.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2014-11-28] (Secunia)
S3 cpuz134; \??\C:\Users\FRANZ-~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
U3 DfSdkS; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-05 20:01 - 2015-03-05 20:01 - 01132544 _____ (Farbar) C:\Users\Franz-Xaver\Downloads\FRST(2).exe
2015-03-05 19:57 - 2015-03-05 19:57 - 00002452 _____ () C:\Users\Franz-Xaver\Desktop\Fixlist.txt
2015-03-05 17:30 - 2013-09-23 13:48 - 00147912 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-03-05 00:44 - 2015-03-05 00:44 - 00047239 _____ () C:\Users\Franz-Xaver\Desktop\FRST1.txt
2015-03-05 00:29 - 2015-03-05 00:29 - 01132544 _____ (Farbar) C:\Users\Franz-Xaver\Downloads\FRST(1).exe
2015-03-04 23:30 - 2015-03-04 23:30 - 00047366 _____ () C:\Users\Franz-Xaver\Desktop\FRST.txt
2015-03-04 23:30 - 2015-03-04 23:30 - 00039298 _____ () C:\Users\Franz-Xaver\Desktop\Addition.txt
2015-03-04 23:27 - 2015-03-04 23:28 - 00039298 _____ () C:\Users\Franz-Xaver\Downloads\Addition.txt
2015-03-04 23:26 - 2015-03-05 20:07 - 00016807 _____ () C:\Users\Franz-Xaver\Downloads\FRST.txt
2015-03-04 23:10 - 2015-03-04 23:10 - 01132544 _____ (Farbar) C:\Users\Franz-Xaver\Downloads\FRST.exe
2015-03-04 21:23 - 2015-03-04 21:23 - 02126848 _____ () C:\Users\Franz-Xaver\Downloads\AdwCleaner_4.111.exe
2015-03-04 19:51 - 2015-03-05 20:06 - 00000000 ____D () C:\FRST
2015-03-04 18:33 - 2015-03-04 18:33 - 17142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 11220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 04240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-04 18:33 - 2015-03-04 18:33 - 02166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 01926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-04 18:33 - 2015-03-04 18:33 - 01818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-03-04 18:33 - 2015-03-04 18:33 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-04 18:33 - 2015-03-04 18:33 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-03-04 18:33 - 2015-03-04 18:33 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-03-04 18:33 - 2015-03-04 18:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-04 18:33 - 2015-03-04 18:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-04 18:31 - 2015-03-04 18:36 - 00010829 _____ () C:\Windows\IE11_main.log
2015-03-04 18:02 - 2015-03-02 09:17 - 06821496 _____ (TomTom International B.V.) C:\Users\Franz-Xaver\Downloads\InstallMyDriveConnect_3_3_0_1812.exe
2015-03-04 17:59 - 2015-03-04 17:59 - 00000064 ____H () C:\Users\Franz-Xaver\Downloads\.picasa.ini
2015-03-03 15:13 - 2015-03-05 19:41 - 00003078 _____ () C:\Windows\PFRO.log
2015-03-02 10:15 - 2015-03-02 10:17 - 00000000 ____D () C:\Users\Franz-Xaver\Documents\P-Wort
2015-03-02 10:04 - 2015-03-02 10:11 - 00000000 ____D () C:\Users\Franz-Xaver\Documents\Regisry
2015-03-02 10:01 - 2015-01-10 19:09 - 00010240 _____ () C:\Users\Franz-Xaver\Documents\Gesamt--GAS.wps
2015-03-02 09:34 - 2015-03-02 09:38 - 40822424 _____ () C:\Users\Franz-Xaver\Downloads\Firefox_Setup_36.0.exe
2015-03-02 09:22 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-03-02 09:05 - 2015-03-05 20:03 - 00000672 _____ () C:\Windows\setupact.log
2015-03-02 09:05 - 2015-03-02 09:05 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-27 21:56 - 2015-03-02 09:02 - 00000000 ____D () C:\Program Files\Opera
2015-02-25 17:38 - 2015-02-25 17:39 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-25 17:37 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-25 17:37 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-25 17:36 - 2015-03-02 09:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-25 17:36 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-21 20:48 - 2015-02-21 20:48 - 00663000 _____ () C:\Users\Franz-Xaver\Downloads\MeinWetter_CB-DL-Manager.exe
2015-02-21 20:14 - 2015-03-05 20:06 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708056501-3709124106-2672143446-1001UA.job
2015-02-21 20:14 - 2015-03-05 20:06 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708056501-3709124106-2672143446-1001Core.job
2015-02-21 20:14 - 2015-03-02 09:03 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2015-02-21 20:12 - 2015-02-21 20:12 - 00001068 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
2015-02-21 20:12 - 2015-02-21 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-02-21 19:56 - 2015-02-21 19:56 - 00000000 ____D () C:\Users\Franz-Xaver\Documents\OneNote-Notizbücher
2015-02-20 09:46 - 2015-02-20 09:46 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2015-02-20 01:06 - 2015-03-02 23:59 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\Apps\2.0
2015-02-17 12:40 - 2015-02-17 12:40 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
2015-02-17 12:11 - 2015-02-17 12:11 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-02-17 11:49 - 2015-02-20 13:49 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-17 11:48 - 2015-02-20 13:49 - 00000000 ____D () C:\ProgramData\IObit
2015-02-17 11:48 - 2015-02-17 11:48 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\IObit
2015-02-15 23:41 - 2015-02-15 23:41 - 00000000 ____D () C:\Program Files\b06aa4c3-c9f0-4250-b86a-8700e8851354
2015-02-15 23:40 - 2015-02-21 19:51 - 00000000 ____D () C:\Program Files\I - Cinema
2015-02-15 22:33 - 2015-02-15 22:33 - 00666568 _____ () C:\Users\Franz-Xaver\Downloads\adblock-plus-firefox.exe
2015-02-15 22:07 - 2015-03-02 09:39 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2015-02-15 21:54 - 2015-03-03 15:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-15 21:54 - 2015-03-02 09:47 - 00001127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-15 21:54 - 2015-03-02 09:47 - 00001115 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-15 21:54 - 2015-03-02 09:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-14 01:04 - 2015-02-14 01:04 - 00000000 ____D () C:\Program Files\MagiCSS  Live CSS Editor
2015-02-14 01:02 - 2015-03-02 09:03 - 00000000 ____D () C:\ProgramData\fcmjkjjhnlggamjbjkoohmnflagmljcn
2015-02-14 01:01 - 2015-02-22 09:51 - 00000000 ____D () C:\ProgramData\{0b22c01c-79a4-4523-0b22-2c01c79a0071}
2015-02-13 12:47 - 2015-02-13 12:47 - 04575232 _____ (Google Inc.) C:\Windows\system32\GPhotos.scr
2015-02-12 00:29 - 2015-01-09 03:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-12 00:29 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-12 00:29 - 2015-01-09 03:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-11 22:27 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-02-11 22:27 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 22:26 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 22:26 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 22:26 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 22:26 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 22:26 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 22:26 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 22:26 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 22:26 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 22:26 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 22:26 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 22:26 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 22:26 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 22:26 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 22:26 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 22:25 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 22:25 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 22:25 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 22:25 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 22:25 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 22:25 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 22:25 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 22:25 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 22:25 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 22:25 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 22:25 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 22:22 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 22:21 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 00:09 - 2014-07-16 10:24 - 00036152 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll
2015-02-10 23:13 - 2015-03-05 20:02 - 01067174 _____ () C:\Windows\WindowsUpdate.log
2015-02-10 22:36 - 2015-03-02 17:00 - 00000276 _____ () C:\Windows\Tasks\JetDrive.job
2015-02-10 22:24 - 2015-02-16 00:03 - 00000000 ____D () C:\Program Files\NirSoft
2015-02-10 22:21 - 2015-02-10 22:21 - 01198368 _____ () C:\Users\Franz-Xaver\Downloads\Mail PassView - CHIP-Installer(2).exe
2015-02-10 21:42 - 2015-02-10 21:42 - 00620920 _____ () C:\Users\Franz-Xaver\Downloads\passwordfox.exe
2015-02-10 12:38 - 2015-02-11 00:18 - 00000000 ____D () C:\Users\Franz-Xaver\Tracing
2015-02-10 12:36 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-02-10 12:36 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-02-10 12:36 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-02-10 12:36 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-02-10 12:36 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-02-10 12:35 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-02-10 01:55 - 2015-02-10 01:55 - 00002023 _____ () C:\Users\Franz-Xaver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lingoes.lnk
2015-02-10 01:54 - 2015-02-10 01:54 - 00001993 _____ () C:\Users\Franz-Xaver\Desktop\Lingoes.lnk
2015-02-10 01:54 - 2015-02-10 01:54 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lingoes
2015-02-10 01:54 - 2015-02-10 01:54 - 00000000 ____D () C:\Program Files\Lingoes
2015-02-10 01:52 - 2015-02-10 01:52 - 01198368 _____ () C:\Users\Franz-Xaver\Downloads\Lingoes - CHIP-Installer.exe
2015-02-09 12:27 - 2015-03-05 20:03 - 00000400 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Franz-Xaver.job
2015-02-09 12:27 - 2015-03-02 10:30 - 00000394 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Franz-Xaver.job
2015-02-09 12:26 - 2015-03-02 12:30 - 00000390 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Franz-Xaver.job
2015-02-08 17:55 - 2015-03-04 21:25 - 00000000 ____D () C:\AdwCleaner
2015-02-07 19:31 - 2014-07-16 10:24 - 00036664 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2015-02-07 19:31 - 2014-07-16 10:24 - 00025400 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2015-02-07 19:30 - 2015-02-07 19:30 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\TuneUp Software
2015-02-07 19:30 - 2015-02-07 19:30 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\TuneUp Software
2015-02-07 19:28 - 2015-02-20 13:47 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-07 19:25 - 2015-02-07 19:26 - 00621048 _____ () C:\Users\Franz-Xaver\Downloads\Kalenderchen6_setup_CB-DL-Manager.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-05 20:06 - 2015-01-23 15:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-05 20:03 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-05 20:02 - 2014-09-16 17:15 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\CrashDumps
2015-03-05 19:48 - 2009-07-14 05:34 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-05 19:48 - 2009-07-14 05:34 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-05 17:29 - 2014-09-14 12:32 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-03-05 16:55 - 2015-01-13 05:26 - 00001844 _____ () C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
2015-03-05 16:55 - 2015-01-13 04:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-03-04 22:59 - 2014-09-22 15:04 - 00000000 ____D () C:\Users\Franz-Xaver\Desktop\EGun
2015-03-04 21:37 - 2014-09-22 15:04 - 00000000 ____D () C:\Users\Franz-Xaver\Desktop\ebay
2015-03-04 19:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-03-04 18:39 - 2014-09-14 13:07 - 00000000 ____D () C:\Windows\Panther
2015-03-04 18:37 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-03-04 18:29 - 2014-09-15 09:01 - 00000000 ____D () C:\Users\Franz-Xaver\TapinRadio
2015-03-04 18:04 - 2014-09-14 19:12 - 00000000 ____D () C:\Program Files\MyDrive Connect
2015-03-04 17:41 - 2014-09-25 15:03 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-04 17:25 - 2014-09-17 19:56 - 00000000 ____D () C:\Program Files\Google
2015-03-02 10:00 - 2014-09-16 08:26 - 00000602 _____ () C:\Users\Franz-Xaver\AppData\Roaming\wklnhst.dat
2015-03-02 10:00 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-03-02 09:41 - 2009-07-14 05:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-02 09:22 - 2014-09-14 12:18 - 01637016 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-02 09:07 - 2014-09-17 19:56 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\Google
2015-03-02 09:05 - 2014-09-14 12:16 - 00000000 ____D () C:\Users\Franz-Xaver
2015-03-02 09:04 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-03-02 09:03 - 2015-01-25 01:43 - 00000000 ____D () C:\Users\Franz-Xaver\Downloads\pstpassword_1.7
2015-03-02 09:03 - 2014-12-02 21:51 - 00000000 ____D () C:\Program Files\Secunia
2015-03-02 09:03 - 2014-11-20 18:55 - 00000000 ____D () C:\Users\Franz-Xaver\Downloads\mailpv_1.83
2015-03-02 09:03 - 2014-10-19 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-02 09:03 - 2014-09-20 16:49 - 00000000 ____D () C:\Program Files\Common Files\xing shared
2015-03-02 09:03 - 2014-09-20 15:58 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\vlc
2015-03-02 09:03 - 2014-09-19 23:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2015-03-02 09:03 - 2014-09-19 23:55 - 00000000 ____D () C:\Program Files\RealNetworks
2015-03-02 09:03 - 2014-09-19 23:50 - 00000000 ____D () C:\ProgramData\RealNetworks
2015-03-02 09:03 - 2014-09-15 14:00 - 00000000 ____D () C:\ProgramData\Real
2015-03-02 09:03 - 2014-09-15 14:00 - 00000000 ____D () C:\Program Files\Real
2015-03-02 09:03 - 2014-09-14 19:12 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\TomTom
2015-03-02 09:03 - 2014-09-14 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2015-03-02 09:03 - 2014-09-14 12:47 - 00000000 ____D () C:\Program Files\McAfee
2015-03-02 09:03 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-02 09:02 - 2014-09-15 14:10 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\RealNetworks
2015-03-02 09:02 - 2014-09-15 13:59 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\Real
2015-03-02 09:02 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-03-02 09:01 - 2014-09-14 13:28 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-02 09:01 - 2014-09-14 12:32 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-02 08:59 - 2014-10-19 14:58 - 00000000 ____D () C:\Program Files\Java
2015-03-02 08:58 - 2014-09-16 09:53 - 00000000 __RHD () C:\MSOCache
2015-02-27 21:56 - 2014-09-15 18:35 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\Opera Software
2015-02-27 21:56 - 2014-09-15 18:35 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\Opera Software
2015-02-25 17:04 - 2014-09-28 08:00 - 00034712 _____ () C:\Windows\system32\MyDefrag.dat
2015-02-25 17:04 - 2014-09-28 08:00 - 00000549 _____ () C:\Windows\system32\MyDefrag.debuglog
2015-02-24 20:13 - 2014-09-14 12:56 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-23 23:20 - 2014-09-14 12:53 - 00000000 ____D () C:\Program Files\ScanWizard 5
2015-02-20 17:51 - 2014-09-22 14:57 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\Daniel_Reust
2015-02-20 17:31 - 2014-09-16 16:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2015-02-20 17:31 - 2014-09-16 15:59 - 00000000 ____D () C:\Program Files\Ashampoo
2015-02-20 15:48 - 2014-09-16 10:01 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-20 15:48 - 2014-09-14 15:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-20 15:46 - 2014-10-19 14:58 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-02-20 13:50 - 2015-01-29 01:55 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-02-20 13:50 - 2014-11-04 01:01 - 00000000 ____D () C:\Program Files\SumatraPDF
2015-02-20 13:50 - 2014-11-02 00:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyKeyFinder
2015-02-20 13:50 - 2014-11-02 00:00 - 00000000 ____D () C:\Program Files\MyKeyFinder
2015-02-20 13:50 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\security
2015-02-20 13:49 - 2009-07-14 09:56 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-02-20 13:48 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-02-17 10:53 - 2014-09-14 19:11 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\Windows Live
2015-02-16 00:12 - 2014-09-16 16:58 - 00000000 ____D () C:\ProgramData\Live Aquarium HD
2015-02-16 00:01 - 2014-11-07 00:15 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\IrfanView
2015-02-15 23:52 - 2014-09-14 13:16 - 00001122 _____ () C:\Users\Franz-Xaver\Desktop\Internet Explorer.lnk
2015-02-15 23:52 - 2014-09-14 12:18 - 00001152 _____ () C:\Users\Franz-Xaver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-15 22:35 - 2015-01-27 01:03 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\dlg
2015-02-13 00:11 - 2009-07-14 03:03 - 57147392 _____ () C:\Windows\system32\config\SOFTWARE.rcbak
2015-02-13 00:11 - 2009-07-14 03:03 - 25165824 _____ () C:\Windows\system32\config\SYSTEM.rcbak
2015-02-13 00:11 - 2009-07-14 03:03 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.rcbak
2015-02-13 00:11 - 2009-07-14 03:03 - 00057344 _____ () C:\Windows\system32\config\SAM.rcbak
2015-02-13 00:11 - 2009-07-14 03:03 - 00024576 _____ () C:\Windows\system32\config\SECURITY.rcbak
2015-02-12 02:31 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing
2015-02-12 00:01 - 2009-07-14 05:33 - 00444472 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 23:58 - 2014-12-10 19:47 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 23:58 - 2014-09-14 19:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 23:53 - 2014-09-14 18:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 23:46 - 2014-09-14 18:34 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 23:45 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-11 23:42 - 2009-07-14 03:04 - 00000478 _____ () C:\Windows\win.ini
2015-02-11 00:21 - 2014-09-21 22:59 - 00000000 ____D () C:\Windows\pss
2015-02-11 00:03 - 2014-09-14 20:14 - 00000000 ____D () C:\Program Files\Windows Live
2015-02-10 01:55 - 2014-09-15 23:18 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\Lingoes
2015-02-08 19:37 - 2014-09-14 12:16 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\VirtualStore
2015-02-07 19:52 - 2014-09-22 23:44 - 00001883 _____ () C:\Users\Public\Desktop\Kalenderchen 5.lnk
2015-02-07 19:52 - 2014-09-22 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalenderchen5
2015-02-07 19:49 - 2014-09-15 15:08 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\Kalenderchen6
2015-02-07 19:36 - 2014-10-03 14:19 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Roaming\HpUpdate
2015-02-07 19:36 - 2014-09-14 15:01 - 00000000 ____D () C:\Users\Franz-Xaver\AppData\Local\Microsoft Help
2015-02-05 17:29 - 2014-09-16 15:59 - 00000000 ____D () C:\ProgramData\Ashampoo
2015-02-05 17:06 - 2014-09-14 19:17 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 17:06 - 2014-09-14 19:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-09-16 08:26 - 2015-03-02 10:00 - 0000602 _____ () C:\Users\Franz-Xaver\AppData\Roaming\wklnhst.dat
2014-09-28 14:17 - 2014-09-28 14:17 - 0007598 _____ () C:\Users\Franz-Xaver\AppData\Local\Resmon.ResmonCfg
2014-10-08 12:23 - 2014-10-08 12:23 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-02-17 12:40 - 2015-02-17 12:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-05 17:19

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---
Code:
[/COAdditional scan result of Farbar Recovery Scan Tool (x86) Version: 04-03-2015
Ran by Franz-Xaver at 2015-03-05 20:07:47
Running from C:\Users\Franz-Xaver\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader OCR Engine für ScanWizard (HKLM\...\{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}) (Version:  - )
Adblock Plus für IE (32-Bit) (HKLM\...\{654F389B-E402-4F7B-BA6D-DA732BB57ACB}) (Version: 1.4 - Eyeo GmbH)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{DE7D695C-2EC7-AFDF-F786-6E938DE83175}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Ashampoo Burning Studio 11 v.11.0.4 (HKLM\...\{91B33C97-D47B-F71A-455D-533CD6C3DC09}_is1) (Version: 11.0.4 - Ashampoo GmbH & Co. KG)
CardRecovery 6.10 (HKLM\...\{88D68A69-D247-466B-90DD-575F6BE16230}_is1) (Version:  - WinRecovery Software)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
EVEREST Home Edition v2.20 (HKLM\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Fences (Version: 1.0 - Stardock Corporation) Hidden
Fotogalerie (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\...\Google+ Auto Backup) (Version: 1.0.27.161 - Google, Inc.)
HP Deskjet 1000 J110 series - Grundlegende Software für das Gerät (HKLM\...\{71F4FC17-1942-48E6-BC9F-56271AE74755}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Hilfe (HKLM\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kalenderchen 5 (HKLM\...\{11464943-4682-4F6B-A96D-D4E8C26DD111}_is1) (Version:  - Daniel Manger)
Lingoes 2.9.2 (HKLM\...\Lingoes Translator_is1) (Version: 2.9.2 - Lingoes Project)
McAfee Internet Security Suite (HKLM\...\MSC) (Version: 13.6.1492 - McAfee, Inc.)
McAfee Virtual Technician (HKLM\...\McAfee Virtual Technician) (Version: 7.6.0.202 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0 (x86 de) (HKLM\...\Mozilla Firefox 36.0 (x86 de)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
Mozilla Thunderbird 31.1.2 (x86 de) (HKLM\...\Mozilla Thunderbird 31.1.2 (x86 de)) (Version: 31.1.2 - Mozilla)
MyDriveConnect 3.3.0.1812 (HKLM\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
MyKeyFinder (HKLM\...\MyKeyFinder_is1) (Version: 2014 - Abelssoft)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
RealDownloader (Version: 17.0.12 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM\...\RealPlayer 17.0) (Version: 17.0.12 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
ScanWizard 5 (HKLM\...\{B08D262E-D902-11D5-9C28-0080C85A0C2D}) (Version:  - )
Secunia PSI (3.0.0.10004) (HKLM\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
SereneScreen Marine Aquarium 2.6 (HKLM\...\SereneScreen Marine Aquarium 2.6_is1) (Version: 2.6 - Prolific Publishing, Inc.)
SereneScreen Marine Aquarium 3 (HKLM\...\SereneScreen Marine Aquarium 3_is1) (Version: 3.0 - Prolific Publishing, Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Studie zur Verbesserung von HP Deskjet 1000 J110 series Produkten (HKLM\...\{2F8EFDA0-1160-4484-B575-B24279DED5F4}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
swix (HKLM\...\{DAE0C545-FEFE-49C5-9474-670051E3CBA9}_is1) (Version: 4.2 - Daniel Reust)
TapinRadio 1.60.1 (HKLM\...\TapinRadio_is1) (Version:  - Raimersoft)
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.340 - TuneUp Software) Hidden
UpdateService (Version: 1.0.0 - RealNetworks, Inc.) Hidden
Vista Shortcut Manager (HKLM\...\{47609E69-4C5E-48B1-A889-24C6B82B5C04}) (Version: 2.0 - Frameworkx)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WEB.DE MailCheck für Mozilla Firefox (HKLM\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 3.0.2.1739 - 1&1 Mail & Media GmbH)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Franz-Xaver\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Franz-Xaver\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Franz-Xaver\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Franz-Xaver\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Franz-Xaver\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Franz-Xaver\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Franz-Xaver\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Franz-Xaver\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Franz-Xaver\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Franz-Xaver\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Franz-Xaver\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Franz-Xaver\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Franz-Xaver\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Franz-Xaver\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Franz-Xaver\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Franz-Xaver\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Franz-Xaver\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation)

==================== Restore Points  =========================

27-02-2015 14:48:23 McAfee  Vulnerability Scanner
27-02-2015 21:03:51 Wiederherstellungsvorgang
27-02-2015 21:38:36 Revo Uninstaller's restore point - Google Chrome
27-02-2015 21:40:40 Revo Uninstaller's restore point - Google Chrome
27-02-2015 21:41:23 Revo Uninstaller's restore point - Google Chrome
27-02-2015 21:42:10 Revo Uninstaller's restore point - Google+ Auto Backup
27-02-2015 22:18:53 Windows Update
27-02-2015 22:43:06 Revo Uninstaller's restore point - RealPlayer Cloud
27-02-2015 22:46:57 Revo Uninstaller's restore point - RealPlayer Cloud
02-03-2015 00:28:44 Wiederherstellungsvorgang
02-03-2015 00:43:39 Revo Uninstaller's restore point - JetDrive
02-03-2015 00:46:03 Revo Uninstaller's restore point - Spybot - Search & Destroy
02-03-2015 00:48:06 Revo Uninstaller's restore point - Spybot - Search & Destroy
02-03-2015 00:51:34 Revo Uninstaller's restore point - CCleaner
02-03-2015 00:54:16 Revo Uninstaller's restore point - Secunia PSI (3.0.0.10004)
02-03-2015 01:01:59 Windows Update
02-03-2015 01:33:37 Revo Uninstaller's restore point - RealPlayer Cloud
02-03-2015 01:37:02 Revo Uninstaller's restore point - RealPlayer Cloud
02-03-2015 08:50:17 Revo Uninstaller's restore point - MyDriveConnect 3.3.0.1756
02-03-2015 08:56:23 Wiederherstellungsvorgang
02-03-2015 09:21:41 Windows Update
02-03-2015 09:37:59 Installed Adblock Plus for IE (32-bit)
02-03-2015 09:51:22 Revo Uninstaller's restore point - Malwarebytes Anti-Malware Version 2.0.4.1028
02-03-2015 10:44:57 Alles läuft
02-03-2015 20:05:29 Windows-Sicherung
04-03-2015 17:24:05 Revo Uninstaller's restore point - Google Chrome
04-03-2015 17:37:02 Revo Uninstaller's restore point - JetDrive
04-03-2015 17:40:29 Revo Uninstaller's restore point - Spybot - Search & Destroy
04-03-2015 17:41:41 Revo Uninstaller's restore point - CCleaner
04-03-2015 18:08:31 Revo Uninstaller's restore point - Aquamarin Haushaltsbuch 2.9.2 b
04-03-2015 18:31:35 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {09255380-7327-4480-B91D-89A8CE8B614E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {129A7EEF-6DF8-4824-97C4-AC11E0E8713E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1708056501-3709124106-2672143446-1001UA => C:\Users\Franz-Xaver\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-21] (Google Inc.)
Task: {2DF7EC4F-8233-4152-9F18-A7920FEB4149} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {2E32999F-7743-4104-88C1-2391AA4D8B06} - System32\Tasks\{DC14020A-4F8C-4DC3-B81B-E5AB812FED78} => pcalua.exe -a "C:\Program Files\Lavalys\EVEREST Home Edition\everest.exe" -d C:\Users\Franz-Xaver\Desktop\Icons
Task: {4A475CED-BF82-4518-AFCB-BDE670AA0269} - System32\Tasks\ReclaimerUpdateXML_Franz-Xaver => C:\Users\Franz-Xaver\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.04\agent\rnupgagent.exe [2015-02-08] (RealNetworks, Inc.)
Task: {70874997-D9FA-4106-80E3-61D49776BFFB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {72578D24-B841-4D47-81AC-F9E2203EC1C3} - System32\Tasks\RNUpgradeHelperLogonPrompt_Franz-Xaver => C:\Users\Franz-Xaver\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.04\agent\rnupgagent.exe [2015-02-08] (RealNetworks, Inc.)
Task: {76EF2ECB-1685-41C8-9CF4-872CD77F43CC} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1708056501-3709124106-2672143446-1001 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {786CCA5B-3C99-46BB-B0C7-F226211EEBCD} - System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series => C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {79A8BAAD-8F2A-471C-8037-8B117A027613} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {7C054148-0A95-4C45-B19F-99F04C8BFAD0} - System32\Tasks\{7F423AD6-73BE-4378-9935-21303B0F6712} => pcalua.exe -a C:\Users\Franz-Xaver\Downloads\irfanview_plugins_438_setup(1).exe -d C:\Users\Franz-Xaver\Downloads
Task: {8450E2FE-D8F9-4702-B404-BBC188C6792A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {8C6B1131-6FED-4108-9452-824F3FE6407B} - System32\Tasks\{512A0E43-8380-45B2-A6FB-82AEA58C28F6} => pcalua.exe -a C:\Users\Franz-Xaver\Downloads\pantsoff(1).exe -d C:\Users\Franz-Xaver\Downloads
Task: {8DD99137-62A4-4A78-9C62-9C4D76E5419E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {95424444-AFF8-4071-AB94-E025DC863AEC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {9F864B22-98B9-4B0B-97ED-7D85A4661B61} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1708056501-3709124106-2672143446-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {A69EFA21-4D51-47EA-96CB-5D4C2DE0DDB9} - System32\Tasks\RNUpgradeHelperResumePrompt_Franz-Xaver => C:\Users\Franz-Xaver\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.04\agent\rnupgagent.exe [2015-02-08] (RealNetworks, Inc.)
Task: {B363AE2F-B5B4-419C-B5AF-90476537DF8C} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1708056501-3709124106-2672143446-1001 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {BC686F26-1FF7-4001-845F-6582BD9C65DD} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1708056501-3709124106-2672143446-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {BE59BFB8-0193-444A-B10A-22664AC3F56C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1708056501-3709124106-2672143446-1001Core => C:\Users\Franz-Xaver\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-21] (Google Inc.)
Task: {C02A339B-CE32-4786-B54E-9EC9298D845B} - System32\Tasks\JetDrive => C:\Program Files\JetDrive\JetDrive.exe
Task: {C58EFEC2-592A-4741-BDCB-F39AE77F6DF5} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ASTERIX-Franz-Xaver ASTERIX => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-01-21] (Microsoft Corporation)
Task: {DDB7CD3A-8E87-4B77-BD6D-DFEB952F3180} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe
Task: {E7972BC0-177E-4610-905C-F9065ABC892A} - System32\Tasks\ReclaimerUpdateFiles_Franz-Xaver => C:\Users\Franz-Xaver\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.04\agent\rnupgagent.exe [2015-02-08] (RealNetworks, Inc.)
Task: {E863073C-BDC4-4468-A728-F0F98A1AB90D} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1708056501-3709124106-2672143446-1001 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2014-07-24] (RealNetworks, Inc.)
Task: {EC2413E2-7B15-4D4A-AAA1-51BE04867C03} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {EED16CA5-DDAA-4323-BD5E-2F9EDF2C30D5} - System32\Tasks\PhotoProduct.exe => C:\Program Files\HP Photo Creations\PhotoProduct.exe [2010-07-01] (Visan / RocketLife)
Task: {F449E389-E5F0-40CC-9C43-13F4538A2339} - System32\Tasks\{D9630860-E8D5-4EB5-AAB3-38A7FF8AA0BC} => pcalua.exe -a C:\Users\Franz-Xaver\Downloads\irfanview_plugins_438_setup.exe -d C:\Users\Franz-Xaver\Downloads

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708056501-3709124106-2672143446-1001Core.job => C:\Users\Franz-Xaver\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708056501-3709124106-2672143446-1001UA.job => C:\Users\Franz-Xaver\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\JetDrive.job => C:\Program Files\JetDrive\JetDrive.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Franz-Xaver.job => C:\Users\Franz-Xaver\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.04\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Franz-Xaver.job => C:\Users\Franz-Xaver\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.04\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Franz-Xaver.job => C:\Users\Franz-Xaver\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.04\agent\rnupgagent.exe

==================== Loaded Modules (whitelisted) ==============

2014-07-24 11:47 - 2014-07-24 11:47 - 00039568 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-09-20 16:48 - 2014-09-20 16:48 - 00861784 _____ () c:\program files\real\realplayer\RPDS\Plugins\cldplin.dll
2014-07-24 14:06 - 2014-07-24 14:06 - 00023552 _____ () C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
2012-01-12 11:23 - 2012-01-12 11:23 - 00018432 _____ () C:\Users\Franz-Xaver\AppData\LocalLow\WOT\IE\WOTUpdater.exe
2014-10-03 13:04 - 2014-10-03 13:04 - 00026488 _____ () C:\Program Files\MyDrive Connect\DeviceDetection.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00087416 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterBase.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00398712 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterProxy.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Franz-Xaver\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\Windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scanner Finder.lnk => C:\Windows\pss\Scanner Finder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Franz-Xaver^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OptimizerPro.lnk => C:\Windows\pss\OptimizerPro.lnk.Startup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: GoogleChromeAutoLaunch_D2C13C9444C4943518BADCD59958BD86 => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Lingoes => C:\Program Files\Lingoes\Translator2\Lingoes.exe -minimize
MSCONFIG\startupreg: SDTray => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: TkBellExe => "c:\program files\real\realplayer\Update\realsched.exe" -osboot

==================== Accounts: =============================

Administrator (S-1-5-21-1708056501-3709124106-2672143446-500 - Administrator - Disabled)
Franz-Xaver (S-1-5-21-1708056501-3709124106-2672143446-1001 - Administrator - Enabled) => C:\Users\Franz-Xaver
Gast (S-1-5-21-1708056501-3709124106-2672143446-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1708056501-3709124106-2672143446-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Coprozessor
Description: Coprozessor
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/05/2015 08:03:33 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (03/05/2015 08:02:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.0.5531, Zeitstempel: 0x54eb029a
Name des fehlerhaften Moduls: mozalloc.dll, Version: 36.0.0.5531, Zeitstempel: 0x54eaf3b7
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001e02
ID des fehlerhaften Prozesses: 0x1600
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (03/05/2015 07:41:27 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (03/05/2015 05:22:31 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/05/2015 05:22:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/05/2015 05:22:08 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/05/2015 05:22:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/05/2015 04:50:58 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (03/04/2015 11:40:40 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (03/04/2015 07:30:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (03/05/2015 08:06:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126

Error: (03/05/2015 08:02:27 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}5{0358B920-0AC7-461F-98F4-58E32CD89148}

Error: (03/05/2015 08:02:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "McAfee CSP Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/05/2015 08:02:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/05/2015 08:02:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/05/2015 08:02:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "WOT Updater" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/05/2015 08:02:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/05/2015 08:02:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Secunia Update Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/05/2015 08:02:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "RealPlayer Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/05/2015 08:02:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "RealPlayer Cloud Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (03/05/2015 08:03:33 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (03/05/2015 08:02:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.0.553154eb029amozalloc.dll36.0.0.553154eaf3b78000000300001e02160001d057742d2fa380C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dll26f38240-c36a-11e4-9cc1-406186f56ecb

Error: (03/05/2015 07:41:27 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (03/05/2015 05:22:31 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\program files\tapinradio\CrashReport.exe

Error: (03/05/2015 05:22:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\AMD\ATI.ACE\core-static\SLSTaskbar64.exe

Error: (03/05/2015 05:22:08 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 1000 J110 series\DriverStore\Pipeline\amd64\hpinkins8811.exe

Error: (03/05/2015 05:22:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{7722483A-5FB8-4A2E-9422-6DA527A9173F}\recordingmanager.exe

Error: (03/05/2015 04:50:58 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (03/04/2015 11:40:40 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (03/04/2015 07:30:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\program files\tapinradio\CrashReport.exe


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU E5400 @ 2.70GHz
Percentage of memory in use: 68%
Total physical RAM: 3071.3 MB
Available physical RAM: 955.98 MB
Total Pagefile: 6440.9 MB
Available Pagefile: 4318.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:471.91 GB) (Free:414.72 GB) NTFS
Drive h: (Volume) (Fixed) (Total:459.5 GB) (Free:457.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 009CCE01)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=471.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=459.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================DE]DE]
[COCloseProcesses:
C:\Program Files\SereneScreen
C:\Program Files\UniDeals
C:\Program Files\WajNEnhance
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SereneScreen
Task: {B4927734-B506-4644-9C29-DDF7A9ADF950} - System32\Tasks\SUSSXGQ => C:\ProgramData\ff8e396d4c654c0eaab0bc98beb6cf02\ff8e396d4c654c0eaab0bc98beb6cf02.exe
Task: {C6421B43-189F-4198-BD5F-916FBBEECA5C} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {C712A019-562C-49B3-92C3-15AD7CDA93C2} - System32\Tasks\SuperEasy Registry Cleaner => C:\Program Files\SuperEasy Software\Registry Cleaner\SuperEasyRC.exe
C:\Program Files\Enigma Software Group\
C:\Program Files\SuperEasy Software\
C:\ProgramData\ff8e396d4c654c0eaab0bc98beb6cf02
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50588;https=127.0.0.1:50588
Reg: Reg delete "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v "SavedLegacySettings" /f
Reg: Reg delete "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v "DefaultConnectionSettings" /f
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Winsock: Catalog9 01 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 02 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 03 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 04 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 15 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-01-23] ()
C:\Windows\System32\DRIVERS\EsgScanner.sys
2015-02-15 23:30 - 2015-02-15 23:30 - 00005336 _____ () C:\Windows\system32\ColorMedia.ini
2015-02-15 23:30 - 2015-02-15 23:30 - 00002928 _____ () C:\Windows\system32\ColorMediaOff.ini
2015-02-15 23:30 - 2015-02-07 21:45 - 00318616 _____ (Over the Rainbow Tech) C:\Windows\system32\ColorMedia.dll
cmd: netsh winsock reset
Reboot:
DE][/CODE]

Diese Liste auch?

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-03-2015
Ran by Franz-Xaver at 2015-03-05 20:02:20 Run:1
Running from C:\Users\Franz-Xaver\Downloads
Loaded Profiles: Franz-Xaver (Available profiles: Franz-Xaver)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CloseProcesses:
C:\Program Files\SereneScreen
C:\Program Files\UniDeals
C:\Program Files\WajNEnhance
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SereneScreen
Task: {B4927734-B506-4644-9C29-DDF7A9ADF950} - System32\Tasks\SUSSXGQ => C:\ProgramData\ff8e396d4c654c0eaab0bc98beb6cf02\ff8e396d4c654c0eaab0bc98beb6cf02.exe
Task: {C6421B43-189F-4198-BD5F-916FBBEECA5C} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {C712A019-562C-49B3-92C3-15AD7CDA93C2} - System32\Tasks\SuperEasy Registry Cleaner => C:\Program Files\SuperEasy Software\Registry Cleaner\SuperEasyRC.exe
C:\Program Files\Enigma Software Group\
C:\Program Files\SuperEasy Software\
C:\ProgramData\ff8e396d4c654c0eaab0bc98beb6cf02
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50588;https=127.0.0.1:50588
Reg: Reg delete "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v "SavedLegacySettings" /f
Reg: Reg delete "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v "DefaultConnectionSettings" /f
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Winsock: Catalog9 01 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 02 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 03 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 04 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
Winsock: Catalog9 15 C:\Windows\system32\ColorMedia.dll [318616] (Over the Rainbow Tech)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-01-23] ()
C:\Windows\System32\DRIVERS\EsgScanner.sys
2015-02-15 23:30 - 2015-02-15 23:30 - 00005336 _____ () C:\Windows\system32\ColorMedia.ini
2015-02-15 23:30 - 2015-02-15 23:30 - 00002928 _____ () C:\Windows\system32\ColorMediaOff.ini
2015-02-15 23:30 - 2015-02-07 21:45 - 00318616 _____ (Over the Rainbow Tech) C:\Windows\system32\ColorMedia.dll
cmd: netsh winsock reset
Reboot:

*****************

Processes closed successfully.
C:\Program Files\SereneScreen => Moved successfully.
C:\Program Files\UniDeals => Moved successfully.
C:\Program Files\WajNEnhance => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SereneScreen => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4927734-B506-4644-9C29-DDF7A9ADF950}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4927734-B506-4644-9C29-DDF7A9ADF950}" => Key deleted successfully.
C:\Windows\System32\Tasks\SUSSXGQ => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUSSXGQ" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C6421B43-189F-4198-BD5F-916FBBEECA5C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6421B43-189F-4198-BD5F-916FBBEECA5C}" => Key deleted successfully.
C:\Windows\System32\Tasks\SpyHunter4Startup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C712A019-562C-49B3-92C3-15AD7CDA93C2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C712A019-562C-49B3-92C3-15AD7CDA93C2}" => Key deleted successfully.
C:\Windows\System32\Tasks\SuperEasy Registry Cleaner => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SuperEasy Registry Cleaner" => Key deleted successfully.
C:\Program Files\Enigma Software Group => Moved successfully.
"C:\Program Files\SuperEasy Software" => File/Directory not found.
"C:\ProgramData\ff8e396d4c654c0eaab0bc98beb6cf02" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.

========= Reg delete "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v "SavedLegacySettings" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= Reg delete "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v "DefaultConnectionSettings" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" => Key deleted successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" => Key deleted successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003" => Key deleted successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004" => Key deleted successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015" => Key deleted successfully.
EsgScanner => Service deleted successfully.
C:\Windows\System32\DRIVERS\EsgScanner.sys => Moved successfully.
C:\Windows\system32\ColorMedia.ini => Moved successfully.
C:\Windows\system32\ColorMediaOff.ini => Moved successfully.
C:\Windows\system32\ColorMedia.dll => Moved successfully.

========= netsh winsock reset =========

Die Initialisierungsfunktion InitHelperDll in NSHHTTP.DLL konnte nicht gestartet werden. Fehlercode 10107

Der Winsock-Katalog wurde zur�ckgesetzt.
Sie m�ssen den Computer neu starten, um den Vorgang abzuschlie�en.


========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 20:02:29 ====

deeprybka 05.03.2015 21:10
:daumenhoc

Zitat:
Zitat von Xorrie (Beitrag 1436854)
Diese Liste auch?
Um die ging es die ganze Zeit... ;)

Jetzt suchen wir noch nach Resten:

Schritt 1
Downloade Dir HitmanProhttp://deeprybka.trojaner-board.de/b.../hitmanpro.pngauf Deinen Desktop:

HitmanPro-32 Bit Version
HitmanPro-64 Bit Version

Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Xorrie 06.03.2015 18:02
Hallo Jürgen!
Hier ist die Hitman Logdatei:

Code:

       
Code:

       
HitmanPro 3.7.9.238
www.hitmanpro.com

   Computer name . . . . : ASTERIX
   Windows . . . . . . . : 6.1.1.7601.X86/2
   User name . . . . . . : ASTERIX\Franz-Xaver
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2015-03-06 17:50:04
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 7m 39s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 3
   Traces  . . . . . . . : 27

   Objects scanned . . . : 1.336.821
   Files scanned . . . . : 33.860
   Remnants scanned  . . : 292.731 files / 1.010.230 keys

Malware _____________________________________________________________________

   C:\Users\Franz-Xaver\Downloads\pantsoff.exe
      Size . . . . . . . : 1.049.728 bytes
      Age  . . . . . . . : 45.7 days (2015-01-20 01:21:50)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : ECF1FB8A743C198C43481A20804E459D26035B7B9F240E8D94110BD0A33EEC4D
    > Kaspersky  . . . . : not-a-virus:PSWTool.Win32.Finder.d
      Fuzzy  . . . . . . : 114.0

   C:\Users\Franz-Xaver\Downloads\passwordfox.exe
      Size . . . . . . . : 620.920 bytes
      Age  . . . . . . . : 23.8 days (2015-02-10 21:42:48)
      Entropy  . . . . . : 7.0
      SHA-256  . . . . . : C275D2BCD393131F2E5137FE525198CF6560E639D8FBB0B1504467F517DA52EF
      RSA Key Size . . . : 2048
      Authenticode . . . : Self-signed
    > Kaspersky  . . . . : not-a-virus:Downloader.Win32.DownloadHelper.a
      Fuzzy  . . . . . . : 109.0

   C:\Users\Franz-Xaver\Downloads\pstpassword_1.7\PstPassword.exe
      Size . . . . . . . : 34.816 bytes
      Age  . . . . . . . : 40.7 days (2015-01-25 01:43:51)
      Entropy  . . . . . : 7.4
      SHA-256  . . . . . : 94FF8FB29B20CBF3FFA5FA2A6212EB1AD13EA660A4B170098A1BE740F63AB289
      Product  . . . . . :  PstPassword
      Publisher  . . . . : NirSoft
      Description  . . . : PST Password Recovery
      Version  . . . . . : 1.17
      Copyright  . . . . : Copyright © 2006  - 2014 Nir Sofer
      LanguageID . . . . : 1033
    > Bitdefender  . . . : Gen:Application.Heur.cmKfkavUy1fO
      Fuzzy  . . . . . . : 104.0


Suspicious files ____________________________________________________________

   C:\$Recycle.Bin\S-1-5-21-1708056501-3709124106-2672143446-1001\$R8F8Y4R.exe
      Size . . . . . . . : 1.132.544 bytes
      Age  . . . . . . . : 1.7 days (2015-03-05 00:16:20)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 1F5DA40160D87DA76BAD1579382DF0C4B99427FD83564E8DDCA4F19661694517
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\$Recycle.Bin\S-1-5-21-1708056501-3709124106-2672143446-1001\$RFKDIGF.exe
      Size . . . . . . . : 1.132.544 bytes
      Age  . . . . . . . : 1.7 days (2015-03-04 23:55:20)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 1F5DA40160D87DA76BAD1579382DF0C4B99427FD83564E8DDCA4F19661694517
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\$Recycle.Bin\S-1-5-21-1708056501-3709124106-2672143446-1001\$RIVHVA5.exe
      Size . . . . . . . : 1.132.544 bytes
      Age  . . . . . . . : 1.8 days (2015-03-04 23:45:24)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 1F5DA40160D87DA76BAD1579382DF0C4B99427FD83564E8DDCA4F19661694517
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\Franz-Xaver\Downloads\FRST(1).exe
      Size . . . . . . . : 1.132.544 bytes
      Age  . . . . . . . : 1.7 days (2015-03-05 00:29:50)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 1F5DA40160D87DA76BAD1579382DF0C4B99427FD83564E8DDCA4F19661694517
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      References
         HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\Franz-Xaver\Downloads\FRST(1).exe

   C:\Users\Franz-Xaver\Downloads\FRST(2).exe
      Size . . . . . . . : 1.132.544 bytes
      Age  . . . . . . . : 0.9 days (2015-03-05 20:01:34)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 1F5DA40160D87DA76BAD1579382DF0C4B99427FD83564E8DDCA4F19661694517
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -2.1s C:\Users\Franz-Xaver\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JVX766UF\data[1].xml
          0.0s C:\Users\Franz-Xaver\Downloads\FRST(2).exe

   C:\Users\Franz-Xaver\Downloads\FRST.exe
      Size . . . . . . . : 1.132.544 bytes
      Age  . . . . . . . : 1.8 days (2015-03-04 23:10:27)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 1F5DA40160D87DA76BAD1579382DF0C4B99427FD83564E8DDCA4F19661694517
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      References
         HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\Franz-Xaver\Downloads\FRST.exe
      Forensic Cluster
          0.0s C:\Users\Franz-Xaver\Downloads\FRST.exe
          0.0s C:\Users\Franz-Xaver\Downloads\FRST.exe


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Classes\PCSU.Registry\ (PCSpeedUp)
   HKLM\SOFTWARE\Classes\PCSU.SysUtils\ (PCSpeedUp)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}\ (DomalQ)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}\ (DomalQ)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026} (Iminent)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} (Iminent)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (Iminent)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com\ (Vosteran)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance\ (Wajam)
   HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
   HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
   HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\Software\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ (UniDeals)
   HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\ (UniDeals)
   HKU\S-1-5-21-1708056501-3709124106-2672143446-1001\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.\ (ReimageRepair)
   HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ (UniDeals)
   HKU\S-1-5-21-1708056501-3709124106-2672143446-1001_Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\ (UniDeals)

deeprybka 06.03.2015 18:26
Prima! Und weiter mit ESET... :)

Xorrie 06.03.2015 19:30
Hallo Jürgen,
ESET läuft schon über 1. Stunde.
ich glaube, weil der rote Pfeil dahin gezeigt hat, dass ich auch noch "Auf potentiell unsichere Anwendungen prüfen" geklickt habe.
Habe ich da einen Fehler begangen?:nono:
Gruß
Franz-Xaver

deeprybka 06.03.2015 19:35
Nö, das ist schon OK. ESET ist sehr gründlich - daher dauert der Scan auch evtl. mehrere Stunden.

Xorrie 06.03.2015 19:36
Hier die ESET Logdatei:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=970af5ae36a2ed418c50791a22220af7
# engine=22788
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-03-06 06:30:57
# local_time=2015-03-06 07:30:57 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 10548 177297848 0 0
# scanned=139079
# found=67
# cleaned=0
# scan_time=4564
sh=BEE6953D3B2826779E71A68C89D3BAA9B4E5DE75 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1708056501-3709124106-2672143446-1001\$RGP7B02\Default\Extensions\ifhikkcafabcgolfjegfcgloomalapol\223\content.js"
sh=356096D43EA8B7BFB52FF81FC8764F9CCF526F25 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1708056501-3709124106-2672143446-1001\$RGP7B02\Default\Extensions\ifhikkcafabcgolfjegfcgloomalapol\223\UX4.js"
sh=661773DB9638398D4EAFC5C5F12D70C0040E3034 ft=1 fh=15e4c189e0205b9b vn="Win32/Wajam.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\WajNEnhance\uninstall.exe.vir"
sh=19F87700AF20F985A092A7D197E51F6D866B27EB ft=1 fh=ec14bfd2d9bbc149 vn="Variante von MSIL/Wajam.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\WajNEnhance\WajNEnhance Internet Enhancer\InternetEnhancer.exe.vir"
sh=6782AB9A22E71FBA2691A59323496EE66DA0AC80 ft=1 fh=c71c0011f83ed8f0 vn="Variante von Win32/Wajam.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\WajNEnhance\WajNEnhance Internet Enhancer\InternetEnhancerService.exe.vir"
sh=497D88F38E21229D95650E02708207190CB6849E ft=1 fh=64a74ba51bf40770 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\XTab\BrowerWatchCH.dll.vir"
sh=5468230F587DE9F869DB9E22083131DCFD9451F2 ft=1 fh=07a842c13464288e vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\XTab\BrowerWatchFF.dll.vir"
sh=5D628376391A827A818B0A079B64EE457AE9B82A ft=1 fh=c71c0011e2e7a7a5 vn="Variante von Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\XTab\BrowserAction.dll.vir"
sh=599F4EB498D7C05A680386C1D3E1FC3DD68A8FA9 ft=1 fh=bd87bce3b868a7f1 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\XTab\CmdShell.exe.vir"
sh=6F2DDAFE7B526A4CC60D75CCB1D4EBEA6F5D0DDC ft=1 fh=a836ee7136df2313 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\XTab\HPNotify.exe.vir"
sh=1DFF39C0F7B7617C8292510F1833B282CD0A1F21 ft=1 fh=18ddbd645dd0ae9c vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\XTab\IeWatchDog.dll.vir"
sh=DF7B974F73F65FDF917E9C3AB8B8EC9FD97FC2A0 ft=1 fh=0e3a711fc1c46ea8 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\XTab\ProtectService.exe.vir"
sh=606D4414333C04E362F60B505926C78BB0B6C694 ft=1 fh=2f7c44d7fdd8d932 vn="Variante von Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\XTab\SupTab.dll.vir"
sh=BEE6953D3B2826779E71A68C89D3BAA9B4E5DE75 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\fcmjkjjhnlggamjbjkoohmnflagmljcn\content.js.vir"
sh=6BDCC0D41131D39E115687C335A96441695E1608 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\fcmjkjjhnlggamjbjkoohmnflagmljcn\n.js.vir"
sh=0641D63D85DA4259B27FA455972E762B6FC04092 ft=1 fh=b7e7d2287abcc02c vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=C0E1F5195C463352DF14B93FE8B53ED0359BD119 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Franz-Xaver\AppData\Local\BoBrowser\User Data\Default\Cache\f_000002.vir"
sh=03517F89D3F20D2D4E2B1A956F8248C9DA9FFC18 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Franz-Xaver\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.14_0\extensionData\plugins\91.js.vir"
sh=B28C1B39E12BE467AFABF0C0DD7343FB693637C0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Franz-Xaver\AppData\Local\BoBrowser\User Data\Default\Local Extension Settings\ebpeonjdeofpjegbdiibbdjlgfohngee\000003.log.vir"
sh=1C615B43E780FB434AA3F923C6195A1BBBF34C9C ft=0 fh=0000000000000000 vn="Variante von Win32/Speedchecker.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Franz-Xaver\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\application.xap.vir"
sh=C013367A3DC2BCB20697BED00D32B3BCE423ED2A ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Franz-Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\ft8x8wbf.default\Extensions\jxy6pDF@y.com\content\bg.js.vir"
sh=661773DB9638398D4EAFC5C5F12D70C0040E3034 ft=1 fh=15e4c189e0205b9b vn="Win32/Wajam.K evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files\WajNEnhance\uninstall.exe"
sh=19F87700AF20F985A092A7D197E51F6D866B27EB ft=1 fh=ec14bfd2d9bbc149 vn="Variante von MSIL/Wajam.B evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files\WajNEnhance\WajNEnhance Internet Enhancer\InternetEnhancer.exe"
sh=6782AB9A22E71FBA2691A59323496EE66DA0AC80 ft=1 fh=c71c0011f83ed8f0 vn="Variante von Win32/Wajam.K evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files\WajNEnhance\WajNEnhance Internet Enhancer\InternetEnhancerService.exe"
sh=371BCD2287012117C5C1D47899006EF3F548E0D5 ft=1 fh=e8801db322a886b4 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Adblock Plus for IE\44be3816-fdf5-484f-8bb0-60c2ca807e14.dll"
sh=371BCD2287012117C5C1D47899006EF3F548E0D5 ft=1 fh=e8801db322a886b4 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\b06aa4c3-c9f0-4250-b86a-8700e8851354\f7bfc669-376a-42cd-9466-d9324315dbf5.dll"
sh=D814AC654A17D088DEE33BA165803CA5D0D824EA ft=1 fh=b9656ced2445b5f3 vn="Variante von Win32/Toolbar.CrossRider.CD evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\I - Cinema\1be46aec-1e89-409e-9b4b-08efc25a34c3-1-7.exe"
sh=5ED2FEB3C262441953FE2ECE9FDEE42DBB25EEF4 ft=1 fh=f392cdff53fa7a54 vn="Variante von Win32/Toolbar.CrossRider.CD evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\I - Cinema\1be46aec-1e89-409e-9b4b-08efc25a34c3-10.exe"
sh=A33A9815C274D6C64393BAB74E13DD147C0B255E ft=1 fh=2d031c4d96cddb08 vn="Variante von Win32/Toolbar.CrossRider.CB evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\I - Cinema\1be46aec-1e89-409e-9b4b-08efc25a34c3-11.exe"
sh=26418B59C109E41E62C71AEC390A50FFE683AF78 ft=1 fh=5a6ad910f307b5ce vn="Variante von Win32/Toolbar.CrossRider.CC evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\I - Cinema\1be46aec-1e89-409e-9b4b-08efc25a34c3-5.exe"
sh=670170C96BD8433F02D4DDCFFCFDE8DA4C4B281B ft=1 fh=24dc1b9d085b6729 vn="Variante von Win32/Toolbar.CrossRider.CD evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\I - Cinema\1be46aec-1e89-409e-9b4b-08efc25a34c3-6.exe"
sh=D814AC654A17D088DEE33BA165803CA5D0D824EA ft=1 fh=b9656ced2445b5f3 vn="Variante von Win32/Toolbar.CrossRider.CD evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\I - Cinema\1be46aec-1e89-409e-9b4b-08efc25a34c3-7.exe"
sh=516A8302E782276FA996675ADA3016B63F178A44 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\I - Cinema\1be46aec-1e89-409e-9b4b-08efc25a34c3.crx"
sh=899C1F6D2530C11DDF58D553677DCBFC400F27A2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\I - Cinema\1be46aec-1e89-409e-9b4b-08efc25a34c3.xpi"
sh=371BCD2287012117C5C1D47899006EF3F548E0D5 ft=1 fh=e8801db322a886b4 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\I - Cinema\3ebe0cbb-1c4d-4f4c-9e5b-578ebf0e720a.dll"
sh=EDB12AD5457A8793C8826B9566502441F772A92A ft=1 fh=bd2769d71ff4c72b vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\I - Cinema\Uninstall.exe"
sh=313533ECB6658471BB615C430BF1EC4BDEA64588 ft=1 fh=03982041011321c6 vn="Win32/Packed.VMDetector.I evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\I - Cinema\utils.exe"
sh=BEE6953D3B2826779E71A68C89D3BAA9B4E5DE75 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B Anwendung" ac=I fn="C:\ProgramData\fcmjkjjhnlggamjbjkoohmnflagmljcn\content.js"
sh=6BDCC0D41131D39E115687C335A96441695E1608 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\ProgramData\fcmjkjjhnlggamjbjkoohmnflagmljcn\n.js"
sh=BEE6953D3B2826779E71A68C89D3BAA9B4E5DE75 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B Anwendung" ac=I fn="C:\Users\All Users\fcmjkjjhnlggamjbjkoohmnflagmljcn\content.js"
sh=6BDCC0D41131D39E115687C335A96441695E1608 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\All Users\fcmjkjjhnlggamjbjkoohmnflagmljcn\n.js"
sh=CF922BADD818C8349BF7F9EC0F5A5E21B8DE371C ft=1 fh=3b30346efe345341 vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Franz-Xaver\Downloads\adblock-plus-firefox.exe"
sh=9C8471918F28A672E78B83DEFAE09FCD097CB715 ft=1 fh=7e7ffd9395327e80 vn="Variante von Win32/WinloadSDA.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Franz-Xaver\Downloads\AdwCleaner-lnstall.exe"
sh=4DB4C4FF6DCB17959EC2C21E5B5D9E05EC42EC43 ft=1 fh=ef2af8aa9151abbd vn="Variante von Win32/WinloadSDA.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Franz-Xaver\Downloads\Everest-Home-Edition-lnstall.exe"
sh=8750A6C29014EF782E3E9BFAE32627CE198361BA ft=1 fh=ff90612fd5611d4f vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Franz-Xaver\Downloads\Fences Letzte Freeware Version - CHIP-Installer.exe"
sh=4F18062E2E192A019AE2DA20CF7E88D1BB45A55B ft=1 fh=7fa026c7d94355f3 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Franz-Xaver\Downloads\IrfanView Plug ins - CHIP-Installer.exe"
sh=F0A8606733A4D6943FC48958D92BDB18ADA048C7 ft=1 fh=561ea98ad8dcb46e vn="Variante von Win32/WinloadSDA.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Franz-Xaver\Downloads\kA-275-lnstall.exe"
sh=1E60D114F81A7C66C6395AC0D742EBCF258C9F67 ft=1 fh=05e2acc86105bb19 vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Franz-Xaver\Downloads\Kalenderchen6_setup_CB-DL-Manager.exe"
sh=6F5119B5F5076F802577BDDB1B9427C8BBD5B1EA ft=1 fh=f6363cd91a932748 vn="Variante von Win32/OpenCandy.C potenziell unsichere Anwendung" ac=I fn="C:\Users\Franz-Xaver\Downloads\keyfinderinstaller_29014.exe"
sh=F66C9EBAB3F3D1DCEDE587F3BD0DF97D1D4CB789 ft=1 fh=796e8532755c3dc3 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Franz-Xaver\Downloads\Lingoes - CHIP-Installer.exe"
sh=C20396CB9431C8784E7FE1E93EBD9097274FA143 ft=1 fh=3632c3daff2aa776 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Franz-Xaver\Downloads\Magical Jelly Bean Keyfinder - CHIP-Installer.exe"
sh=7BBE0B02104851B74F12C211F6580CC50809770D ft=1 fh=0425a2362bcd3b25 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Franz-Xaver\Downloads\Mail PassView - CHIP-Installer(2).exe"
sh=AEBAB6927D43CF7A266C3E4968A1E4C5979FE139 ft=1 fh=d94e30faded310d9 vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Franz-Xaver\Downloads\MeinWetter_CB-DL-Manager.exe"
sh=27B12BD3F2C641E79C0A5641F09FC380ED3A02BD ft=1 fh=926998ab523d5ac1 vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Franz-Xaver\Downloads\passwordfox.exe"
sh=4C5818A483B13A8671EE84C9C7C03D1AFBD4145B ft=1 fh=b6a50aec51df9fab vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Franz-Xaver\Downloads\PowerPoint Viewer - CHIP-Installer(1).exe"
sh=39E19207744827CD3A0A9E84AC8AE1E388054096 ft=1 fh=ee4a06da95327e80 vn="Variante von Win32/WinloadSDA.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Franz-Xaver\Downloads\ProduKey-lnstall.exe"
sh=F95AF1A273CEA6F3F823AE4F47A9D2DB8140E2FE ft=1 fh=0e251cbc4d611663 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Franz-Xaver\Downloads\PstPassword - CHIP-Installer.exe"
sh=AD8BC2C1BD90C1AB93613324E3C536B47AC7A419 ft=1 fh=f6b9bd3cd8ffcef8 vn="Win32/Systweak.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Franz-Xaver\Downloads\rcpsetup_2005.exe"
sh=BBF00B2ED855DC80592E9946FF64A3458AB9B0CE ft=1 fh=0867832ec98c328b vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Franz-Xaver\Downloads\Revo Uninstaller - CHIP-Installer.exe"
sh=176B2DFB4DCEBDFDCE93F4939C343F201784FB64 ft=1 fh=7c6265067f945eaa vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Franz-Xaver\Downloads\Screensaver Pack 3D - CHIP-Installer.exe"
sh=85B8023033C1E0B0123F3CAC0B5AB9B6858EF619 ft=1 fh=53d111c64b6da2d6 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Franz-Xaver\Downloads\SpyBot Search Destroy - CHIP-Installer.exe"
sh=3E9C33C3219DAA4A6FF99C892BC38834E4FB1BAB ft=1 fh=148f4ae18781a30c vn="Win32/DownWare.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Franz-Xaver\Downloads\tapinradio_setup.exe"
sh=60173BE4D9230DF022370D6889A322C196EADA2E ft=1 fh=4a353019dce37b17 vn="Win32/InstallMonetizer.AI evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Franz-Xaver\Downloads\windows-keyfinder_25480.exe"
sh=30566EA25F066A7CC21AC20E974BB5332FFD64A2 ft=1 fh=36823476801c9648 vn="Variante von Win32/PSWTool.MailPassView.E potenziell unsichere Anwendung" ac=I fn="C:\Users\Franz-Xaver\Downloads\mailpv_1.83\mailpv.exe"
sh=55344CC446A2FB45DDD05BB3E307FC6CC80C572C ft=0 fh=0000000000000000 vn="Variante von Win32/PSWTool.ProductKey potenziell unsichere Anwendung" ac=I fn="C:\Users\Franz-Xaver\Downloads\ProduKey\produkey170.zip"
sh=F2569D265B6915138449B33B12111AC4F9AF14D6 ft=1 fh=5b441ce3c09a3d14 vn="Variante von Win32/PSWTool.ProductKey potenziell unsichere Anwendung" ac=I fn="C:\Users\Franz-Xaver\Downloads\ProduKey\produkey170\ProduKey.exe"
sh=C420D2BDFA4DF4FDE865E0C8E8DC40E19906166A ft=1 fh=c7a1ec4450089217 vn="Variante von Win32/PSWTool.PstPassword.A potenziell unsichere Anwendung" ac=I fn="C:\Users\Franz-Xaver\Downloads\pstpassword_1.7\PstPassword.exe"

deeprybka 06.03.2015 21:21
Ok, Franz-Xaver. Wir sind fertig.

Schritt 1

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...st/frstfix.png

Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
C:\Program Files\Adblock Plus for IE\
C:\Program Files\b06aa4c3-c9f0-4250-b86a-8700e8851354\
C:\Program Files\I - Cinema\
C:\ProgramData\fcmjkjjhnlggamjbjkoohmnflagmljcn\
FF SelectedSearchEngine: webssearches
FF Extension: {011f2b37-2728-4487-80d7-47da9dddd46c} - C:\Users\Franz-Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\oyabea71.default\Extensions\{011f2b37-2728-4487-80d7-47da9dddd46c}.xpi [2015-02-15]
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.



Code:
Java 7 Update 71
Java 8 Update 25
Java 8 Update 31
Diese alten Java-Versionen bitte deinstallieren und mit der aktuellen ersetzen.

http://deeprybka.trojaner-board.de/b...cleanupneu.png
Cleanup:

Alle Logs gepostet? Ja! Dann lade Dir bitte http://filepony.de/icon/delfix.pngDelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

>>clean<<
Wir haben es geschafft! :abklatsch:
Die Logs sehen für mich im Moment sauber aus.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:
Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. ;)

http://www.trojaner-board.de/extra/lesestoff.pngWie kann ich mich in Zukunft besser schützen?

Tipps, Dos & Don'ts

http://deeprybka.trojaner-board.de/b...ast/schild.pngUpdates & Software
Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.

Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.



http://deeprybka.trojaner-board.de/b...ast/schild.pngFirewall, Antivirus & Co.
http://s1.directupload.net/images/140701/eivrliwa.pngCracks, Downloads & Co.


Neben unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.
Der Besuch dubioser Websites kann bereits Risiken bergen. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher und beliebter Weg um Malware zu verbreiten.
Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kann man nie sicher sein, ob auch wirklich drin ist, was drauf steht. (Trojanisches Pferd^^)
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden zu verleiten, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
  • Surfe daher mit Vorsicht und klicke mit Verstand.
  • Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von Dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo Deine Daten eingeben.
  • Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst Du von einem Deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und Du solltest nicht denselben Fehler machen.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
  • Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
  • Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
  • Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
  • Erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
  • Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Xorrie 06.03.2015 22:04
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-03-2015
Ran by Franz-Xaver at 2015-03-06 22:02:21 Run:2
Running from C:\Users\Franz-Xaver\Downloads
Loaded Profiles: Franz-Xaver (Available profiles: Franz-Xaver)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Program Files\Adblock Plus for IE\
C:\Program Files\b06aa4c3-c9f0-4250-b86a-8700e8851354\
C:\Program Files\I - Cinema\
C:\ProgramData\fcmjkjjhnlggamjbjkoohmnflagmljcn\
FF SelectedSearchEngine: webssearches
FF Extension: {011f2b37-2728-4487-80d7-47da9dddd46c} - C:\Users\Franz-Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\oyabea71.default\Extensions\{011f2b37-2728-4487-80d7-47da9dddd46c}.xpi [2015-02-15]
       
*****************

C:\Program Files\Adblock Plus for IE => Moved successfully.
C:\Program Files\b06aa4c3-c9f0-4250-b86a-8700e8851354 => Moved successfully.
C:\Program Files\I - Cinema => Moved successfully.
C:\ProgramData\fcmjkjjhnlggamjbjkoohmnflagmljcn => Moved successfully.
Firefox SelectedSearchEngine deleted successfully.
C:\Users\Franz-Xaver\AppData\Roaming\Mozilla\Firefox\Profiles\oyabea71.default\Extensions\{011f2b37-2728-4487-80d7-47da9dddd46c}.xpi => Moved successfully.

==== End of Fixlog 22:02:21 ====

deeprybka 06.03.2015 22:07
:daumenhoc

Xorrie 06.03.2015 22:49
Hallo Jürgen,
DelFix hat nach der Beendigung vom Scannen diese Datei angezeigt:
[CODE][/C# DelFix v10.8 - Datei am 06/03/2015 um 22:26:01 erstellt
# Aktualisiert am 29/07/2014 von Xplode
# Benutzer : Franz-Xaver - ASTERIX
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)

~ Aktiviere die Benutzerkontensteuerung ... OK

~ Entferne die Bereinigungsprogramme ...

Gelöscht : C:\FRST
Gelöscht : C:\AdwCleaner
Gelöscht : C:\Users\Franz-Xaver\Downloads\Addition.txt
Gelöscht : C:\Users\Franz-Xaver\Downloads\AdwCleaner-lnstall.exe
Gelöscht : C:\Users\Franz-Xaver\Downloads\AdwCleaner_4.111.exe
Gelöscht : C:\Users\Franz-Xaver\Downloads\esetsmartinstaller_deu.exe
Gelöscht : C:\Users\Franz-Xaver\Downloads\Fixlog.txt
Gelöscht : C:\Users\Franz-Xaver\Downloads\FRST(1).exe
Gelöscht : C:\Users\Franz-Xaver\Downloads\FRST(2).exe
Gelöscht : C:\Users\Franz-Xaver\Downloads\FRST.exe
Gelöscht : C:\Users\Franz-Xaver\Downloads\FRST.txt
Gelöscht : C:\Users\Franz-Xaver\Downloads\FRST1.txt
Gelöscht : HKLM\SOFTWARE\AdwCleaner

~ Erstelle ein Backup der Registrierungsdatenbank ... OK

~ Lösche die Wiederherstellungspunkte ...

Gelöscht : RP #394 [Windows Update | 02/27/2015 21:18:53]
Gelöscht : RP #396 [Revo Uninstaller's restore point - RealPlayer Cloud | 02/27/2015 21:43:06]
Gelöscht : RP #398 [Revo Uninstaller's restore point - RealPlayer Cloud | 02/27/2015 21:46:57]
Gelöscht : RP #399 [Wiederherstellungsvorgang | 03/01/2015 23:28:44]
Gelöscht : RP #401 [Revo Uninstaller's restore point - JetDrive | 03/01/2015 23:43:39]
Gelöscht : RP #403 [Revo Uninstaller's restore point - Spybot - Search & Destroy | 03/01/2015 23:46:03]
Gelöscht : RP #405 [Revo Uninstaller's restore point - Spybot - Search & Destroy | 03/01/2015 23:48:06]
Gelöscht : RP #407 [Revo Uninstaller's restore point - CCleaner | 03/01/2015 23:51:34]
Gelöscht : RP #409 [Revo Uninstaller's restore point - Secunia PSI (3.0.0.10004) | 03/01/2015 23:54:16]
Gelöscht : RP #410 [Windows Update | 03/02/2015 00:01:59]
Gelöscht : RP #412 [Revo Uninstaller's restore point - RealPlayer Cloud | 03/02/2015 00:33:37]
Gelöscht : RP #414 [Revo Uninstaller's restore point - RealPlayer Cloud | 03/02/2015 00:37:02]
Gelöscht : RP #416 [Revo Uninstaller's restore point - MyDriveConnect 3.3.0.1756 | 03/02/2015 07:50:17]
Gelöscht : RP #417 [Wiederherstellungsvorgang | 03/02/2015 07:56:23]
Gelöscht : RP #418 [Windows Update | 03/02/2015 08:21:41]
Gelöscht : RP #419 [Installed Adblock Plus for IE (32-bit) | 03/02/2015 08:37:59]
Gelöscht : RP #421 [Revo Uninstaller's restore point - Malwarebytes Anti-Malware Version 2.0.4.1028 | 03/02/2015 08:51:22]
Gelöscht : RP #422 [Alles läuft | 03/02/2015 09:44:57]
Gelöscht : RP #423 [Windows-Sicherung | 03/02/2015 19:05:29]
Gelöscht : RP #425 [Revo Uninstaller's restore point - Google Chrome | 03/04/2015 16:24:05]
Gelöscht : RP #427 [Revo Uninstaller's restore point - JetDrive | 03/04/2015 16:37:02]
Gelöscht : RP #429 [Revo Uninstaller's restore point - Spybot - Search & Destroy | 03/04/2015 16:40:29]
Gelöscht : RP #431 [Revo Uninstaller's restore point - CCleaner | 03/04/2015 16:41:41]
Gelöscht : RP #433 [Revo Uninstaller's restore point - Aquamarin Haushaltsbuch 2.9.2 b | 03/04/2015 17:08:31]
Gelöscht : RP #434 [Windows Update | 03/04/2015 17:31:35]
Gelöscht : RP #435 [Windows Update | 03/06/2015 16:33:21]
Gelöscht : RP #436 [McAfee Vulnerability Scanner | 03/06/2015 18:50:01]
Gelöscht : RP #437 [Windows Update | 03/06/2015 18:58:22]
Gelöscht : RP #438 [Removed Java 8 Update 31 | 03/06/2015 21:07:40]
Gelöscht : RP #439 [Removed Java 8 Update 31 | 03/06/2015 21:08:19]
Gelöscht : RP #440 [Removed Java 8 Update 25 | 03/06/2015 21:09:49]
Gelöscht : RP #441 [Removed Java 7 Update 71 | 03/06/2015 21:10:53]
Gelöscht : RP #442 [Removed Java 8 Update 40 | 03/06/2015 21:17:05]

Ein neuer Wiederherstellungspunkt wurde erstellt !

~ Stelle die Systemeinstellungen wieder her ... OK

########## - EOF - ##########
ODE]

Nochmals ein Hallo Jürgen!
Ich kann mich bei Dir nur sehr herzlich für Deine Mühe und Geduld, die Du für mich aufgebracht hast, bedanken.
Wie kann ich ein Lob erstellen?
Gerne spende ich auch etwas, sage mir bitte, wie viel so überwiesen wird.
Gruß und bis gleich,
F-X

deeprybka 06.03.2015 22:55
Hallo Franz-Xaver, das mit dem DelFix hat alles geklappt. Sollte sonst noch was "rumliegen" einfach löschen. :daumenhoc

Zitat:
Zitat von Xorrie (Beitrag 1437337)
Gerne spende ich auch etwas, sage mir bitte, wie viel so überwiesen wird.
Ehrlich gesagt, weiß ich das nicht, das weiß nur der Admin. Jede Spende ist aber willkommen und sichert das Trojaner-Board. Vielen Dank! :applaus:

Xorrie 06.03.2015 23:34
Ich hoffe, dass ich das Lob auf der richtigen Seite eingeschrieben habe.
Gespendet habe ich auch ein "bisschen".
Nochmals vielen herzlichen Dank.

Du machst Schopenhauer alle Ehre:
"Verletze niemanden, vielmehr hilf allen, soweit du kannst"
Du hast mir sehr geholfen!:applaus:

deeprybka 06.03.2015 23:37
Freut mich! Dir alles Gute! :abklatsch:

Xorrie 07.03.2015 09:14
Guten Morgen Jürgen,
ich bin es nochmal, die Nervensäge Franz-Xaver.
Wie ich so mitbekommen habe, waren doch etliche Dateien u.s.w. infiziert.
Kannst Du mir in kurzen, einfachen Worten für mich verständlich, mal mitteilen, ob der PC wieder sauber ist, wie das alles funktioniert hat, wie die Infizierung gelöscht wurde und wie ich evtl. selber mal nachsehen kann, ob mein PC Trojaner oder Viren hat?
Ich habe sehr spät angefangen, mir einen Computer zuzulegen und habe nicht viel Ahnung von der Materie.
McAfee ist doch, so sagte man mir, ein gutes Viren und Firewall-Programm.
Wie kann ich als Laie überprüfen, ob mein PC und /oder Dateien sauber sind?
Vielen Dank im Voraus für Deine Mühe, ein schönes Wochenende und alles erdenklich Gute für Dich.:abklatsch:
Viele Grüße aus Unterfranken
Franz-Xaver:dankeschoen:

deeprybka 07.03.2015 10:14
Naja, als "normaler" User würde ich einen anderen Virenscanner nehmen, der auch die Adware- und PUPs-Programme besser detektiert (z.B. ESET Nod32 Antivirus).

Die relevanten und aktiven Adware-Komponenten haben wir mit FRST gefixt (=gelöscht). Die waren dann in der Quarantäne. Diese wurde dann von DelFix gelöscht. Und wie ja groß und grün geschrieben, ja der PC ist wieder sauber. :)

Xorrie 07.03.2015 19:32
Vielen Dank für den Tipp.
Ich werde Deinen Rat wegen ESET Nod32 Antivirus:snyper: befolgen.

Gruß und ein sonniges Wochenende:dankeschoen:
F-X


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:29 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131