Neuer Postbank Trojaner. Wie muss ich vorgehen?

Einhorn66 · 09.11.2014, 00:49

Hallo ,
Donnerstag morgens loggte ich ins Postbankonlinebanking. Als erstes kam vor dem Hintergrund eine Meldung: Zollamt hat Ihnen aus Versehen 1500 € gut geschrieben. Bitte veranlassen sie eine Rücksendung. Sollte es nicht funktionieren, werden Sie ein Schreiben erhalten und sie nachträglich in einer Ihrer Filiale sie veranlassen.

Zwei Kasten waren zu klicken: Rücksendung und Kontoübersicht

Ich ging zur Kontoübersicht, sah tatsächich 1500 Euro gutgeschrieben. Merkwürdig war jedoch, dass ich auf dieser Seite nichts bewegen könnte. Ich wollte was überweisen, ging nicht, ebenso rückwirkend Umsatz einsehen. Da wurde ich stutzig und ging daraufhin zur Postbank. Mit Erstaunen zeigte mir die Beraterin ihr Bildschirm. Es kam keine 1500 Euro, weder noch eine Meldung. Sie rief überall an und bekam die Mitteilung dass es sich um ein Trojaner handelt. Mein Konto wurde gesperrt und ich erhalte neue Pin. Außerdem sollte ich mein Pc reinigen lassen von einem Fachmann. Sonst kommt es erneut. Wer hat die gleiche Erfahrung gemacht und kann mir den Tipp geben, den Trojaner selbst zu reinigen? Habe bisher nichts unternommen. Schon mal vielen Dank für Eure Tipps.

deeprybka · 09.11.2014, 00:59

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
Poste die Logfiles direkt in Deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.

Los geht's:

Schritt 1

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Einhorn66 · 09.11.2014, 22:47

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2014 01
Ran by Visuellspektrum B.E at 2014-11-09 22:39:00
Running from C:\Users\Visuellspektrum B.E\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.15 - STMicroelectronics)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.4 64-bit (HKLM\...\{558B5965-CC1B-4AF1-BA07-5D6832404050}) (Version: 5.4.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AOL Deinstallation (HKLM-x32\...\AOL Deinstallation) (Version: - )
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-9450CDN (HKLM-x32\...\{C83FB11D-9EC6-49D7-99A7-DDDB2264883C}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Brother MFL-Pro Suite MFC-J265W (HKLM-x32\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.47 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)
Dell Dock (HKLM-x32\...\Dell Dock) (Version: 2.0 - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell System Detect (HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\9204f5692a8faf3b) (Version: 5.4.0.4 - Dell)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.35 - Creative Technology Ltd)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Flash Player Pro V5.4 (HKLM-x32\...\Flash Player Pro_is1) (Version: - FlashPlayerPro.com)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{D16A2127-B927-4379-B153-3DEC091E4EEB}) (Version: 13.02.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java(TM) 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.50.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
KidiArt Studio (HKLM-x32\...\{8ECEBE50-337B-4C8A-B275-667A02E0130A}) (Version: 1.0.0.0 - VTech)
KidiArt Studio (x32 Version: 1.0.0.0 - VTech) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-001B-0000-0000-0000000FF1CE}_WordR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office on Demand-Browser-Add-Ons (HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Microsoft Office on Demand-Browser-Add-Ons) (Version: 15.0.4535.1511 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word 2007 (HKLM-x32\...\WordR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6308.28 - PC-Doctor, Inc.)
myMMX (HKLM-x32\...\myMMX) (Version: - nWise AB)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5939 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.5939 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.5.9052 - ooVoo LLC.)
Oovoo Toolbar (HKLM-x32\...\{4F564F32-5637-006A-76A7-A758B70C0700}) (Version: 12.7.0.2447 - APN, LLC)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Paper Ball version 1.0_c_035 (HKLM-x32\...\Paper Ball_is1) (Version: 1.0_c_035 - )
PaperBall (HKLM-x32\...\{6fa59ebe-0bec-4e52-af59-4bd1b4687002}) (Version: 1.0.0.0 - Covus Freemium GmbH)
PaperBall (x32 Version: 1.0.0.0 - Covus Freemium) Hidden
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PhotoShowExpress (x32 Version: 2.0.028 - Sonic Solutions) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.8.5 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - )
RealPlayer (HKLM-x32\...\RealPlayer 12.0) (Version: - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6194 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.4.11328 - Skype Technologies S.A.)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SRWare Iron Version SRWare Iron 26.0.1450.0 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 26.0.1450.0 - SRWare)
Stellarium 0.10.6.1 (HKLM-x32\...\Stellarium_is1) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.4.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24322 - TeamViewer)
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-001B-0000-0000-0000000FF1CE}_WordR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_WordR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version: - )
VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN)
Web Check (HKLM-x32\...\Web Check) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Utils (HKLM-x32\...\Windows Utils) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4203832084-4009304635-2263003785-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll No File
CustomCLSID: HKU\S-1-5-21-4203832084-4009304635-2263003785-1000_Classes\CLSID\{225F8CFE-1B76-48E6-8E75-62CC471AFA28}\InprocServer32 -> C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\RoamingOfficeActiveX.64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4203832084-4009304635-2263003785-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll No File
CustomCLSID: HKU\S-1-5-21-4203832084-4009304635-2263003785-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll No File
CustomCLSID: HKU\S-1-5-21-4203832084-4009304635-2263003785-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\ooofilt_x64.dll No File
CustomCLSID: HKU\S-1-5-21-4203832084-4009304635-2263003785-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4203832084-4009304635-2263003785-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl_x64.dll No File
CustomCLSID: HKU\S-1-5-21-4203832084-4009304635-2263003785-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4203832084-4009304635-2263003785-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll No File
CustomCLSID: HKU\S-1-5-21-4203832084-4009304635-2263003785-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4203832084-4009304635-2263003785-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4203832084-4009304635-2263003785-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05498078-136D-4F35-B169-42B207F39D07} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4203832084-4009304635-2263003785-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-09-27] (RealNetworks, Inc.)
Task: {08911BB1-4822-40E7-A473-BBE5D8B068CB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {140F04A5-AEF4-428E-868E-2D03135FAE14} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-23] (Google Inc.)
Task: {1528A455-EBA0-4C4A-A875-294579BE9113} - System32\Tasks\{0D1A39DC-E792-449E-8A63-1A85953215EB} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.3.0.108&LastError=12002
Task: {2FD005E4-3B21-4590-B3D6-229E8BBA48E1} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-09-05] (PC-Doctor, Inc.)
Task: {3550D332-EBA4-44F3-BFF2-666C7A8C7F48} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-09-05] (PC-Doctor, Inc.)
Task: {4454CA92-4668-47C3-B347-333E744B4928} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4203832084-4009304635-2263003785-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-09-27] (RealNetworks, Inc.)
Task: {4CD8B1B8-C3C9-4968-8B84-6516F7247D5D} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-25] (Microsoft Corporation)
Task: {51E9BB0C-7089-463B-B1A5-F0E42D371C47} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4203832084-4009304635-2263003785-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-09-27] (RealNetworks, Inc.)
Task: {53983F00-8D40-42CE-8298-8DF16ED244D9} - System32\Tasks\{104AF432-7622-45A2-9394-85C7F008C5C8} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar
Task: {559E93D5-B078-415B-AD8C-EB7F892DD4FD} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {6EE451AE-D401-4B5E-8AA2-F693CCCD9444} - System32\Tasks\Software Updater Ui => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Ui.exe [2013-12-18] () <==== ATTENTION
Task: {7F332AF6-61AA-439B-A4B0-3A0ED31AF8D1} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Visuellspektrum B.E\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: {88CC6FAA-9885-41C8-A490-21E913FE0F1C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {8A66D5D7-9CDC-45BC-80B0-B7044988B223} - System32\Tasks\Software Updater => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2013-12-19] () <==== ATTENTION
Task: {9228E0AA-B5DB-4937-88CE-C97B3E9EC36E} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4203832084-4009304635-2263003785-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-09-27] (RealNetworks, Inc.)
Task: {98D8593C-379B-4096-829F-65C8DFA72052} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)
Task: {BEFB611B-55EB-435C-8169-C7972C6EDC04} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-23] (Google Inc.)
Task: {C04ECBDF-0594-4C62-B596-93F97636FEF6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4203832084-4009304635-2263003785-1000Core => C:\Users\Visuellspektrum B.E\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-13] (Facebook Inc.)
Task: {FA62A255-341F-4C55-A389-A084AB793874} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4203832084-4009304635-2263003785-1000UA => C:\Users\Visuellspektrum B.E\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-13] (Facebook Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4203832084-4009304635-2263003785-1000Core.job => C:\Users\Visuellspektrum B.E\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4203832084-4009304635-2263003785-1000UA.job => C:\Users\Visuellspektrum B.E\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-03-05 16:21 - 2010-03-05 16:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-03-19 07:29 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2011-01-04 01:58 - 2010-08-12 01:19 - 00781536 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
2010-03-05 16:21 - 2010-03-05 16:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-01-04 01:56 - 2010-09-24 17:21 - 00727664 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2014-10-17 12:36 - 2014-10-17 12:36 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\602ab9ddf3440af31bb4c168b59f2ba5\VistaBridgeLibrary.ni.dll
2013-04-23 18:43 - 2005-04-22 12:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll
2014-07-03 12:20 - 2014-07-03 12:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 12:19 - 2014-07-03 12:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-01-04 01:58 - 2010-08-12 01:19 - 00056544 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll
2011-01-04 01:58 - 2010-08-12 01:19 - 00113888 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2011-01-04 01:58 - 2010-08-12 01:19 - 00126176 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2014-10-17 12:32 - 2014-10-17 12:32 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll
2011-01-04 01:54 - 2010-03-04 03:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2011-01-04 01:58 - 2010-08-12 01:19 - 01121504 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2011-01-04 01:58 - 2010-08-12 01:19 - 00077024 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2011-01-04 01:58 - 2010-08-12 01:19 - 00232672 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2011-01-04 01:58 - 2010-08-12 01:19 - 00072928 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2011-01-04 01:58 - 2010-08-12 01:19 - 00109792 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2011-01-04 01:58 - 2010-08-12 01:19 - 00119008 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2011-06-09 23:37 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-08-16 14:13 - 2007-05-24 03:57 - 00094208 _____ () c:\program files (x86)\common files\aol\1376658552\ee\services\waolTrayMenuService\ver_0_9_1\waolTrayMenuService.dll
2014-10-28 23:58 - 2014-10-22 05:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-28 23:58 - 2014-10-22 05:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-28 23:58 - 2014-10-22 05:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-28 23:58 - 2014-10-22 05:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-10-28 23:58 - 2014-10-22 05:05 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CommunityTray => "C:\Program Files (x86)\VTech\Community\System\Startup.exe"
MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Visuellspektrum B.E\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: iTunesHelper => "C:\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Tango => C:\Program Files (x86)\Tango\Tango.exe -r
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

========================= Accounts: ==========================

Administrator (S-1-5-21-4203832084-4009304635-2263003785-500 - Administrator - Disabled)
Andere User (S-1-5-21-4203832084-4009304635-2263003785-1003 - Limited - Enabled) => C:\Users\Andere User
Gast (S-1-5-21-4203832084-4009304635-2263003785-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-4203832084-4009304635-2263003785-1002 - Limited - Enabled)
Visuellspektrum B.E (S-1-5-21-4203832084-4009304635-2263003785-1000 - Administrator - Enabled) => C:\Users\Visuellspektrum B.E

==================== Faulty Device Manager Devices =============

Name: WAN Miniport (ATW) #2
Description: WAN Miniport (ATW)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: America Online, Inc.
Service: wanatw
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/09/2014 10:18:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: waol.exe, Version: 9.5.0.1, Zeitstempel: 0x4655457d
Name des fehlerhaften Moduls: waol.dll, Version: 9.5.0.1, Zeitstempel: 0x46554579
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001a6a3
ID des fehlerhaften Prozesses: 0x990
Startzeit der fehlerhaften Anwendung: 0xwaol.exe0
Pfad der fehlerhaften Anwendung: waol.exe1
Pfad des fehlerhaften Moduls: waol.exe2
Berichtskennung: waol.exe3

Error: (11/09/2014 09:56:29 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.

Details:
Das System kann die angegebene Datei nicht finden. (HRESULT : 0x80070002) (0x80070002)

Error: (11/09/2014 09:56:29 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung

Details:
Das System kann die angegebene Datei nicht finden. (HRESULT : 0x80070002) (0x80070002)

Error: (11/09/2014 09:56:29 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog

Details:
Das System kann die angegebene Datei nicht finden. (HRESULT : 0x80070002) (0x80070002)

Error: (11/09/2014 09:56:29 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog

Details:
Das System kann die angegebene Datei nicht finden. (HRESULT : 0x80070002) (0x80070002)

Error: (11/09/2014 09:50:59 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.

Details:
Das System kann die angegebene Datei nicht finden. (HRESULT : 0x80070002) (0x80070002)

Error: (11/09/2014 09:50:59 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung

Details:
Das System kann die angegebene Datei nicht finden. (HRESULT : 0x80070002) (0x80070002)

Error: (11/09/2014 09:50:59 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog

Details:
Das System kann die angegebene Datei nicht finden. (HRESULT : 0x80070002) (0x80070002)

Error: (11/09/2014 09:50:59 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog

Details:
Das System kann die angegebene Datei nicht finden. (HRESULT : 0x80070002) (0x80070002)

Error: (11/09/2014 09:44:36 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.

Details:
Das System kann die angegebene Datei nicht finden. (HRESULT : 0x80070002) (0x80070002)

System errors:
=============
Error: (11/09/2014 10:38:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 35 Mal passiert.

Error: (11/09/2014 10:38:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%2

Error: (11/09/2014 10:36:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 34 Mal passiert.

Error: (11/09/2014 10:36:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%2

Error: (11/09/2014 10:35:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 33 Mal passiert.

Error: (11/09/2014 10:35:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%2

Error: (11/09/2014 10:35:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 32 Mal passiert.

Error: (11/09/2014 10:35:54 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%2

Error: (11/09/2014 10:35:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 31 Mal passiert.

Error: (11/09/2014 10:35:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%2

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7 CPU Q 740 @ 1.73GHz
Percentage of memory in use: 59%
Total physical RAM: 4028.38 MB
Available physical RAM: 1644.75 MB
Total Pagefile: 8054.94 MB
Available Pagefile: 5341.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:581.48 GB) (Free:506.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: ECE692C6)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=581.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2014 01
Ran by Visuellspektrum B.E at 2014-11-09 22:39:00
Running from C:\Users\Visuellspektrum B.E\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.15 - STMicroelectronics)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.4 64-bit (HKLM\...\{558B5965-CC1B-4AF1-BA07-5D6832404050}) (Version: 5.4.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AOL Deinstallation (HKLM-x32\...\AOL Deinstallation) (Version:  - )
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-9450CDN (HKLM-x32\...\{C83FB11D-9EC6-49D7-99A7-DDDB2264883C}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Brother MFL-Pro Suite MFC-J265W (HKLM-x32\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version:  - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.47 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)
Dell Dock (HKLM-x32\...\Dell Dock) (Version: 2.0 - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell System Detect (HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\9204f5692a8faf3b) (Version: 5.4.0.4 - Dell)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.35 - Creative Technology Ltd)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Flash Player Pro V5.4 (HKLM-x32\...\Flash Player Pro_is1) (Version:  - FlashPlayerPro.com)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{D16A2127-B927-4379-B153-3DEC091E4EEB}) (Version: 13.02.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java(TM) 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.50.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
KidiArt Studio (HKLM-x32\...\{8ECEBE50-337B-4C8A-B275-667A02E0130A}) (Version: 1.0.0.0 - VTech)
KidiArt Studio (x32 Version: 1.0.0.0 - VTech) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-001B-0000-0000-0000000FF1CE}_WordR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office on Demand-Browser-Add-Ons (HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Microsoft Office on Demand-Browser-Add-Ons) (Version: 15.0.4535.1511 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word 2007 (HKLM-x32\...\WordR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6308.28 - PC-Doctor, Inc.)
myMMX (HKLM-x32\...\myMMX) (Version:  - nWise AB)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5939 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.5939 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.5.9052 - ooVoo LLC.)
Oovoo Toolbar (HKLM-x32\...\{4F564F32-5637-006A-76A7-A758B70C0700}) (Version: 12.7.0.2447 - APN, LLC)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Paper Ball version 1.0_c_035 (HKLM-x32\...\Paper Ball_is1) (Version: 1.0_c_035 - )
PaperBall (HKLM-x32\...\{6fa59ebe-0bec-4e52-af59-4bd1b4687002}) (Version: 1.0.0.0 - Covus Freemium GmbH)
PaperBall (x32 Version: 1.0.0.0 - Covus Freemium) Hidden
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PhotoShowExpress (x32 Version: 2.0.028 - Sonic Solutions) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.8.5 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version:  - )
RealPlayer (HKLM-x32\...\RealPlayer 12.0) (Version:  - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6194 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.4.11328 - Skype Technologies S.A.)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SRWare Iron Version SRWare Iron 26.0.1450.0 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 26.0.1450.0 - SRWare)
Stellarium 0.10.6.1 (HKLM-x32\...\Stellarium_is1) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.4.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24322 - TeamViewer)
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-001B-0000-0000-0000000FF1CE}_WordR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_WordR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version:  - )
VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN)
Web Check (HKLM-x32\...\Web Check) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Utils (HKLM-x32\...\Windows Utils) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4203832084-4009304635-2263003785-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll No File
CustomCLSID: HKU\S-1-5-21-4203832084-4009304635-2263003785-1000_Classes\CLSID\{225F8CFE-1B76-48E6-8E75-62CC471AFA28}\InprocServer32 -> C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\RoamingOfficeActiveX.64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4203832084-4009304635-2263003785-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll No File
CustomCLSID: HKU\S-1-5-21-4203832084-4009304635-2263003785-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll No File
CustomCLSID: HKU\S-1-5-21-4203832084-4009304635-2263003785-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\ooofilt_x64.dll No File
CustomCLSID: HKU\S-1-5-21-4203832084-4009304635-2263003785-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4203832084-4009304635-2263003785-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl_x64.dll No File
CustomCLSID: HKU\S-1-5-21-4203832084-4009304635-2263003785-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4203832084-4009304635-2263003785-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll No File
CustomCLSID: HKU\S-1-5-21-4203832084-4009304635-2263003785-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4203832084-4009304635-2263003785-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4203832084-4009304635-2263003785-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05498078-136D-4F35-B169-42B207F39D07} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4203832084-4009304635-2263003785-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-09-27] (RealNetworks, Inc.)
Task: {08911BB1-4822-40E7-A473-BBE5D8B068CB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {140F04A5-AEF4-428E-868E-2D03135FAE14} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-23] (Google Inc.)
Task: {1528A455-EBA0-4C4A-A875-294579BE9113} - System32\Tasks\{0D1A39DC-E792-449E-8A63-1A85953215EB} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.3.0.108&amp;LastError=12002
Task: {2FD005E4-3B21-4590-B3D6-229E8BBA48E1} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-09-05] (PC-Doctor, Inc.)
Task: {3550D332-EBA4-44F3-BFF2-666C7A8C7F48} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-09-05] (PC-Doctor, Inc.)
Task: {4454CA92-4668-47C3-B347-333E744B4928} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4203832084-4009304635-2263003785-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-09-27] (RealNetworks, Inc.)
Task: {4CD8B1B8-C3C9-4968-8B84-6516F7247D5D} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-25] (Microsoft Corporation)
Task: {51E9BB0C-7089-463B-B1A5-F0E42D371C47} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4203832084-4009304635-2263003785-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-09-27] (RealNetworks, Inc.)
Task: {53983F00-8D40-42CE-8298-8DF16ED244D9} - System32\Tasks\{104AF432-7622-45A2-9394-85C7F008C5C8} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar
Task: {559E93D5-B078-415B-AD8C-EB7F892DD4FD} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {6EE451AE-D401-4B5E-8AA2-F693CCCD9444} - System32\Tasks\Software Updater Ui => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Ui.exe [2013-12-18] () <==== ATTENTION
Task: {7F332AF6-61AA-439B-A4B0-3A0ED31AF8D1} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Visuellspektrum B.E\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: {88CC6FAA-9885-41C8-A490-21E913FE0F1C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {8A66D5D7-9CDC-45BC-80B0-B7044988B223} - System32\Tasks\Software Updater => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2013-12-19] () <==== ATTENTION
Task: {9228E0AA-B5DB-4937-88CE-C97B3E9EC36E} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4203832084-4009304635-2263003785-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-09-27] (RealNetworks, Inc.)
Task: {98D8593C-379B-4096-829F-65C8DFA72052} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)
Task: {BEFB611B-55EB-435C-8169-C7972C6EDC04} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-23] (Google Inc.)
Task: {C04ECBDF-0594-4C62-B596-93F97636FEF6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4203832084-4009304635-2263003785-1000Core => C:\Users\Visuellspektrum B.E\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-13] (Facebook Inc.)
Task: {FA62A255-341F-4C55-A389-A084AB793874} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4203832084-4009304635-2263003785-1000UA => C:\Users\Visuellspektrum B.E\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-13] (Facebook Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4203832084-4009304635-2263003785-1000Core.job => C:\Users\Visuellspektrum B.E\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4203832084-4009304635-2263003785-1000UA.job => C:\Users\Visuellspektrum B.E\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-03-05 16:21 - 2010-03-05 16:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-03-19 07:29 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2011-01-04 01:58 - 2010-08-12 01:19 - 00781536 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
2010-03-05 16:21 - 2010-03-05 16:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-01-04 01:56 - 2010-09-24 17:21 - 00727664 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2014-10-17 12:36 - 2014-10-17 12:36 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\602ab9ddf3440af31bb4c168b59f2ba5\VistaBridgeLibrary.ni.dll
2013-04-23 18:43 - 2005-04-22 12:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll
2014-07-03 12:20 - 2014-07-03 12:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 12:19 - 2014-07-03 12:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-01-04 01:58 - 2010-08-12 01:19 - 00056544 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll
2011-01-04 01:58 - 2010-08-12 01:19 - 00113888 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2011-01-04 01:58 - 2010-08-12 01:19 - 00126176 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2014-10-17 12:32 - 2014-10-17 12:32 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll
2011-01-04 01:54 - 2010-03-04 03:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2011-01-04 01:58 - 2010-08-12 01:19 - 01121504 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2011-01-04 01:58 - 2010-08-12 01:19 - 00077024 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2011-01-04 01:58 - 2010-08-12 01:19 - 00232672 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2011-01-04 01:58 - 2010-08-12 01:19 - 00072928 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2011-01-04 01:58 - 2010-08-12 01:19 - 00109792 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2011-01-04 01:58 - 2010-08-12 01:19 - 00119008 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2011-06-09 23:37 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-08-16 14:13 - 2007-05-24 03:57 - 00094208 _____ () c:\program files (x86)\common files\aol\1376658552\ee\services\waolTrayMenuService\ver_0_9_1\waolTrayMenuService.dll
2014-10-28 23:58 - 2014-10-22 05:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-28 23:58 - 2014-10-22 05:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-28 23:58 - 2014-10-22 05:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-28 23:58 - 2014-10-22 05:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-10-28 23:58 - 2014-10-22 05:05 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CommunityTray => "C:\Program Files (x86)\VTech\Community\System\Startup.exe"
MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Visuellspektrum B.E\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: iTunesHelper => "C:\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Tango => C:\Program Files (x86)\Tango\Tango.exe -r
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

========================= Accounts: ==========================

Administrator (S-1-5-21-4203832084-4009304635-2263003785-500 - Administrator - Disabled)
Andere User (S-1-5-21-4203832084-4009304635-2263003785-1003 - Limited - Enabled) => C:\Users\Andere User
Gast (S-1-5-21-4203832084-4009304635-2263003785-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-4203832084-4009304635-2263003785-1002 - Limited - Enabled)
Visuellspektrum B.E (S-1-5-21-4203832084-4009304635-2263003785-1000 - Administrator - Enabled) => C:\Users\Visuellspektrum B.E

==================== Faulty Device Manager Devices =============

Name: WAN Miniport (ATW) #2
Description: WAN Miniport (ATW)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: America Online, Inc.
Service: wanatw
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/09/2014 10:18:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: waol.exe, Version: 9.5.0.1, Zeitstempel: 0x4655457d
Name des fehlerhaften Moduls: waol.dll, Version: 9.5.0.1, Zeitstempel: 0x46554579
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001a6a3
ID des fehlerhaften Prozesses: 0x990
Startzeit der fehlerhaften Anwendung: 0xwaol.exe0
Pfad der fehlerhaften Anwendung: waol.exe1
Pfad des fehlerhaften Moduls: waol.exe2
Berichtskennung: waol.exe3

Error: (11/09/2014 09:56:29 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)

Error: (11/09/2014 09:56:29 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)

Error: (11/09/2014 09:56:29 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)

Error: (11/09/2014 09:56:29 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)

Error: (11/09/2014 09:50:59 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)

Error: (11/09/2014 09:50:59 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)

Error: (11/09/2014 09:50:59 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)

Error: (11/09/2014 09:50:59 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)

Error: (11/09/2014 09:44:36 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Das System kann die angegebene Datei nicht finden.  (HRESULT : 0x80070002) (0x80070002)


System errors:
=============
Error: (11/09/2014 10:38:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 35 Mal passiert.

Error: (11/09/2014 10:38:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: 
%%2

Error: (11/09/2014 10:36:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 34 Mal passiert.

Error: (11/09/2014 10:36:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: 
%%2

Error: (11/09/2014 10:35:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 33 Mal passiert.

Error: (11/09/2014 10:35:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: 
%%2

Error: (11/09/2014 10:35:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 32 Mal passiert.

Error: (11/09/2014 10:35:54 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: 
%%2

Error: (11/09/2014 10:35:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 31 Mal passiert.

Error: (11/09/2014 10:35:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: 
%%2


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7 CPU Q 740 @ 1.73GHz
Percentage of memory in use: 59%
Total physical RAM: 4028.38 MB
Available physical RAM: 1644.75 MB
Total Pagefile: 8054.94 MB
Available Pagefile: 5341.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:581.48 GB) (Free:506.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: ECE692C6)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=581.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

deeprybka · 09.11.2014, 22:52

OK bitte die FRST.txt auch noch in Code-Tags posten...

Einhorn66 · 10.11.2014, 00:23

[CODE]Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01
Ran by Visuellspektrum B.E (administrator) on VISUELLSPEKTRUM on 09-11-2014 22:36:55
Running from C:\Users\Visuellspektrum B.E\Desktop
Loaded Profile: Visuellspektrum B.E (Available profiles: Visuellspektrum B.E & Andere User & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(AOL LLC) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ooVoo LLC) C:\Program Files (x86)\ooVoo\ooVoo.exe
(Dell) C:\Users\Visuellspektrum B.E\AppData\Local\Apps\2.0\4Y2M6VA0.Z2E\0X0RCQQN.7AZ\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Windows Net) C:\Users\Visuellspektrum B.E\AppData\Roaming\Windows Net Data\net.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(America Online, Inc.) C:\Program Files (x86)\Common Files\AOL\1376658552\ee\aolsoftware.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Apple Inc.) C:\iTunesHelper.exe
(APN LLC.) C:\Users\Visuellspektrum B.E\AppData\Local\VNT\vntldr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2247976 2010-07-15] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6486120 2010-09-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-09-03] (Realtek Semiconductor)
HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel(R) Corporation)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3206816 2010-08-04] (Dell Inc.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-09-24] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [friends] => C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.4\help\pt_br\current\root_ca.exe [289792 2014-10-28] (Firetrust)
HKLM-x32\...\Run: [NUSB3MON] => c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1376658552\ee\AOLSoftware.exe [50736 2006-09-26] (America Online, Inc.)
HKLM-x32\...\Run: [ApnTBMon] => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [VNT] => C:\Program Files (x86)\VNT\vntldr.exe [202192 2013-11-08] (APN LLC.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-12] (Softthinks)
HKLM-x32\...\RunOnce: [DSUpdateLauncher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe [161088 2010-07-21] ()
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [ooVoo.exe] => C:\Program Files (x86)\ooVoo\oovoo.exe [36125760 2013-12-18] (ooVoo LLC)
HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [DellSystemDetect] => C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [uqdfumrw] => C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Vcducbofyj\awjkumrw.exe [103424 2014-10-14] () <===== ATTENTION
HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [tionkcrz] => C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Oitg\rwsjjjgkcrz.exe [103424 2014-10-15] (CJSC "Computing Forces") <===== ATTENTION
HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [ifoxxwzr] => C:\Users\Visuellspektrum B.E\AppData\Local\Jnrik\thhsexwzr.exe
HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [tfwywndb] => C:\Users\Visuellspektrum B.E\AppData\Roaming\Rmcevfwq\ierwweewndb.exe
HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [liyezfcu] => C:\Users\Visuellspektrum B.E\AppData\Local\Hxnfs\ebxecdxzfcu.exe
HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [hffgquir] => C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Gamxoeew\uqrfiquir.exe <===== ATTENTION
HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [xlazimaw] => C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Woiadfgj\pwarfaimaw.exe [92160 2014-11-07] () <===== ATTENTION
HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [explorer64login] => C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Explorer64\explorer64login.exe [100352 2014-11-08] () <===== ATTENTION
HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [win] => C:\Users\Visuellspektrum B.E\AppData\Local\Win\win.exe [100352 2014-11-08] ()
HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [chrome64wave] => C:\Users\Visuellspektrum B.E\AppData\Roaming\Chrome64\chrome64wave.exe [72704 2014-11-08] ()
HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [system64-print32] => C:\Users\Visuellspektrum B.E\AppData\Local\System64\system64-print32.exe [100352 2014-11-08] ()
HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [perl32runner32] => C:\Users\Visuellspektrum B.E\AppData\Local\Perl32\perl32runner32.exe
HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\RunOnce: [Uninstall C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\RunOnce: [Uninstall C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Andere User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\Visuellspektrum B.E\AppData\Roaming\Windows Net Data\net.exe (Windows Net)
Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013
URLSearchHook: HKCU - (No Name) - {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL =
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311336&CUI=UN18303927224961151&UM=2
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {13674696-600A-44DD-A8F8-E801732B1483} URL =
SearchScopes: HKCU - {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311336&CUI=UN18303927224961151&UM=2
SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://suche.aol.de/suche/web/search.jsp?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: AOL Toolbar Launcher -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Web Check -> {E155F23C-9931-47c6-A619-20E6FCA86D75} -> C:\Program Files (x86)\Web Check\WebCheck.dll (Web Check)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Visuellspektrum B.E\AppData\Roaming\Mozilla\Firefox\Profiles\yjafk0m5.default
FF NewTab: about:blank
FF DefaultSearchEngine: Conduit Search
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311336&CUI=UN97404443626523320&UM=2&SearchSource=3&q={searchTerms}
FF SelectedSearchEngine: Conduit Search
FF Homepage: about:home
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311336&SearchSource=2&CUI=UN97404443626523320&UM=2&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=12.0.1.669 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=12.0.1.669 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.669 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4203832084-4009304635-2263003785-1000: @microsoft.com/Office on Demand;version=1 -> C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\npofficeondemand.dll (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-4203832084-4009304635-2263003785-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Visuellspektrum B.E\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin Prog-2263003785-1000\...\RunOnce: [Uninstall C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Andere User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\Visuellspektrum B.E\AppData\Roaming\Windows Net Data\net.exe (Windows Net)
Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013
URLSearchHook: HKCU - (No Name) - {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL =
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311336&CUI=UN18303927224961151&UM=2
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {13674696-600A-44DD-A8F8-E801732B1483} URL =
SearchScopes: HKCU - {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311336&CUI=UN18303927224961151&UM=2
SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://suche.aol.de/suche/web/search.jsp?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: AOL Toolbar Launcher -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Web Check -> {E155F23C-9931-47c6-A619-20E6FCA86D75} -> C:\Program Files (x86)\Web Check\WebCheck.dll (Web Check)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Visuellspektrum B.E\AppData\Roaming\Mozilla\Firefox\Profiles\yjafk0m5.default
FF NewTab: about:blank
FF DefaultSearchEngine: Conduit Search
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311336&CUI=UN97404443626523320&UM=2&SearchSource=3&q={searchTerms}
FF SelectedSearchEngine: Conduit Search
FF Homepage: about:home
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311336&SearchSource=2&CUI=UN97404443626523320&UM=2&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=12.0.1.669 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=12.0.1.669 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.669 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4203832084-4009304635-2263003785-1000: @microsoft.com/Office on Demand;version=1 -> C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\npofficeondemand.dll (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-4203832084-4009304635-2263003785-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Visuellspektrum B.E\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin Prog-2263003785-1000\...\RunOnce: [Uninstall C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Andere User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\Visuellspektrum B.E\AppData\Roaming\Windows Net Data\net.exe (Windows Net)
Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013
URLSearchHook: HKCU - (No Name) - {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL =
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311336&CUI=UN18303927224961151&UM=2
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {13674696-600A-44DD-A8F8-E801732B1483} URL =
SearchScopes: HKCU - {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311336&CUI=UN18303927224961151&UM=2
SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://suche.aol.de/suche/web/search.jsp?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: AOL Toolbar Launcher -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Web Check -> {E155F23C-9931-47c6-A619-20E6FCA86D75} -> C:\Program Files (x86)\Web Check\WebCheck.dll (Web Check)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Visuellspektrum B.E\AppData\Roaming\Mozilla\Firefox\Profiles\yjafk0m5.default
FF NewTab: about:blank
FF DefaultSearchEngine: Conduit Search
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311336&CUI=UN97404443626523320&UM=2&SearchSource=3&q={searchTerms}
FF SelectedSearchEngine: Conduit Search
FF Homepage: about:home
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311336&SearchSource=2&CUI=UN97404443626523320&UM=2&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=12.0.1.669 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=12.0.1.669 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.669 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4203832084-4009304635-2263003785-1000: @microsoft.com/Office on Demand;version=1 -> C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\npofficeondemand.dll (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-4203832084-4009304635-2263003785-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Visuellspektrum B.E\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin Prog-2263003785-1000\...\RunOnce: [Uninstall C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Andere User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\Visuellspektrum B.E\AppData\Roaming\Windows Net Data\net.exe (Windows Net)
Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013
URLSearchHook: HKCU - (No Name) - {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL =
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311336&CUI=UN18303927224961151&UM=2
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {13674696-600A-44DD-A8F8-E801732B1483} URL =
SearchScopes: HKCU - {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311336&CUI=UN18303927224961151&UM=2
SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://suche.aol.de/suche/web/search.jsp?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: AOL Toolbar Launcher -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Web Check -> {E155F23C-9931-47c6-A619-20E6FCA86D75} -> C:\Program Files (x86)\Web Check\WebCheck.dll (Web Check)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Visuellspektrum B.E\AppData\Roaming\Mozilla\Firefox\Profiles\yjafk0m5.default
FF NewTab: about:blank
FF DefaultSearchEngine: Conduit Search
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311336&CUI=UN97404443626523320&UM=2&SearchSource=3&q={searchTerms}
FF SelectedSearchEngine: Conduit Search
FF Homepage: about:home
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311336&SearchSource=2&CUI=UN97404443626523320&UM=2&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vis

deeprybka · 10.11.2014, 00:36

Schritt 1

Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.

Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Einhorn66 · 10.11.2014, 00:38

komme leider nicht durch, habs...aber trojaner board sperrte wegen den seitenaufrufe...blabla..und ich habe dem admin angeschrieben..soll ich es hier privat machen?

deeprybka · 10.11.2014, 00:39

Hä? Bitte was?

deeprybka · 10.11.2014, 11:47

Ich meine das mit den Passwortänderungen so, dass Du von einem anderen PC (welcher nicht infiziert ist) oder von nem Handy aus, alle Deine sensiblen Online-Passwörter ändern sollst (Paypal, Email, Ebay usw.).
Wenn Du mit der Bereinigung hier beginnen möchtest, dann poste bitte die Logs komplett in Code-Tags.

Einhorn66 · 13.11.2014, 23:31

kann leider nicht den Frst senden...wird nicht weitergeleitet. Mir fiel was auf: Ich ging zur Systemsteuerung und dann zu Anmeldeinformationen und fand fremde Eingänge, eiinmal einer aus Iran, einer Mal da und da...hab sie alle gelöscht und ABER bei einem , der kam wieder heute rein. Wie kann ich ihn endgültig sperren?

deeprybka · 13.11.2014, 23:34

Sorry, ohne Logs kann ich schlecht helfen. Entweder posten oder anhängen.

Zitat:

Ich ging zur Systemsteuerung und dann zu Anmeldeinformationen und fand fremde Eingänge,

?

Einhorn66 · 14.11.2014, 00:00

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01
Ran by Visuellspektrum B.E (administrator) on VISUELLSPEKTRUM on 09-11-2014 22:36:55
Running from C:\Users\Visuellspektrum B.E\Desktop
Loaded Profile: Visuellspektrum B.E (Available profiles: Visuellspektrum B.E & Andere User & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(AOL LLC) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ooVoo LLC) C:\Program Files (x86)\ooVoo\ooVoo.exe
(Dell) C:\Users\Visuellspektrum B.E\AppData\Local\Apps\2.0\4Y2M6VA0.Z2E\0X0RCQQN.7AZ\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Windows Net) C:\Users\Visuellspektrum B.E\AppData\Roaming\Windows Net Data\net.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(America Online, Inc.) C:\Program Files (x86)\Common Files\AOL\1376658552\ee\aolsoftware.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Apple Inc.) C:\iTunesHelper.exe
(APN LLC.) C:\Users\Visuellspektrum B.E\AppData\Local\VNT\vntldr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2247976 2010-07-15] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6486120 2010-09-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-09-03] (Realtek Semiconductor)
HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel(R) Corporation)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3206816 2010-08-04] (Dell Inc.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-09-24] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [friends] => C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.4\help\pt_br\current\root_ca.exe [289792 2014-10-28] (Firetrust)
HKLM-x32\...\Run: [NUSB3MON] => c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1376658552\ee\AOLSoftware.exe [50736 2006-09-26] (America Online, Inc.)
HKLM-x32\...\Run: [ApnTBMon] => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [VNT] => C:\Program Files (x86)\VNT\vntldr.exe [202192 2013-11-08] (APN LLC.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)

HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-12] (Softthinks)
HKLM-x32\...\RunOnce: [DSUpdateLauncher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe [161088 2010-07-21] ()
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [ooVoo.exe] => C:\Program Files (x86)\ooVoo\oovoo.exe [36125760 2013-12-18] (ooVoo LLC)
HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [DellSystemDetect] => C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [uqdfumrw] => C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Vcducbofyj\awjkumrw.exe [103424 2014-10-14] () <===== ATTENTION
HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [tionkcrz] => C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Oitg\rwsjjjgkcrz.exe [103424 2014-10-15] (CJSC "Computing Forces") <===== ATTENTION
HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [ifoxxwzr] => C:\Users\Visuellspektrum B.E\AppData\Local\Jnrik\thhsexwzr.exe
HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [tfwywndb] => C:\Users\Visuellspektrum B.E\AppData\Roaming\Rmcevfwq\ierwweewndb.exe
HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [liyezfcu] => C:\Users\Visuellspektrum B.E\AppData\Local\Hxnfs\ebxecdxzfcu.exe
HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [hffgquir] => C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Gamxoeew\uqrfiquir.exe <===== ATTENTION
HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [xlazimaw] => C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Woiadfgj\pwarfaimaw.exe [92160 2014-11-07] () <===== ATTENTION
HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [explorer64login] => C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Explorer64\explorer64login.exe [100352 2014-11-08] () <===== ATTENTION
HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [win] => C:\Users\Visuellspektrum B.E\AppData\Local\Win\win.exe [100352 2014-11-08] ()
HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [chrome64wave] => C:\Users\Visuellspektrum B.E\AppData\Roaming\Chrome64\chrome64wave.exe [72704 2014-11-08] ()
HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [system64-print32] => C:\Users\Visuellspektrum B.E\AppData\Local\System64\system64-print32.exe [100352 2014-11-08] ()
HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\Run: [perl32runner32] => C:\Users\Visuellspektrum B.E\AppData\Local\Perl32\perl32runner32.exe
HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\RunOnce: [Uninstall C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-4203832084-4009304635-2263003785-1000\...\RunOnce: [Uninstall C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Andere User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\Visuellspektrum B.E\AppData\Roaming\Windows Net Data\net.exe (Windows Net)
Startup: C:\Users\Visuellspektrum B.E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013
URLSearchHook: HKCU - (No Name) - {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL = 
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=90897426-6fb0-c93d-05d0-a97508e41d6e&searchtype=ds&q={searchTerms}&installDate=17/11/2013
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311336&CUI=UN18303927224961151&UM=2
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKCU - {13674696-600A-44DD-A8F8-E801732B1483} URL = 
SearchScopes: HKCU - {3AF3AFA2-BC78-4539-B980-D9B9BC0E3244} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311336&CUI=UN18303927224961151&UM=2
SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://suche.aol.de/suche/web/search.jsp?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: AOL Toolbar Launcher -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Web Check -> {E155F23C-9931-47c6-A619-20E6FCA86D75} -> C:\Program Files (x86)\Web Check\WebCheck.dll (Web Check)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Visuellspektrum B.E\AppData\Roaming\Mozilla\Firefox\Profiles\yjafk0m5.default
FF NewTab: about:blank
FF DefaultSearchEngine: Conduit Search
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311336&CUI=UN97404443626523320&UM=2&SearchSource=3&q={searchTerms}
FF SelectedSearchEngine: Conduit Search

FF Homepage: about:home
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311336&SearchSource=2&CUI=UN97404443626523320&UM=2&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=12.0.1.669 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=12.0.1.669 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.669 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4203832084-4009304635-2263003785-1000: @microsoft.com/Office on Demand;version=1 -> C:\Users\Visuellspektrum B.E\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\npofficeondemand.dll (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-4203832084-4009304635-2263003785-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Visuellspektrum B.E\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF SearchPlugin: C:\Users\Visuellspektrum B.E\AppData\Roaming\Mozilla\Firefox\Profiles\yjafk0m5.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Visuellspektrum B.E\AppData\Roaming\Mozilla\Firefox\Profiles\yjafk0m5.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Visuellspektrum B.E\AppData\Roaming\Mozilla\Firefox\Profiles\yjafk0m5.default\searchplugins\Web Search.xml
FF Extension: Freemium DE  - C:\Users\Visuellspektrum B.E\AppData\Roaming\Mozilla\Firefox\Profiles\yjafk0m5.default\Extensions\{e66f4171-0f28-4599-a595-58b840522f7e} [2014-02-06]
FF Extension: Test Pilot - C:\Users\Visuellspektrum B.E\AppData\Roaming\Mozilla\Firefox\Profiles\yjafk0m5.default\Extensions\testpilot@labs.mozilla.com.xpi [2012-06-11]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-04-24]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-10-01]
FF HKLM-x32\...\Firefox\Extensions: [{52b0f3db-f988-4788-b9dc-861d016f4487}] - C:\Program Files (x86)\Web Check\WebCheck.xpi
FF Extension: Web Check - C:\Program Files (x86)\Web Check\WebCheck.xpi [2013-08-12]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3311336&SearchSource=48&CUI=UN37841013473063414&UM=2&sspv=&UP=SP8F63F67C-7FA9-4AE1-A908-C911C255F7B6
CHR StartupUrls: Default -> "chrome-search://local-ntp/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Visuellspektrum B.E\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Visuellspektrum B.E\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-28]
CHR Extension: (McAfee Security Scan+) - C:\Users\Visuellspektrum B.E\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-22]
CHR Extension: (Google Wallet) - C:\Users\Visuellspektrum B.E\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM-x32\...\Chrome\Extension: [aaaainelhcgoinheohbeolppeofibjlh] - C:\ProgramData\AskPartnerNetwork\Toolbar\OVO2V7\CRX\ToolbarCR.crx []
CHR HKLM-x32\...\Chrome\Extension: [dacechnliklhcacondhhkkfobapdopee] - C:\Program Files (x86)\Web Check\WebCheck.crx [2013-08-12]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-10-01]
CHR HKLM-x32\...\Chrome\Extension: [jopemfhojpebdeollanchfjhpbkcijoi] - C:\Users\Visuellspektrum B.E\AppData\Local\CRE\jopemfhojpebdeollanchfjhpbkcijoi.crx [2013-12-24]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-11-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S2 sign_in_information; C:\Windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\nph_insulin\wobble_correction.exe [162304 2014-10-13] (Company 'gora-sah') [File not signed]
S2 SystemStoreService; C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe [297984 2014-04-09] () [File not signed]
S2 APNMCP; "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S1 bjdkpcji; \??\C:\Windows\system32\drivers\bjdkpcji.sys [X]
S1 bpjnxbfz; \??\C:\Windows\system32\drivers\bpjnxbfz.sys [X]
S1 cypvewap; \??\C:\Windows\system32\drivers\cypvewap.sys [X]
S1 ireyrvls; \??\C:\Windows\system32\drivers\ireyrvls.sys [X]
S1 jdghtads; \??\C:\Windows\system32\drivers\jdghtads.sys [X]
S1 kwyjdkfc; \??\C:\Windows\system32\drivers\kwyjdkfc.sys [X]
S1 logxmmoa; \??\C:\Windows\system32\drivers\logxmmoa.sys [X]
S1 mbcrpyut; \??\C:\Windows\system32\drivers\mbcrpyut.sys [X]
S1 mznekkmt; \??\C:\Windows\system32\drivers\mznekkmt.sys [X]
S1 rvqhafqh; \??\C:\Windows\system32\drivers\rvqhafqh.sys [X]
S1 uzdhxgpw; \??\C:\Windows\system32\drivers\uzdhxgpw.sys [X]
S1 vparxfrs; \??\C:\Windows\system32\drivers\vparxfrs.sys [X]
S1 wrccyqbi; \??\C:\Windows\system32\drivers\wrccyqbi.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-09 22:36 - 2014-11-09 22:38 - 00031542 _____ () C:\Users\Visuellspektrum B.E\Desktop\FRST.txt
2014-11-09 22:36 - 2014-11-09 22:37 - 00000000 ____D () C:\FRST
2014-11-09 22:36 - 2014-11-09 22:35 - 02116096 _____ (Farbar) C:\Users\Visuellspektrum B.E\Desktop\FRST64.exe
2014-11-09 22:35 - 2014-11-09 22:35 - 02116096 _____ (Farbar) C:\Users\Visuellspektrum B.E\Downloads\FRST64.exe
2014-11-09 19:24 - 2014-11-09 21:59 - 00000000 ____D () C:\Users\Visuellspektrum B.E\AppData\Roaming\Nico Mak Computing
2014-11-09 18:37 - 2014-11-09 18:45 - 00000000 ____D () C:\Program Files (x86)\AOL 9.0 VRb
2014-11-09 16:27 - 2014-11-09 16:27 - 00000000 _____ () C:\autoexec.bat
2014-11-09 01:16 - 2014-11-09 01:20 - 00000000 ____D () C:\Program Files (x86)\AOL 9.0 VRa
2014-11-08 18:41 - 2014-11-08 18:41 - 00000000 ___HD () C:\Users\Visuellspektrum B.E\AppData\Local\Update-driver64
2014-11-07 21:02 - 2014-11-07 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2014-11-07 20:49 - 2014-11-07 20:49 - 01055936 _____ (Adobe) C:\Users\Gast\Downloads\install_flashplayer15x32axau_mssa_aaa_aih.exe
2014-11-07 09:09 - 2014-11-07 09:09 - 00000000 ___HD () C:\Users\Visuellspektrum B.E\AppData\Roaming\Win-client
2014-11-07 08:46 - 2014-11-07 09:19 - 00000000 ___HD () C:\Users\Visuellspektrum B.E\AppData\Local\Pbnwnsklmo
2014-11-07 00:59 - 2014-11-07 00:59 - 00000000 _____ () C:\Windows\SysWOW64\sho8838.tmp
2014-11-05 23:05 - 2014-11-05 23:05 - 00895352 _____ () C:\Users\Visuellspektrum B.E\Downloads\Download.exe
2014-11-04 12:29 - 2014-11-07 08:46 - 00000000 ___HD () C:\Users\Visuellspektrum B.E\AppData\Local\Iiuuemu
2014-10-30 16:47 - 2014-10-30 16:47 - 00000000 ___HD () C:\Users\Visuellspektrum B.E\AppData\Local\Perl32-frame
2014-10-30 16:18 - 2014-11-03 15:54 - 00000000 ___HD () C:\Users\Visuellspektrum B.E\AppData\Roaming\Updatetree
2014-10-29 23:36 - 2014-11-09 17:32 - 00000000 ___HD () C:\Users\Visuellspektrum B.E\AppData\Local\Explorer32
2014-10-29 17:36 - 2014-11-02 23:05 - 00000000 ___HD () C:\Users\Visuellspektrum B.E\AppData\Roaming\Pdypbbnl
2014-10-29 11:11 - 2014-10-29 11:11 - 01055936 _____ (Adobe) C:\Users\Visuellspektrum B.E\Downloads\install_flashplayer15x32axau_ltr5x64d_awc_aih.exe
2014-10-28 23:54 - 2014-10-28 23:54 - 00093162 _____ () C:\Users\Visuellspektrum B.E\Documents\Seminar 08.11.14.zip
2014-10-28 23:54 - 2014-10-28 23:54 - 00000000 ____D () C:\Users\Visuellspektrum B.E\Documents\Seminar 08.11.14
2014-10-25 20:14 - 2014-11-09 17:55 - 00000000 ___HD () C:\Users\Visuellspektrum B.E\AppData\Roaming\Office2014
2014-10-24 12:54 - 2014-11-09 17:56 - 00000000 ___HD () C:\Users\Visuellspektrum B.E\AppData\Roaming\Winupdate-dll
2014-10-24 11:43 - 2014-10-28 14:46 - 00000000 ___HD () C:\Users\Visuellspektrum B.E\AppData\Local\Chrome64
2014-10-24 07:13 - 2014-10-24 15:08 - 00000000 ___HD () C:\Users\Visuellspektrum B.E\AppData\Roaming\Chromeframe32
2014-10-23 20:43 - 2014-10-23 20:43 - 00000000 ___HD () C:\Users\Visuellspektrum B.E\AppData\Roaming\Script32print32
2014-10-22 18:38 - 2014-11-08 20:24 - 00000000 ___HD () C:\Users\Visuellspektrum B.E\AppData\Roaming\Explorer64
2014-10-22 08:10 - 2014-10-23 20:43 - 00000000 ___HD () C:\Users\Visuellspektrum B.E\AppData\Local\Flash64-help64
2014-10-21 21:35 - 2014-10-30 20:32 - 00000000 ___HD () C:\Users\Visuellspektrum B.E\AppData\Roaming\System64
2014-10-21 19:39 - 2014-10-29 14:49 - 00000000 ___HD () C:\Users\Visuellspektrum B.E\AppData\Local\Vtshrfohn
2014-10-21 18:58 - 2014-11-09 17:51 - 00000000 ___HD () C:\Users\Visuellspektrum B.E\AppData\Roaming\Antivir32-reg
2014-10-21 13:02 - 2014-10-21 13:02 - 00000000 ___HD () C:\Users\Visuellspektrum B.E\AppData\Local\Windlls32
2014-10-21 08:08 - 2014-10-21 08:08 - 00093190 _____ () C:\Users\Visuellspektrum B.E\Documents\Seminar08.11.14.zip
2014-10-21 08:08 - 2014-10-21 08:08 - 00000000 ____D () C:\Users\Visuellspektrum B.E\Documents\Seminar08.11.14
2014-10-20 00:53 - 2014-11-09 10:52 - 00000000 ___HD () C:\Users\Visuellspektrum B.E\AppData\Local\Perl32
2014-10-20 00:32 - 2014-11-08 23:15 - 00000000 ___HD () C:\Users\Visuellspektrum B.E\AppData\Local\System64
2014-10-20 00:32 - 2014-11-04 23:34 - 00000000 ___HD () C:\Users\Visuellspektrum B.E\AppData\Roaming\Chrome64
2014-10-19 22:55 - 2014-11-06 19:54 - 00000000 ___HD () C:\Users\Visuellspektrum B.E\AppData\Local\Win
2014-10-19 01:50 - 2014-10-19 01:50 - 00880272 _____ (Google Inc.) C:\Users\Visuellspektrum B.E\Downloads\ChromeSetup (1).exe
2014-10-18 00:03 - 2014-11-09 17:51 - 00000000 ___HD () C:\Users\Visuellspektrum B.E\AppData\Local\Update-print64
2014-10-17 21:41 - 2014-10-29 18:33 - 00000000 ___HD () C:\Users\Visuellspektrum B.E\AppData\Roaming\Win
2014-10-17 20:00 - 2014-10-20 00:34 - 00000000 ___HD () C:\Users\Visuellspektrum B.E\AppData\Local\Xkwc
2014-10-17 19:49 - 2014-10-17 20:00 - 00000000 ___HD () C:\Users\Visuellspektrum B.E\AppData\Local\Fuqfir
2014-10-16 21:07 - 2014-10-22 18:38 - 00000000 ___HD () C:\Users\Visuellspektrum B.E\AppData\Local\Explorer64
2014-10-16 17:51 - 2014-10-30 00:28 - 00000000 ___HD () C:\Users\Visuellspektrum B.E\AppData\Roaming\Perl32
2014-10-16 14:04 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 14:04 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 14:04 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 14:04 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 14:04 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 14:04 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 14:04 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 14:04 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 14:04 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 14:04 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 14:04 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 14:04 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 14:04 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 14:04 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 14:04 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 14:04 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 14:04 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 14:04 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 14:04 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 14:04 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 14:04 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 14:04 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 14:04 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 14:04 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 14:04 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 14:04 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 14:04 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 14:04 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 14:03 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 14:03 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 14:03 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 14:03 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 14:03 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 14:03 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 14:03 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 14:03 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 14:03 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 14:03 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 14:03 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 14:03 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 14:03 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 14:03 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 14:03 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 14:03 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 14:03 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 14:03 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 14:03 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 14:03 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 14:03 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 14:03 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 14:03 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 14:03 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 14:03 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 14:03 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 14:03 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 14:03 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 14:03 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 14:03 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 14:03 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 14:03 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 14:03 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 14:03 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 14:03 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 14:03 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 14:03 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 14:03 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 14:03 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 14:03 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 14:03 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 14:03 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 14:03 - 2014-08-29 03:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 14:03 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 14:03 - 2014-08-29 03:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-16 14:03 - 2014-08-29 03:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-16 14:03 - 2014-08-29 03:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 14:03 - 2014-08-29 02:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 14:03 - 2014-08-29 02:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 14:03 - 2014-08-29 02:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 14:03 - 2014-08-29 02:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-16 14:02 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 14:02 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 14:02 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 14:02 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 14:02 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 14:02 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 14:02 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 14:02 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 14:02 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 14:02 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 14:02 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 14:02 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 14:02 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 12:53 - 2014-10-15 12:53 - 00632646 _____ () C:\Users\Visuellspektrum B.E\Documents\BrittaEngischbb.zip
2014-10-15 12:53 - 2014-10-15 12:53 - 00000000 ____D () C:\Users\Visuellspektrum B.E\Documents\BrittaEngischbb
2014-10-15 08:03 - 2014-11-04 23:57 - 00000000 ____D () C:\ProgramData\ula
2014-10-15 07:00 - 2014-10-17 11:40 - 00000000 ___HD () C:\Users\Visuellspektrum B.E\AppData\Roaming\Rmcevfwq
2014-10-14 22:15 - 2014-10-17 11:40 - 00000000 ___HD () C:\Users\Visuellspektrum B.E\AppData\Local\Hxnfs
2014-10-14 22:03 - 2014-10-17 11:40 - 00000000 ___HD () C:\Users\Visuellspektrum B.E\AppData\Local\Jnrik
2014-10-14 22:02 - 2014-10-14 22:02 - 00144785 _____ () C:\Users\Visuellspektrum B.E\Documents\Ausgleich14.10.2014-RechnungsstelleGiroPayGmbH.zip
2014-10-14 22:02 - 2014-10-14 22:02 - 00000000 ____D () C:\Users\Visuellspektrum B.E\Documents\Ausgleich14.10.2014-RechnungsstelleGiroPayGmbH

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-09 22:13 - 2012-04-04 14:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-09 21:55 - 2013-08-23 11:09 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-09 21:41 - 2013-10-06 13:39 - 00004208 _____ () C:\Windows\System32\Tasks\Software Updater
2014-11-09 21:37 - 2013-10-07 13:15 - 00000000 ____D () C:\Users\Visuellspektrum B.E\AppData\Local\Deployment
2014-11-09 21:37 - 2013-08-23 11:09 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-09 21:27 - 2009-07-14 05:45 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-09 21:27 - 2009-07-14 05:45 - 00022240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-09 21:24 - 2009-07-14 18:58 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2014-11-09 21:24 - 2009-07-14 18:58 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2014-11-09 21:24 - 2009-07-14 06:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-09 21:23 - 2009-07-14 06:10 - 01356381 _____ () C:\Windows\WindowsUpdate.log
2014-11-09 21:19 - 2011-01-03 18:37 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-09 21:19 - 2011-01-03 18:34 - 00305456 _____ () C:\Windows\PFRO.log
2014-11-09 21:19 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-09 21:19 - 2009-07-14 05:51 - 00147229 _____ () C:\Windows\setupact.log
2014-11-09 21:09 - 2012-05-24 13:59 - 00001194 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4203832084-4009304635-2263003785-1000UA.job
2014-11-09 19:01 - 2014-07-11 09:41 - 00002253 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-09 18:59 - 2013-08-23 11:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-09 18:51 - 2013-08-16 14:14 - 00000000 ____D () C:\Users\Visuellspektrum B.E\AppData\Roaming\AOL
2014-11-09 18:51 - 2013-08-16 14:13 - 00000000 ____D () C:\Users\Visuellspektrum B.E\AppData\Local\AOL
2014-11-09 18:44 - 2013-08-16 14:14 - 00000959 _____ () C:\Users\Public\Desktop\AOL 9.0 VR.lnk
2014-11-09 18:44 - 2013-08-16 14:14 - 00000957 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\AOL 9.0.lnk
2014-11-09 18:43 - 2013-08-16 14:11 - 00000000 ____D () C:\Program Files (x86)\AOL
2014-11-09 18:43 - 2009-07-14 03:34 - 00000524 _____ () C:\Windows\win.ini
2014-11-09 18:37 - 2011-11-26 10:20 - 00000000 ____D () C:\ProgramData\AOL
2014-11-09 16:27 - 2011-01-07 12:15 - 00000000 ____D () C:\Users\Visuellspektrum B.E
2014-11-09 15:14 - 2011-04-16 09:00 - 00072192 ___SH () C:\Users\Visuellspektrum B.E\Thumbs.db
2014-11-09 11:07 - 2013-10-07 13:28 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-11-09 01:26 - 2011-10-01 11:35 - 00003382 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4203832084-4009304635-2263003785-1000
2014-11-09 01:26 - 2011-10-01 11:35 - 00003276 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4203832084-4009304635-2263003785-1000
2014-11-09 00:09 - 2012-05-24 13:59 - 00001172 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4203832084-4009304635-2263003785-1000Core.job
2014-11-07 21:00 - 2012-06-21 01:07 - 00000000 ____D () C:\Users\Andere User\Desktop\jenni fük
2014-11-07 20:47 - 2013-04-24 10:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-06 00:09 - 2011-04-14 21:00 - 00000000 ____D () C:\Users\Visuellspektrum B.E\AppData\Roaming\Skype
2014-11-05 23:34 - 2011-01-04 02:00 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-05 23:34 - 2011-01-04 01:59 - 00000000 ____D () C:\ProgramData\Skype
2014-10-30 12:25 - 2011-10-01 11:34 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-28 19:40 - 2011-10-30 11:58 - 00134384 _____ () C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-25 19:55 - 2013-10-15 19:42 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-21 19:38 - 2011-01-07 13:44 - 00000000 ____D () C:\Users\Visuellspektrum B.E\AppData\Local\VirtualStore
2014-10-19 01:50 - 2013-08-23 11:09 - 00004132 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 01:50 - 2013-08-23 11:09 - 00003880 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-18 00:52 - 2014-05-06 22:22 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 13:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-17 11:44 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-17 11:43 - 2009-07-14 05:45 - 00518840 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 11:37 - 2014-09-12 13:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 17:57 - 2013-11-14 11:11 - 00000000 ____D () C:\Users\Visuellspektrum B.E\Documents\nikken
2014-10-16 14:11 - 2013-08-16 13:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 14:00 - 2011-04-12 17:52 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Vcducbofyj\awjkumrw.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Oitg\rwsjjjgkcrz.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Woiadfgj\pwarfaimaw.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Explorer64\explorer64login.exe
C:\Users\Public\AlexaNSISPlugin.6584.dll


Some content of TEMP:
====================
C:\Users\Andere User\AppData\Local\Temp\AskSLib.dll
C:\Users\Gast\AppData\Local\Temp\AskSLib.dll
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\4B52.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\4C73.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\4CAD.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\683A.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\872D.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\AcsInstall.dll
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\BackupSetup.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\BC11.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\DAE6.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\DealsPluginROW.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\FDAF.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\i0wan1na.dll
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\install_flashplayer11x32au_mssa_aih.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\install_flashplayer11x32_mssa_au_aih.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\install_flashplayer12x32ax_gtba_chra_dy_aaa_aih[1].exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\IWantThis.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\MSNCEB7.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\nscC7A8.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\nscCFD2.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\nsm634A.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\nsmA1CD.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\nsp73A7.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\nsx588E.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\nsxC3CE.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\offercast.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\rcpsetup_26034.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\RoxioBurn_0180_MPI_180B57E_RXD.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Setup.X86.de-DE_O365HomePremRetail_a56d13ec-1762-4ddf-93b0-3e279b285290_TX_DB_ (1).exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Setup.X86.de-DE_O365HomePremRetail_a56d13ec-1762-4ddf-93b0-3e279b285290_TX_DB_ (2).exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\Setup.X86.de-DE_O365HomePremRetail_a56d13ec-1762-4ddf-93b0-3e279b285290_TX_DB_.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\SHFOLDER.DLL
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\SHSetup.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\SPSetup.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\SPStub.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\tbFree.dll
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\tiptoi-install.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\uninst1.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Visuellspektrum B.E\AppData\Local\Temp\_isDE91.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 21:39

==================== End Of Log ============================

--- --- ---

--- --- ---

es gab zuviele seite, daher wurde es nicht übertragen. hab dann hier per # eingefügt, kopiert..dann stück für stück nachgeschickt. hoffe es klappt nun..:-)

deeprybka · 14.11.2014, 00:06

Naja, wenn Du wirklich bereinigen willst...dann machen wir so weiter:

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Einhorn66 · 14.11.2014, 00:38

Nach dem Skip kam dann There are unproccessed malware object

dann start scan....

ich guck mal auf C/...

deeprybka · 14.11.2014, 00:42

Ok...

09.11.2014, 22:52	#4
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	Neuer Postbank Trojaner. Wie muss ich vorgehen? OK bitte die FRST.txt auch noch in Code-Tags posten... __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

10.11.2014, 00:39	#8
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	Neuer Postbank Trojaner. Wie muss ich vorgehen? Hä? Bitte was? __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

14.11.2014, 00:42	#15
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	Neuer Postbank Trojaner. Wie muss ich vorgehen? Ok... __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Neuer Postbank Trojaner. Wie muss ich vorgehen?

Plagegeister aller Art und deren Bekämpfung: Neuer Postbank Trojaner. Wie muss ich vorgehen?