PUP.optional.Softonic.A lässt sich aus Quarantäne nicht mehr Wiederherstellen

alles grau · 24.01.2015, 16:54

Hallo, mein Win7 notebook hatte das Problem, dass youtube Videos deutlich ruckelten,
obwohl schon vorgeladen... dies war mit derselben WLan-Verbindung früher nicht so

Somit habe ich das aktuellste malwarebytes suchen lassen: 2 Funde, beide PUP.OPTIONAL.SOFTONIC.A

beides Registrierungsschlüssel Pfad ungefähr so: HKU\S-1-5-21- . . . \Software\Softonic

diese habe ich in Quarantäne verschoben und einen Neustart gemacht

Es ging nichts mehr. Na ja, hat schon gebootet..., auch die Auswahl unter 3 Benutzern war möglich,
bei allen dreien jedoch der Desktop völlig verändert, Symbole viermal so groß, nur noch halb so viele vorhanden, unsortiert, ...

Nun habe ich versucht, aus der malwarebyte Quarantäne die beiden wieder herzustellen, soweit ich noch weiß, hats einmal funktioniert,
der 2.Fund konnte trotz einiger Versuche, auch mit zwischenzeitlichen Neustarts, nicht wiederhergestellt werden.

Unable to restore quarantined items HKU\...\Software\Softonic
Das System kann die angegebene Datei nicht finden

Systemwiederherstellung hat auch nicht funktioniert.

Rechner funktioniert wieder unauffällig, vielleicht noch etwas langsamer als vorher, youtube ruckelt immer noch,
auch sonst, im firefox-browser ... könnte man meinen, dass nach dem klick immer erst ein paar 'Gedenksekunden' eingelegt werden, bevor ein Klick umgesetzt wird
Desktop... wieder völlig unauffällig, alles wieder vorhanden.

- dürfen denn solche Funde trotz HKU..Registrierungsschlüssel einfach gelöscht werden oder lösche ich damit wichtige Teile des Systems?

- sind solche PUP- Funde gefährlich oder nur Verlangsamung und Werbung?

Was ist die beste

Lösung?

schrauber · 24.01.2015, 17:20

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

alles grau · 24.01.2015, 18:17

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Pe_eingeschränkt (ATTENTION: The logged in user is not administrator) on NOTEBOOK-PETRA on 24-01-2015 18:10:19
Running from C:\Users\Pe_eingeschränkt\Downloads
Loaded Profiles: Pe_eingeschränkt (Available profiles: CHEF & Pe_eingeschränkt & Ru_eingeschr)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\PHotkey\PVDAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\Vivanco\bazoo SHIVA BS Gaming Mouse\Panel.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2028328 2010-01-22] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-22] (Alcor Micro Corp.)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-14] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-03] (CyberLink)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [bazoo SHIVA BS Gaming Mouse] => C:\Program Files (x86)\Vivanco\bazoo SHIVA BS Gaming Mouse\Panel.exe [1103656 2010-10-07] ()
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [134624 2014-07-23] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2232908785-1043498428-3830492113-1003\...\Run: [RfxSrvTray] => C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)
HKU\S-1-5-21-2232908785-1043498428-3830492113-1003\...\MountPoints2: F - F:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-2232908785-1043498428-3830492113-1003\...\MountPoints2: {27db720d-f9c3-11e2-bf85-bc7737b9f379} - F:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-2232908785-1043498428-3830492113-1003\...\MountPoints2: {27db723a-f9c3-11e2-bf85-bc7737b9f379} - F:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-2232908785-1043498428-3830492113-1003\...\MountPoints2: {27db7281-f9c3-11e2-bf85-bc7737b9f379} - F:\.\Setup.exe AUTORUN=1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2232908785-1043498428-3830492113-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-2232908785-1043498428-3830492113-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Recorder Toolbar -> {120A8821-2BEE-4C29-BCDA-62C577781992} -> C:\Program Files (x86)\MedienTeam66\MP3 Recorder for YouTube\IEPlugin.dll (MedienTeam66)
BHO-x32: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll (pdfforge GmbH)
BHO-x32: ZoneAlarm Do Not Track -> {6E45F3E8-2683-4824-A6BE-08108022FB36} -> C:\Program Files (x86)\DoNotTrackPlus\IE\DNTPAddon.dll (Abine)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Recorder Toolbar - {120A8821-2BEE-4C29-BCDA-62C577781992} - C:\Program Files (x86)\MedienTeam66\MP3 Recorder for YouTube\IEPlugin.dll (MedienTeam66)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll (pdfforge GmbH)
Toolbar: HKU\S-1-5-21-2232908785-1043498428-3830492113-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2232908785-1043498428-3830492113-1003 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: HKLM-x32 {304171C0-65EA-4B51-B5D9-93A311E26EB1} hxxp://86.125.43.4/cgi-bin/MxPEG_ActiveX.cab?dummy=3433882
DPF: HKLM-x32 {62789780-B744-11D0-986B-00609731A21D} hxxp://dvvwebgis.rz-kiru.de/vvl04/com/mgaxctrl.cab
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Pe_eingeschränkt\AppData\Roaming\Mozilla\Firefox\Profiles\6lh03l2d.default-1421942265955
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF Plugin-x32: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Multi YouTube mp3 - C:\Users\Pe_eingeschränkt\AppData\Roaming\Mozilla\Firefox\Profiles\6lh03l2d.default-1421942265955\Extensions\d.lehr@chello.at.xpi [2015-01-22]
FF Extension: Tab Mix Plus - C:\Users\Pe_eingeschränkt\AppData\Roaming\Mozilla\Firefox\Profiles\6lh03l2d.default-1421942265955\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-01-22]
FF Extension: Recorder Toolbar - C:\Program Files (x86)\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2} [2015-01-13]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension
FF Extension: PDF Architect 2 Creator - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2014-12-30]

Chrome: 
=======
CHR Profile: C:\Users\Pe_eingeschränkt\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [358968 2013-08-03] ()
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\AllShareFrameworkManagerDMS.exe [404360 2013-08-23] (Samsung) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-18] ()
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [805888 2012-11-28] () [File not signed]
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nvda; C:\Program Files (x86)\NVDA\nvda_service.exe [40040 2013-08-29] (NV Access Limited)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
R2 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-12-14] () [File not signed]
S4 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [605768 2013-09-03] (Copyright 2013 SAMSUNG)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3596240 2014-07-23] (Check Point Software Technologies Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [93712 2014-07-03] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows (R) Win 7 DDK provider)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [138752 2013-08-03] (Huawei Technologies Co., Ltd.)
S3 ewusbnet; C:\Windows\SysWOW64\DRIVERS\ewusbnet.sys [138752 2013-08-03] (Huawei Technologies Co., Ltd.)
S3 ew_hwusbdev; C:\Windows\SysWOW64\DRIVERS\ew_hwusbdev.sys [117248 2013-08-03] (Huawei Technologies Co., Ltd.)
R3 GMFilter Filter; C:\Windows\System32\Drivers\GMFilter.sys [52080 2009-06-04] (Game)
R3 GMFilter Filter; C:\Windows\SysWOW64\Drivers\GMFilter.sys [27648 2009-06-04] (Game) [File not signed]
S3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [121600 2013-08-03] (Huawei Technologies Co., Ltd.)
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2014-02-18] (Audials AG)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450456 2014-07-22] (Check Point Software Technologies Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-24 18:10 - 2015-01-24 18:12 - 00018868 _____ () C:\Users\Pe_eingeschränkt\Downloads\FRST.txt
2015-01-24 18:10 - 2015-01-24 18:10 - 00000000 ____D () C:\FRST
2015-01-24 18:08 - 2015-01-24 18:08 - 00001560 _____ () C:\Users\Pe_eingeschränkt\Desktop\FRST64 - Verknüpfung.lnk
2015-01-24 18:07 - 2015-01-24 18:08 - 02129920 _____ (Farbar) C:\Users\Pe_eingeschränkt\Downloads\FRST64.exe
2015-01-23 16:45 - 2015-01-23 16:45 - 00002041 _____ () C:\Users\Pe_eingeschränkt\Desktop\Dacia  Ventilkapp.lnk
2015-01-22 17:43 - 2015-01-22 17:43 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2015-01-22 17:41 - 2015-01-22 17:43 - 05006144 _____ (Adobe Systems Inc.) C:\Users\Pe_eingeschränkt\Downloads\Shockwave_Installer_Slim.exe
2015-01-22 16:57 - 2015-01-22 16:57 - 00000000 ____D () C:\Users\Pe_eingeschränkt\Desktop\Alte Firefox-Daten
2015-01-21 13:35 - 2015-01-21 13:35 - 00001717 _____ () C:\Users\Pe_eingeschränkt\Desktop\150121  Abrechn.lnk
2015-01-20 23:49 - 2015-01-24 17:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-20 23:10 - 2015-01-20 23:10 - 00001119 _____ () C:\Users\Pe_eingeschränkt\Desktop\Zechprell.lnk
2015-01-20 22:54 - 2015-01-20 22:54 - 00001119 _____ () C:\Users\Pe_eingeschränkt\Desktop\Bergpred.lnk
2015-01-20 22:52 - 2015-01-20 22:52 - 00001061 _____ () C:\Users\Pe_eingeschränkt\Desktop\Koran.lnk
2015-01-20 09:49 - 2015-01-20 09:49 - 00000000 ____D () C:\Languages
2015-01-20 09:49 - 2015-01-20 09:49 - 00000000 ____D () C:\Help
2015-01-19 10:33 - 2015-01-19 10:33 - 00000994 _____ () C:\Users\Pe_eingeschränkt\Desktop\Matt 18.1.15.lnk
2015-01-17 12:47 - 2015-01-17 12:47 - 00000000 ____D () C:\Users\Pe_eingeschränkt\Desktop\TV Samsg
2015-01-15 16:23 - 2015-01-16 08:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-15 11:14 - 2015-01-15 11:14 - 00000000 _____ () C:\Windows\SysWOW64\sho248C.tmp
2015-01-15 10:46 - 2015-01-15 10:46 - 00001818 _____ () C:\Users\Pe_eingeschränkt\Desktop\Entspanne.lnk
2015-01-15 10:46 - 2015-01-15 10:46 - 00001155 _____ () C:\Users\Pe_eingeschränkt\Desktop\Elektronik.lnk
2015-01-15 10:45 - 2015-01-15 10:45 - 00002102 _____ () C:\Users\Pe_eingeschränkt\Desktop\Hagen.lnk
2015-01-15 10:44 - 2015-01-15 10:44 - 00002212 _____ () C:\Users\Pe_eingeschränkt\Desktop\schämet.lnk
2015-01-15 00:26 - 2015-01-15 00:26 - 00000146 _____ () C:\Users\Pe_eingeschränkt\Desktop\Taskleiste und Startmenü - Verknüpfung.lnk
2015-01-14 09:53 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 09:53 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 09:53 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 09:53 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 09:53 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 09:53 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 09:52 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 09:52 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 09:52 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 09:52 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 09:52 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 09:52 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 09:52 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 23:52 - 2015-01-13 23:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-13 14:00 - 2015-01-13 14:00 - 00000997 _____ () C:\Users\Pe_eingeschränkt\Desktop\SIM.lnk
2015-01-13 13:55 - 2015-01-13 13:55 - 00000000 ____D () C:\Users\Pe_eingeschränkt\AppData\Local\pdfforge
2015-01-10 12:19 - 2015-01-10 12:19 - 00001855 _____ () C:\Users\Pe_eingeschränkt\Desktop\hardopies  Kunst des....lnk
2015-01-10 11:54 - 2015-01-10 11:54 - 00002190 _____ () C:\Users\Pe_eingeschränkt\Desktop\Adobe Digital Editions 2.0.lnk
2015-01-10 11:51 - 2015-01-10 11:51 - 00001968 _____ () C:\Users\Pe_eingeschränkt\Desktop\GoogleSuch.lnk
2015-01-10 10:36 - 2015-01-10 10:36 - 00001245 _____ () C:\Users\Pe_eingeschränkt\Desktop\KÜHLER.lnk
2014-12-30 12:03 - 2014-12-30 12:03 - 00000000 ____D () C:\Users\Pe_eingeschränkt\AppData\Roaming\PDF Architect 2
2014-12-30 11:19 - 2014-12-30 11:19 - 00000000 ____D () C:\Users\Pe_eingeschränkt\AppData\Local\PDFCreator
2014-12-30 11:08 - 2014-12-30 11:08 - 00001021 _____ () C:\Users\Public\Desktop\PDF Architect 2.lnk
2014-12-30 11:05 - 2014-12-30 11:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-12-30 11:04 - 2014-12-30 11:08 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2
2014-12-30 11:04 - 2014-12-30 11:04 - 00000000 ____D () C:\Users\CHEF\Documents\PDF Architect 2
2014-12-30 11:00 - 2014-12-30 11:00 - 00000840 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2014-12-30 11:00 - 2014-12-30 11:00 - 00000000 ____D () C:\Users\CHEF\AppData\Roaming\pdfforge
2014-12-30 11:00 - 2014-12-30 11:00 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-12-30 11:00 - 2014-12-30 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-12-30 11:00 - 2014-12-16 20:01 - 00114872 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2014-12-30 10:59 - 2014-12-30 11:08 - 00000000 ____D () C:\Program Files\PDFCreator
2014-12-26 11:14 - 2014-12-26 11:14 - 00000924 _____ () C:\Users\Pe_eingeschränkt\Desktop\xmas2014.lnk
2014-12-26 11:09 - 2014-12-26 11:09 - 00002164 _____ () C:\Users\Public\Desktop\Mozi.Thund.lnk
2014-12-26 11:09 - 2014-12-26 11:09 - 00000000 ____D () C:\Users\CHEF\AppData\Local\Mozilla Thunderbird
2014-12-26 11:01 - 2014-12-26 11:03 - 26316120 _____ (Mozilla) C:\Users\Pe_eingeschränkt\Downloads\Thunderbird Setup 31.3.0.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-24 18:10 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-24 18:10 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-24 18:02 - 2013-01-23 16:37 - 00000000 ____D () C:\PeRu ab 23.01.2013
2015-01-24 18:00 - 2013-01-23 13:47 - 01251786 _____ () C:\Windows\WindowsUpdate.log
2015-01-24 16:41 - 2013-04-04 13:35 - 00000000 ____D () C:\Users\Pe_eingeschränkt\AppData\Local\DoNotTrackPlus
2015-01-24 16:08 - 2013-02-24 13:58 - 00094720 _____ () C:\Users\Pe_eingeschränkt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-24 13:38 - 2013-01-23 13:53 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-24 13:35 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-24 13:35 - 2009-07-14 05:51 - 00057915 _____ () C:\Windows\setupact.log
2015-01-24 10:03 - 2013-11-13 07:30 - 00000312 _____ () C:\Windows\Tasks\MT66 Software Update.job
2015-01-24 00:41 - 2013-01-26 10:09 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 00:41 - 2011-05-14 19:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 00:05 - 2013-09-13 07:48 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-24 00:04 - 2013-10-16 15:01 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-24 00:01 - 2014-09-04 09:17 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-24 00:01 - 2014-09-04 09:16 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-24 00:01 - 2014-09-04 09:16 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-24 00:01 - 2014-09-04 09:16 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-23 16:49 - 2013-01-27 10:41 - 00000000 ____D () C:\Users\Pe_eingeschränkt\AppData\Roaming\SoftGrid Client
2015-01-23 02:26 - 2014-04-02 09:47 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-22 22:24 - 2014-07-01 09:59 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-22 22:24 - 2014-07-01 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-22 22:24 - 2014-07-01 09:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-22 17:38 - 2014-09-10 06:38 - 00000000 ____D () C:\Users\CHEF\AppData\Local\Adobe
2015-01-22 12:15 - 2014-04-11 09:15 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-22 10:14 - 2013-01-23 14:06 - 00000000 ____D () C:\Users\CHEF
2015-01-21 15:23 - 2013-01-27 10:40 - 01596580 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-21 15:23 - 2011-05-01 21:47 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2015-01-21 15:23 - 2011-05-01 21:47 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2015-01-21 15:22 - 2009-07-14 06:13 - 01596580 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-20 11:26 - 2013-02-24 13:53 - 00000000 ____D () C:\Users\Pe_eingeschränkt\AppData\Roaming\IrfanView
2015-01-19 09:43 - 2013-01-23 15:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-15 11:10 - 2013-08-15 14:50 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 10:39 - 2011-05-01 23:29 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-10 11:54 - 2013-09-18 17:45 - 00000000 ____D () C:\Users\Pe_eingeschränkt\Documents\My Digital Editions
2015-01-08 09:55 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-30 11:10 - 2010-11-21 04:47 - 00349566 _____ () C:\Windows\PFRO.log
2014-12-27 10:04 - 2014-04-02 11:23 - 00000000 ____D () C:\Users\Ru_eingeschr\AppData\Roaming\Adobe
2014-12-26 11:10 - 2013-02-12 22:05 - 00000000 ____D () C:\Users\Pe_eingeschränkt\AppData\Local\Thunderbird
2014-12-26 11:09 - 2013-02-12 22:05 - 00002194 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-12-26 10:55 - 2009-07-14 06:08 - 00032536 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2013-02-24 13:58 - 2015-01-24 16:08 - 0094720 _____ () C:\Users\Pe_eingeschränkt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some content of TEMP:
====================
C:\Users\CHEF\AppData\Local\Temp\AskSLib.dll
C:\Users\CHEF\AppData\Local\Temp\avgnt.exe
C:\Users\CHEF\AppData\Local\Temp\MSETUP4.EXE
C:\Users\CHEF\AppData\Local\Temp\tester.dll
C:\Users\CHEF\AppData\Local\Temp\Uninstall.exe
C:\Users\CHEF\AppData\Local\Temp\VersionUpdater.exe
C:\Users\CHEF\AppData\Local\Temp\WtgZip.dll
C:\Users\Pe_eingeschränkt\AppData\Local\Temp\avgnt.exe
C:\Users\Pe_eingeschränkt\AppData\Local\Temp\i4jdel0.exe
C:\Users\Pe_eingeschränkt\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Pe_eingeschränkt\AppData\Local\Temp\K-Lite_Codec_Pack_Basic.exe
C:\Users\Pe_eingeschränkt\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Pe_eingeschränkt\AppData\Local\Temp\nitro_reader3.exe
C:\Users\Pe_eingeschränkt\AppData\Local\Temp\nitro_reader3_64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by Pe_eingeschränkt at 2015-01-24 18:12:48
Running from C:\Users\Pe_eingeschränkt\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.8.1217.36096 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.8.1217.36096 - Alcor Micro Corp.) Hidden
ALDI SÜD Mah Jong (HKLM-x32\...\ALDI SÜD Mah Jong) (Version:  - )
ALDI TALK Verbindungsassistent (HKLM-x32\...\ALDITALKVerbindungsassistent) (Version: ALDI TALK 4.0 - ALDI TALK Verbindungsassistent)
AllShare Framework DMS (HKLM\...\{C34E2E6F-6A24-40B8-8902-9960A4D42884}) (Version: 1.3.17 - Samsung)
AMI VR-pulse OS Switcher (HKLM\...\{EC1369CF-15BD-4FAF-BA84-65E4788C682E}) (Version: 1.1 - American Megatrends Inc.)
Angry Birds (HKLM-x32\...\{910D3FB9-E341-4DD9-B52A-3B3C0C340AF6}) (Version: 1.5.3 - Rovio)
Angry Birds Space (HKLM-x32\...\{3F2A323E-60C4-41E8-8CCB-9715D1D750C3}) (Version: 1.0.0 - Rovio)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio (HKLM-x32\...\Ashampoo Burning Studio_is1) (Version: 10.0.10 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander (HKLM-x32\...\Ashampoo Photo Commander_is1) (Version: 9.2.0 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer (HKLM-x32\...\Ashampoo Photo Optimizer_is1) (Version: 4.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Snap (HKLM-x32\...\Ashampoo Snap_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.35 - Atheros Communications Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Audials (HKLM-x32\...\{B3E99777-3515-4B50-B9FB-EB5E8E750F92}) (Version: 11.0.51800.0 - Audials AG)
Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5 (HKLM-x32\...\{D1DAF51C-4D95-4396-81F2-98A72EEE9B78}) (Version: 6.5.5.7 - Autodesk, Inc.)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bagger-Simulator 2011 (Demo) (HKLM-x32\...\Bagger-Simulator 2011 (Demo)) (Version:  - )
Bau-Simulator 2012 Demo Version 1.0 (HKLM-x32\...\{55A184BD-42DF-453A-B2DB-8BE3371B3C9E}_is1) (Version: 1.0 - weltenbauer. Software Entwicklung GmbH)
bazoo SHIVA BS Gaming Mouse (HKLM-x32\...\{3FDCDA33-A785-481E-94F1-D113C0CCFC26}) (Version: 1.0.5 - Vivanco)
calibre 64bit (HKLM\...\{9BC77540-BA1D-44B9-AEA7-600362A08F7C}) (Version: 1.27.0 - Kovid Goyal)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon MG5100 series Benutzerregistrierung (HKLM-x32\...\Canon MG5100 series Benutzerregistrierung) (Version:  - )
Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.0.1 - Cliqz.com)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.51 - Conexant)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{72DB27D3-FE05-4227-AF5A-11CD101ECF09}) (Version: 15.1.0.588 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.1.588 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Common (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Connect (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - DE (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Draw (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - EN (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - ES (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Extra Content (HKLM-x32\...\_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}) (Version:  - Corel Corporation)
CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Filters (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - FR (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IPM (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IT (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - WT (x32 Version: 15.0 -  Corel Corporation) Hidden
CorelDRAW Essentials X5 (HKLM-x32\...\_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}) (Version: 15.1.0.588 - Corel Corporation)
CorelDRAW Essentials X5 (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit (Version: 15.1.588 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1508_36229 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.1.2414 - CyberLink Corp.)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.0.6904 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1327 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.4020 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2731.02 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.3503 - CyberLink Corp.)
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.3726 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4013 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dacia Media Nav Toolbox (HKLM-x32\...\Dacia Media Nav Toolbox) (Version: 3.18.0.330918 - NNG Llc.)
DFX (HKLM-x32\...\DFX) (Version: 11.110.0.0 - Power Technology)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
ePub DRM Removal (HKLM-x32\...\ePubDRM) (Version: 1.2.1 - eBook Converter)
Epubor ePUB DRM Removal 1.5 (HKLM-x32\...\{126C5DBE-5617-40D1-B47F-F350EA9A52F4}_is1) (Version:  - Epubor.com.)
Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.5.2 - SCS Software)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free Video Dub version 2.0.21.822 (HKLM-x32\...\Free Video Dub_is1) (Version: 2.0.21.822 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 7.0.517.43 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2372 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (HKLM\...\{A0E106D2-4815-4B7A-BAA7-7E21B530CFB4}) (Version: 1.1.0.0157 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{C7B40C35-85AE-4303-9EEA-1A1EA779664D}) (Version: 1.0.2.0518 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kayak Extreme (HKLM-x32\...\{4C74D08D-99C8-4A0B-B633-FDE8431A50DE}) (Version:  - )
K-Lite Codec Pack 9.3.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.3.0 - )
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Landwirtschafts Simulator 2013 Demo (HKLM-x32\...\FarmingSimulator2013DemoDE_is1) (Version: 1.0 - GIANTS Software)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Max Recorder (HKLM-x32\...\Max Recorder) (Version: 1.025.0.0 - Silver Vine, LLC)
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2608 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.2608 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mathematics (64-Bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM-x32\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.3.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MP3 Recorder for YouTube 1.0 Professional-E (HKLM-x32\...\{2ED4869A-6D7B-4a8f-8261-B842DA4852FA}_is1) (Version:  - )
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MT66 Software Update (HKLM-x32\...\{F2E4F3A5-A8F0-46F4-8E91-E8C1DE1FCFE5}_is1) (Version:  - )
Naviextras Toolbox Prerequesities (HKLM-x32\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
Nitro Reader 3 (HKLM\...\{4756C731-B54E-451A-9AF1-86E8AB1BEBBB}) (Version: 3.5.6.5 - Nitro)
NVDA (HKLM-x32\...\NVDA) (Version: 2013.2 - NV Access Limited)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.51.17865 - pdfforge GmbH)
PDF Architect 2 Create Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDF Architect 2 Edit Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDF Architect 2 View Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.1 - pdfforge)
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0081 - Pegatron Corporation)
PHotkey (HKU\S-1-5-21-2232908785-1043498428-3830492113-1003\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0032 - Pegatron Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Radio.fx (HKLM-x32\...\Tobit Radio.fx Server) (Version:  - Tobit.Software)
Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.16.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.16.0 - Renesas Electronics Corporation) Hidden
Samsung Link 1.7.0.1309031728 (HKLM\...\8474-7877-9059-0204) (Version: 1.7.0.1309031728 - Copyright 2013 SAMSUNG)
Search And Rescue 2 (HKLM-x32\...\Search And Rescue 2) (Version:  - )
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Spreng- und Abriss-Simulator (Demo) (HKLM-x32\...\Spreng- und Abriss-Simulator (Demo)) (Version:  - )
Steuersparer 2014 (HKLM-x32\...\{485DBEA2-58E9-4136-9E6C-6C3022B02349}) (Version: 21.00.8480 - Buhl Data Service GmbH)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.4.0 - Synaptics Incorporated)
UFB Code Setup (HKLM-x32\...\UFB Code SetupV3.5.0) (Version: V3.5.0 - Macro Technology Ltd.)
Versandhelfer (HKLM-x32\...\dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1) (Version: 0.9.511 - Deutsche Post AG)
Versandhelfer (x32 Version: 0.9.511 - Deutsche Post AG) Hidden
VR-pulse Installer (HKLM\...\{D3836C5E-6824-4C9F-9B45-09C989B13EF6}) (Version: 1.5.2.0 - American Megatrends Inc.)
VSDC Free Video Editor Version 1.4.1.39 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 1.4.1.39 - Flash-Integro LLC)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
ZoneAlarm Do Not Track Add-on 2.2.5.1213 (HKLM-x32\...\ZoneAlarm Do Not Track Add-on_is1) (Version: 2.2.5.1213 - Abine)
ZoneAlarm Firewall (x32 Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 13.3.052.000 - Check Point)
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version:  - Check Point Software Technologies)
ZoneAlarm Security (x32 Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

ATTENTION: System Restore is disabled.
Could not list restore points.
Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\MT66 Software Update.job => ?

==================== Loaded Modules (whitelisted) =============

2014-10-31 14:16 - 2012-01-12 17:58 - 00477696 _____ () C:\Program Files (x86)\PHotkey\PVDAgent.exe
2011-05-02 21:41 - 2011-05-02 21:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-05-27 02:13 - 2011-05-21 09:32 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-08-03 11:32 - 2013-08-03 11:35 - 00510520 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
2014-04-05 17:25 - 2010-10-07 12:55 - 01103656 _____ () C:\Program Files (x86)\Vivanco\bazoo SHIVA BS Gaming Mouse\Panel.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ALDITALKVerbindungsassistent_Service => 2
MSCONFIG\Services: PDF Architect Helper Service => 2
MSCONFIG\Services: PDF Architect Service => 2
MSCONFIG\Services: Samsung Link Service => 2
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: DFX => C:\Program Files (x86)\DFX\DFX.exe -startup
MSCONFIG\startupreg: Samsung Link => "C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-2232908785-1043498428-3830492113-500 - Administrator - Disabled)
CHEF (S-1-5-21-2232908785-1043498428-3830492113-1001 - Administrator - Enabled) => C:\Users\CHEF
Gast (S-1-5-21-2232908785-1043498428-3830492113-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2232908785-1043498428-3830492113-1002 - Limited - Enabled)
Pe_eingeschränkt (S-1-5-21-2232908785-1043498428-3830492113-1003 - Limited - Enabled) => C:\Users\Pe_eingeschränkt
Ru_eingeschr (S-1-5-21-2232908785-1043498428-3830492113-1005 - Limited - Enabled) => C:\Users\Ru_eingeschr

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/24/2015 01:39:48 PM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der WMI herstellen, um Antiviren, AntiSpyware- und Firewallprogramme von Drittanbietern zu überwachen.

Error: (01/24/2015 01:38:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PHotkey.exe, Version: 1.0.0.83, Zeitstempel: 0x50b46952
Name des fehlerhaften Moduls: PHotkey.exe, Version: 1.0.0.83, Zeitstempel: 0x50b46952
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001014a
ID des fehlerhaften Prozesses: 0xe20
Startzeit der fehlerhaften Anwendung: 0xPHotkey.exe0
Pfad der fehlerhaften Anwendung: PHotkey.exe1
Pfad des fehlerhaften Moduls: PHotkey.exe2
Berichtskennung: PHotkey.exe3

Error: (01/24/2015 01:35:15 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x80041002

Error: (01/24/2015 10:14:23 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.5485 - Nicht behebbarer Systemfehler.

Error: (01/23/2015 11:49:41 PM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der WMI herstellen, um Antiviren, AntiSpyware- und Firewallprogramme von Drittanbietern zu überwachen.

Error: (01/23/2015 11:46:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PHotkey.exe, Version: 1.0.0.83, Zeitstempel: 0x50b46952
Name des fehlerhaften Moduls: PHotkey.exe, Version: 1.0.0.83, Zeitstempel: 0x50b46952
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001014a
ID des fehlerhaften Prozesses: 0x101c
Startzeit der fehlerhaften Anwendung: 0xPHotkey.exe0
Pfad der fehlerhaften Anwendung: PHotkey.exe1
Pfad des fehlerhaften Moduls: PHotkey.exe2
Berichtskennung: PHotkey.exe3

Error: (01/23/2015 11:45:30 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x80041002

Error: (01/23/2015 10:01:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PHotkey.exe, Version: 1.0.0.83, Zeitstempel: 0x50b46952
Name des fehlerhaften Moduls: PHotkey.exe, Version: 1.0.0.83, Zeitstempel: 0x50b46952
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001014a
ID des fehlerhaften Prozesses: 0x1280
Startzeit der fehlerhaften Anwendung: 0xPHotkey.exe0
Pfad der fehlerhaften Anwendung: PHotkey.exe1
Pfad des fehlerhaften Moduls: PHotkey.exe2
Berichtskennung: PHotkey.exe3

Error: (01/23/2015 10:00:51 AM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der WMI herstellen, um Antiviren, AntiSpyware- und Firewallprogramme von Drittanbietern zu überwachen.

Error: (01/23/2015 09:57:39 AM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x80041002


System errors:
=============
Error: (01/24/2015 01:35:05 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "GFNEX Service" ist von folgendem Dienst abhängig: PEGAGFN. Dieser Dienst ist eventuell nicht installiert.

Error: (01/23/2015 11:47:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Gatewaydienst auf Anwendungsebene" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/23/2015 11:47:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Gatewaydienst auf Anwendungsebene erreicht.

Error: (01/23/2015 11:45:19 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "GFNEX Service" ist von folgendem Dienst abhängig: PEGAGFN. Dieser Dienst ist eventuell nicht installiert.

Error: (01/23/2015 03:55:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht.

Error: (01/23/2015 09:57:30 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "GFNEX Service" ist von folgendem Dienst abhängig: PEGAGFN. Dieser Dienst ist eventuell nicht installiert.

Error: (01/23/2015 01:19:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ZoneAlarm Privacy Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/23/2015 01:19:13 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst ZoneAlarm Privacy Service erreicht.

Error: (01/23/2015 01:18:13 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "GFNEX Service" ist von folgendem Dienst abhängig: PEGAGFN. Dieser Dienst ist eventuell nicht installiert.

Error: (01/23/2015 00:35:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Gatewaydienst auf Anwendungsebene" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


Microsoft Office Sessions:
=========================
Error: (01/24/2015 01:39:48 PM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: 

Error: (01/24/2015 01:38:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PHotkey.exe1.0.0.8350b46952PHotkey.exe1.0.0.8350b46952c00000050001014ae2001d037d29c507176C:\Program Files (x86)\PHotkey\PHotkey.exeC:\Program Files (x86)\PHotkey\PHotkey.exef1b7b411-a3c5-11e4-b00b-bc7737b9f379

Error: (01/24/2015 01:35:15 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x80041002

Error: (01/24/2015 10:14:23 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.5485 - Nicht behebbarer Systemfehler.

Error: (01/23/2015 11:49:41 PM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: 

Error: (01/23/2015 11:46:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PHotkey.exe1.0.0.8350b46952PHotkey.exe1.0.0.8350b46952c00000050001014a101c01d0375e5dc13e06C:\Program Files (x86)\PHotkey\PHotkey.exeC:\Program Files (x86)\PHotkey\PHotkey.exea9090195-a351-11e4-ac33-bc7737b9f379

Error: (01/23/2015 11:45:30 PM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x80041002

Error: (01/23/2015 10:01:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: PHotkey.exe1.0.0.8350b46952PHotkey.exe1.0.0.8350b46952c00000050001014a128001d036eb112515c9C:\Program Files (x86)\PHotkey\PHotkey.exeC:\Program Files (x86)\PHotkey\PHotkey.exe5e5ffed4-a2de-11e4-a0f1-bc7737b9f379

Error: (01/23/2015 10:00:51 AM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: 

Error: (01/23/2015 09:57:39 AM) (Source: WinMgmt) (EventID: 28) (User: )
Description: 0x80041002


CodeIntegrity Errors:
===================================
  Date: 2013-09-08 14:18:05.095
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-08 14:01:20.879
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-08 13:38:14.208
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-08 13:19:43.401
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-31 09:27:52.493
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-27 15:15:12.546
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-27 13:43:00.903
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-27 13:29:48.152
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-26 02:14:30.134
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-25 16:26:36.183
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 47%
Total physical RAM: 4007.12 MB
Available physical RAM: 2098.68 MB
Total Pagefile: 8012.43 MB
Available Pagefile: 5661.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:657.54 GB) (Free:341.94 GB) NTFS
Drive d: (Recover) (Fixed) (Total:37.99 GB) (Free:13.84 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

auch wenn ich Malwarebytes nochmal scannnen lasse, kein Fund mehr

trotzdem, youtube ruckelt stark, Rest schon etwas langsame Reaktionen

darf denn ein PUP.. Fund einfach gelöscht werden - oder werden dadurch wichtige Systemteile gelöscht?

?

schrauber · 25.01.2015, 08:23

Unsere Tools brauchen immer Adminrechte!

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

PUP.optional.Softonic.A lässt sich aus Quarantäne nicht mehr Wiederherstellen

Plagegeister aller Art und deren Bekämpfung: PUP.optional.Softonic.A lässt sich aus Quarantäne nicht mehr Wiederherstellen