Win8 PC langsam, cookie verhalten in Firefox anders als eingestellt Virus?

humi_o · 22.03.2015, 13:21

Ich würde Euch bitten um eine Analyse meiner FRST Dateien.
Mein PC war wohl eine Zeit hijacked (Email wurde gehackt und als Spamschleuder missbraucht).

Wäre Dankbar um Hilfe!

Anbei die FRSTlogs

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Othmar (administrator) on HUMITSCH on 22-03-2015 13:11:50
Running from C:\Users\Othmar\Desktop
Loaded Profiles: Othmar & NeroMediaHomeUser.4 (Available profiles: Othmar & NeroMediaHomeUser.4)
Platform: Windows 8 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Cherished Technololgy LIMITED) C:\Users\Othmar\AppData\Local\Temp\NODE5A8.tmp
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Bandoo Media Inc.) C:\Users\Othmar\AppData\Local\iLivid\iLivid.exe
() C:\Users\Othmar\AppData\Local\Viber\Viber.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
() C:\Program Files (x86)\TV IR\shutTask.exe
() C:\Program Files (x86)\TV IR\TV IR.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM-x32\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Nero MediaHome 4] => C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [5179880 2012-12-20] (Nero AG)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-28] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [TVPro Control] => C:\Program Files (x86)\TV IR\TV IR.EXE [1454592 2012-04-26] ()
HKLM-x32\...\Run: [TVPro Task] => C:\Program Files (x86)\TV IR\shutTask.exe [221696 2012-04-16] ()
HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\Run: [iLivid] => C:\Users\Othmar\AppData\Local\iLivid\iLivid.exe [7307776 2014-02-12] (Bandoo Media Inc.)
HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\Run: [PriceMeterW] => "C:\Users\Othmar\AppData\Local\PriceMeter\pricemeterw.exe"
HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\Run: [Nero MediaHome 4] => C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [5179880 2012-12-20] (Nero AG)
HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\Run: [Viber] => C:\Users\Othmar\AppData\Local\Viber\Viber.exe [936656 2014-07-24] ()
HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\MountPoints2: {6f11f9e6-8ce8-11e3-be6a-806e6f6e6963} - "H:\setup.exe" 
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
AppInit_DLLs-x32: c:\progra~2\suptab\search~1.dll => "c:\progra~2\suptab\search~1.dll" File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 9.3 PE.lnk
ShortcutTarget: PHOTOfunSTUDIO 9.3 PE.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll <===== ATTENTION
HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll <===== ATTENTION
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1404756295&from=smt&uid=SanDiskXSDSSDHP256G_134406413856&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1404756295&from=smt&uid=SanDiskXSDSSDHP256G_134406413856&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1404756295&from=smt&uid=SanDiskXSDSSDHP256G_134406413856&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1404756295&from=smt&uid=SanDiskXSDSSDHP256G_134406413856&q={searchTerms}
HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.at.msn.com/
URLSearchHook: [S-1-5-21-2717880484-1776808505-1316206091-1004] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=343&systemid=406&v=n11551-275&apn_uid=0092000244144237&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=343&systemid=406&v=n11551-275&apn_uid=0092000244144237&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2717880484-1776808505-1316206091-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2717880484-1776808505-1316206091-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2717880484-1776808505-1316206091-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=FE77BC5FF4D4EB47&affID=128491&tsp=5175
SearchScopes: HKU\S-1-5-21-2717880484-1776808505-1316206091-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=343&systemid=406&v=n11551-275&apn_uid=0092000244144237&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-01-18] (IvoSoft)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2014-08-26] (Sun Microsystems, Inc.)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
DPF: HKLM-x32 {5852F5ED-8BF4-11D4-A245-0080C6F74284} hxxp://javadl-esd.oracle.com/update/1.6.0/jinstall-6u20-windows-i586.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1404756295&from=smt&uid=SanDiskXSDSSDHP256G_134406413856

FireFox:
========
FF ProfilePath: C:\Users\Othmar\AppData\Roaming\Mozilla\Firefox\Profiles\pimu1gdx.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-26] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-01-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-26] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-07-17] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-09-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-06-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-06-21] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2014-08-26] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-09-25] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Othmar\AppData\Roaming\Mozilla\Firefox\Profiles\pimu1gdx.default\searchplugins\google-images.xml [2014-12-21]
FF SearchPlugin: C:\Users\Othmar\AppData\Roaming\Mozilla\Firefox\Profiles\pimu1gdx.default\searchplugins\google-maps.xml [2014-12-21]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Othmar\AppData\Roaming\Mozilla\Firefox\Profiles\pimu1gdx.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2014-12-21]
FF Extension: Adblock Plus - C:\Users\Othmar\AppData\Roaming\Mozilla\Firefox\Profiles\pimu1gdx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-21]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-06]
FF HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Movies Toolbar) - C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob [2014-03-03]
CHR Extension: (2cloud) - C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkelgkihphkegiaagbcgglfidabmgkgp [2014-07-28]
CHR Extension: (Skype Click to Call) - C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-09-11]
CHR Extension: (Google Wallet) - C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-03]
CHR HKLM-x32\...\Chrome\Extension: [aaaaabcbmongicmdegkmmfgdickgnnob] - C:\Users\Othmar\AppData\Local\ilividmoviestoolbar181\GC\toolbar.crx [2013-12-11]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-06-10] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NeroMediaHomeService.4; C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe [518632 2012-12-20] (Nero AG)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)
S2 DatamngrCoordinator; C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [X]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe -service [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R0 asahci64; C:\Windows\System32\drivers\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [215040 2013-09-24] (Advanced Micro Devices)
R3 smsbda; C:\Windows\system32\drivers\smsbda.sys [56960 2011-03-06] (Siano)
R1 {f727685b-ed90-4adc-8eec-8234574a91e6}w64; C:\Windows\System32\drivers\{f727685b-ed90-4adc-8eec-8234574a91e6}w64.sys [61120 2014-04-24] (StdLib)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-22 13:11 - 2015-03-22 13:12 - 00021741 _____ () C:\Users\Othmar\Desktop\FRST.txt
2015-03-22 13:11 - 2015-03-22 13:11 - 02095616 _____ (Farbar) C:\Users\Othmar\Desktop\FRST64.exe
2015-03-22 13:11 - 2015-03-22 13:11 - 00000000 ____D () C:\FRST
2015-03-22 09:16 - 2015-03-22 09:16 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-11 08:59 - 2015-03-11 08:59 - 00000000 ____D () C:\Users\Othmar\AppData\Local\LizardTech
2015-03-11 08:58 - 2015-02-23 11:52 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 08:58 - 2015-02-23 11:52 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 08:58 - 2015-02-23 11:51 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 08:58 - 2015-02-23 11:51 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2015-03-11 08:58 - 2015-02-23 11:51 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 08:58 - 2015-02-23 11:51 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 08:58 - 2015-02-23 11:51 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 19301888 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 15410688 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 02656256 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 08:58 - 2015-02-23 11:49 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 08:58 - 2015-02-23 10:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 08:58 - 2015-02-23 10:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2015-03-11 08:58 - 2015-02-23 09:51 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-11 08:58 - 2015-02-21 06:31 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 08:58 - 2015-02-21 06:31 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 08:58 - 2015-02-21 06:31 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 08:58 - 2015-02-21 06:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 14380544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 13768704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 08:58 - 2015-02-21 06:29 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 08:58 - 2015-02-21 06:29 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 08:58 - 2015-02-21 06:29 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 08:58 - 2015-02-21 06:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 08:58 - 2015-02-21 06:07 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2015-03-11 08:58 - 2015-02-21 05:42 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-03-11 08:58 - 2015-02-21 04:00 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2015-03-11 08:57 - 2015-03-06 08:39 - 00588800 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-03-11 08:57 - 2015-03-06 08:39 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 08:57 - 2015-03-06 06:48 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-03-11 08:57 - 2015-03-06 06:48 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 08:57 - 2015-02-26 05:35 - 04063232 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 08:57 - 2015-02-03 00:18 - 00569712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 08:57 - 2015-01-24 07:42 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 08:57 - 2015-01-24 06:00 - 00243712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 08:53 - 2015-02-20 14:59 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 08:53 - 2015-02-20 12:56 - 00366592 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 08:53 - 2015-02-20 09:10 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 08:53 - 2015-02-20 08:24 - 00304128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 08:53 - 2015-01-31 14:48 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-03-11 08:53 - 2015-01-31 06:55 - 00275712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-03-11 08:52 - 2015-01-29 09:45 - 06973248 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 08:52 - 2015-01-29 09:05 - 01627648 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 08:52 - 2015-01-29 07:19 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 08:52 - 2015-01-20 07:41 - 01120256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 08:52 - 2015-01-20 06:10 - 00892416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 08:48 - 2014-04-16 19:20 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-03-11 08:48 - 2014-04-16 19:20 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-03-11 08:46 - 2015-02-17 07:54 - 19777536 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 08:46 - 2015-02-17 06:13 - 17561600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 08:46 - 2015-01-24 07:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 08:46 - 2015-01-24 06:00 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 08:46 - 2015-01-24 05:31 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 08:45 - 2015-02-13 00:18 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-03-11 08:42 - 2015-03-11 08:42 - 00001034 _____ () C:\Users\Othmar\Desktop\GeoViewer.lnk
2015-03-11 08:42 - 2015-03-11 08:42 - 00000000 ____D () C:\Users\Othmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LizardTech
2015-03-11 08:42 - 2015-03-11 08:42 - 00000000 ____D () C:\Users\Othmar\AppData\Roaming\LizardTech
2015-03-11 08:42 - 2015-03-11 08:42 - 00000000 ____D () C:\Users\Othmar\AppData\Roaming\InstallShield Installation Information
2015-03-11 08:42 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-03-11 08:42 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-03-11 08:42 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-03-11 08:42 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-03-11 08:42 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-03-06 17:02 - 2015-03-06 17:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-04 07:42 - 2015-03-04 07:42 - 00001894 _____ () C:\Users\Othmar\Desktop\IrfanView Thumbnails.lnk
2015-02-28 21:45 - 2015-03-04 22:24 - 00791496 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-28 21:45 - 2015-03-04 22:24 - 00177608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-26 20:11 - 2014-12-18 09:51 - 00096576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2015-02-26 20:11 - 2014-12-18 07:52 - 00889344 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-02-26 20:11 - 2014-12-18 07:51 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-02-26 20:11 - 2014-12-18 07:50 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-02-26 20:11 - 2014-12-18 07:20 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-02-26 20:11 - 2014-12-06 08:53 - 00458240 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-02-26 20:11 - 2014-12-06 08:53 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-02-26 20:11 - 2014-12-06 08:51 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-02-26 20:11 - 2014-12-06 08:51 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-02-26 20:11 - 2014-12-06 08:50 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-02-26 20:11 - 2014-12-06 07:10 - 00355840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-02-26 20:11 - 2014-12-06 07:10 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-02-26 20:11 - 2014-12-06 07:09 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-02-26 20:10 - 2015-01-29 09:30 - 00593408 _____ (Microsoft Corporation) C:\Windows\system32\AutoUpdate.exe
2015-02-26 20:10 - 2015-01-29 09:30 - 00467952 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2015-02-26 20:10 - 2015-01-29 09:30 - 00011056 _____ () C:\Windows\system32\AutoconfigV2.cab
2015-02-26 20:10 - 2015-01-29 09:05 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-02-26 20:10 - 2015-01-29 09:05 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-02-26 20:10 - 2015-01-29 07:19 - 00568832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-02-26 20:10 - 2015-01-29 07:19 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-02-26 20:10 - 2015-01-15 12:44 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2015-02-26 20:10 - 2015-01-15 12:43 - 01282560 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-26 20:10 - 2015-01-15 11:00 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2015-02-26 20:10 - 2015-01-15 10:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-26 20:10 - 2015-01-15 10:09 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-26 20:10 - 2014-12-11 07:51 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-02-26 20:10 - 2014-11-15 07:06 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-02-26 20:10 - 2014-11-15 06:13 - 03286016 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-02-26 20:10 - 2014-11-15 06:13 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-02-26 20:10 - 2014-11-15 06:13 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-02-26 20:10 - 2014-11-15 06:13 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-02-26 20:10 - 2014-11-15 06:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-02-26 20:10 - 2014-11-15 06:13 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-02-26 20:10 - 2014-11-15 06:13 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-02-26 20:10 - 2014-11-15 06:12 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-02-26 20:10 - 2014-11-15 04:54 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-02-26 20:10 - 2014-11-15 04:53 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-02-26 20:10 - 2014-11-15 04:53 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-02-26 20:10 - 2014-11-15 04:53 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-02-26 20:10 - 2014-11-05 07:40 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-02-26 20:10 - 2014-11-05 07:39 - 01024512 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-02-26 20:10 - 2014-11-01 07:28 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-02-26 20:10 - 2014-10-29 15:21 - 00499008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2015-02-26 20:09 - 2014-12-19 07:48 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-02-26 20:09 - 2014-12-08 07:48 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-26 20:09 - 2014-12-08 06:04 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-26 20:09 - 2014-12-06 08:52 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-02-26 20:09 - 2014-12-06 08:52 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-26 20:09 - 2014-12-06 08:52 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-02-26 20:09 - 2014-12-06 07:09 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-02-26 20:08 - 2014-12-19 05:35 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-26 20:08 - 2014-11-26 07:43 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-26 20:08 - 2014-11-26 05:50 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-26 19:55 - 2015-01-09 07:43 - 00951808 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-02-26 19:55 - 2015-01-09 06:03 - 00601088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-02-26 19:55 - 2015-01-09 00:52 - 00478296 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-26 19:55 - 2015-01-09 00:52 - 00478296 _____ () C:\Windows\system32\locale.nls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-22 13:11 - 2014-03-23 22:11 - 00000314 _____ () C:\Windows\Tasks\PriceMeterUpdater.job
2015-03-22 13:11 - 2014-02-03 16:40 - 00000000 ____D () C:\Users\Othmar\AppData\Roaming\ClassicShell
2015-03-22 13:10 - 2014-02-03 16:35 - 01755155 _____ () C:\Windows\WindowsUpdate.log
2015-03-22 13:03 - 2014-04-16 08:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-22 12:17 - 2014-02-03 16:36 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-22 12:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2015-03-22 11:14 - 2014-09-29 16:25 - 00000000 ____D () C:\Users\Othmar\AppData\Local\Viber
2015-03-22 11:14 - 2014-03-17 20:07 - 00000000 ____D () C:\Users\Othmar\AppData\Roaming\Security System 2
2015-03-22 11:14 - 2014-03-03 22:16 - 00000000 ____D () C:\ProgramData\Wincert
2015-03-22 11:14 - 2014-03-03 22:15 - 00000000 ____D () C:\Users\Othmar\AppData\Local\iLivid
2015-03-22 11:14 - 2014-02-03 16:35 - 00000000 ____D () C:\Users\Othmar
2015-03-22 11:13 - 2014-07-07 19:05 - 00000000 ____D () C:\Program Files (x86)\SupTab
2015-03-22 08:29 - 2014-04-16 08:19 - 00000072 _____ () C:\Users\Public\LMDebug.log
2015-03-22 08:16 - 2014-03-31 19:12 - 00000143 _____ () C:\Users\Othmar\AppData\Roaming\WB.CFG
2015-03-22 08:06 - 2012-07-26 11:27 - 00751892 _____ () C:\Windows\system32\perfh007.dat
2015-03-22 08:06 - 2012-07-26 11:27 - 00155620 _____ () C:\Windows\system32\perfc007.dat
2015-03-22 08:06 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-22 07:28 - 2014-02-03 16:41 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2717880484-1776808505-1316206091-1001
2015-03-22 07:15 - 2014-09-29 16:26 - 00000000 ____D () C:\Users\Othmar\AppData\Roaming\ViberPC
2015-03-22 07:15 - 2014-02-03 16:36 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-13 14:51 - 2014-03-03 09:28 - 00000000 ____D () C:\Users\Othmar\AppData\Roaming\vlc
2015-03-13 09:31 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2015-03-13 08:01 - 2014-03-17 19:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-13 08:01 - 2013-02-16 13:23 - 00034226 _____ () C:\Windows\PFRO.log
2015-03-13 08:01 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-12 18:29 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ToastData
2015-03-12 18:29 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 18:29 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 18:29 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2015-03-12 18:29 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-03-12 18:29 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-12 18:29 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-12 18:29 - 2012-07-26 06:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-03-12 08:27 - 2014-02-03 16:35 - 00000000 ____D () C:\Users\Othmar\AppData\Local\Packages
2015-03-11 10:56 - 2014-02-04 11:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-11 10:56 - 2014-02-03 17:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 10:56 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-03-11 10:50 - 2014-03-06 11:43 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 10:50 - 2012-07-26 06:26 - 00000269 _____ () C:\Windows\win.ini
2015-03-11 10:48 - 2013-02-16 13:59 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 08:42 - 2014-03-21 18:45 - 00037812 _____ () C:\Windows\DirectX.log
2015-03-10 14:22 - 2014-03-21 18:45 - 00000000 ____D () C:\Program Files (x86)\HappyFoto-Designer
2015-03-09 19:19 - 2014-09-10 07:11 - 00000000 ____D () C:\Users\Othmar\AppData\Roaming\Skype
2015-03-04 07:42 - 2014-03-18 19:16 - 00001006 _____ () C:\Users\Othmar\Desktop\IrfanView.lnk
2015-03-04 07:42 - 2014-03-18 19:16 - 00000000 ____D () C:\Users\Othmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2015-03-04 07:42 - 2014-03-18 19:16 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2015-03-03 14:17 - 2013-02-16 13:53 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-28 03:00 - 2014-02-03 16:48 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-26 20:03 - 2014-04-16 08:13 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

==================== Files in the root of some directories =======

2014-03-31 19:12 - 2015-03-22 08:16 - 0000143 _____ () C:\Users\Othmar\AppData\Roaming\WB.CFG
2014-07-15 17:34 - 2014-12-22 15:58 - 0008704 _____ () C:\Users\Othmar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-02 14:18 - 2014-11-02 14:18 - 0001555 _____ () C:\Users\Othmar\AppData\Local\recently-used.xbel

Files to move or delete:
====================
C:\Users\Othmar\FreemakeVideoConverterSetup.exe
C:\Users\Othmar\HappyFoto-Bestellassistent.exe
C:\Users\Othmar\HappyFoto-Designer.exe
C:\Users\Othmar\udc.exe


Some content of TEMP:
====================
C:\Users\Othmar\AppData\Local\Temp\13-12_win7_win8_64_dd_ccc_whql.exe
C:\Users\Othmar\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\Othmar\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Othmar\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Othmar\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Othmar\AppData\Local\Temp\FreemakeVideoConverterFull.exe
C:\Users\Othmar\AppData\Local\Temp\hcwclear.exe
C:\Users\Othmar\AppData\Local\Temp\Manuals.exe
C:\Users\Othmar\AppData\Local\Temp\ose00002.exe
C:\Users\Othmar\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Othmar\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Othmar\AppData\Local\Temp\Sqlite3.dll
C:\Users\Othmar\AppData\Local\Temp\_is30AE.exe
C:\Users\Othmar\AppData\Local\Temp\~convert3240405483724834158.exe
C:\Users\Othmar\AppData\Local\Temp\~convert3888342811581094103.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-09 09:26

==================== End Of Log ============================

und die Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Othmar at 2015-03-22 13:12:11
Running from C:\Users\Othmar\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\uTorrent) (Version: 3.3.2.30488 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ACDSee Foto-Editor (HKLM-x32\...\{53AD87D3-72AE-4D07-8A7A-1F4D54E83777}) (Version: 4.00.208 - ACD Systems Ltd.)
ACDSee Free (HKLM-x32\...\ACDSee Free) (Version: 1.0.18 - ACD Systems International Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
ArcSoft TotalMedia 3.5 (HKLM-x32\...\{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}) (Version: 3.5.7.377 - ArcSoft)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - )
CyberViewX (HKLM-x32\...\{D20A621F-5933-4185-922D-51D187670690}) (Version: 5.16.25 - CyberViewX)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Freemake Video Converter Version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HappyFoto - Bestellassistent (HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\HappyFoto - Bestellassistent) (Version:  - HAPPY - FOTO GmbH / ©2014 Aberger Software GmbH)
HappyFoto-Designer 5.2 (HKLM-x32\...\HappyFoto-Designer_is1) (Version:  - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LizardTech GeoViewer 9.0 (HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\{CEEF6E28-ED9B-41C9-973A-82B07E449A53}) (Version: 9.0 - LizardTech)
LoiLoScope Herunterladen (HKLM-x32\...\{C2A254F4-AC74-482F-8F09-DB2843AC2AAE}_is1) (Version: 2.0 - LoiLo inc)
MAGIX Fotos auf DVD 2014 Deluxe (HKLM-x32\...\MX.{C2A5A580-75AF-4021-AA42-F3076434BF80}) (Version: 13.0.0.84 - MAGIX AG)
MAGIX Fotos auf DVD 2014 Deluxe (Version: 13.0.0.84 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{3F70AA2A-CAE4-4898-BBFB-C34165A85DF7}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 Plus (HKLM-x32\...\MX.{9E2FEB28-7407-4009-9DC4-203EF2EF6BB7}) (Version: 13.0.0.28 - MAGIX AG)
MAGIX Video deluxe 2014 Plus (Version: 13.0.0.28 - MAGIX AG) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
MD86351 driver install (HKLM-x32\...\InstallShield_{2320D419-1E49-4FF9-B0D5-4BEDAD3B7724}) (Version: 6.3.6.1 - MEDION AG)
MD86351 driver install (x32 Version: 6.3.6.1 - MEDION AG) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM\...\{90150000-001F-0407-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office ScreenTip Language 2013 - Deutsch (HKLM\...\{90150000-00BD-0407-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero MediaHome 4 Essentials (HKLM-x32\...\{78cff10e-90c4-4454-bb95-17837ff57043}) (Version:  - Nero AG)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PHOTOfunSTUDIO 9.3 PE (HKLM-x32\...\{E33B3B6C-5712-4A39-B30D-1391918D920D}) (Version: 9.03.703 - Panasonic Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.02.00 - Samsung Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SlimDX Runtime .NET 4.0 x64 (January 2012) (HKLM\...\{A2199A06-89C4-4187-AA4A-3A9676FB799D}) (Version: 2.0.13.43 - SlimDX Group)
TV IR (HKLM-x32\...\{C1FD1627-2EAF-48CB-A333-42D39BCB096D}) (Version: 2.4 - MEDION AG)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Viber (HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\Viber) (Version: 3.0.0.134678 - Viber Media Inc)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2717880484-1776808505-1316206091-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Othmar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2717880484-1776808505-1316206091-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Othmar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2717880484-1776808505-1316206091-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Othmar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2717880484-1776808505-1316206091-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Othmar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2717880484-1776808505-1316206091-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Othmar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

07-03-2015 08:34:03 Geplanter Prüfpunkt
11-03-2015 08:41:56 Installed SlimDX Runtime .NET 4.0 x64 (January 2012)
22-03-2015 07:43:03 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {11AA2F56-21E5-45F5-A1FF-E7A33215120F} - System32\Tasks\Othmar1 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe
Task: {1D861D4F-86CE-4817-A37F-E89CBE75FEFC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {4A90F9F6-2EFE-4B03-9675-7148E01E94D6} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe
Task: {50911FCF-12A4-4B4C-BE22-D32C3FEC273F} - System32\Tasks\Windows Defender Update => C:\Program Files\Windows Defender\MpCmdRun.exe [2015-01-31] (Microsoft Corporation)
Task: {54AFC8F0-1A18-476D-860B-94D997572C29} - System32\Tasks\Othmar Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe
Task: {620B6C9C-FF41-414B-A06F-164BA7E57229} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {7185F71C-F70F-4550-90F5-216E1A717B76} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-03] (Google Inc.)
Task: {7925C416-76D5-4D01-AAB3-208FE7530087} - System32\Tasks\Othmar DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
Task: {9BF38F38-ECFC-4ED8-BA33-B59E329FE313} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-26] (Adobe Systems Incorporated)
Task: {9E5CE3F1-E1CA-42AB-B023-D6695553EA35} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {AB9D6AB4-7293-48F4-8AC0-24CF3C494D2D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {C79F84D6-6583-457D-B868-AD22B439C5E5} - System32\Tasks\Othmar => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe
Task: {DAAB0C74-C1D4-49C2-9601-9D6C54FE4D52} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-11] (Microsoft Corporation)
Task: {E14154F9-5233-48CE-AD58-E97BE356232D} - System32\Tasks\PriceMeterUpdater => C:\Users\Othmar\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {F3E8D904-1DC3-4D13-888A-2C9268B9E046} - \AutoKMS No Task File <==== ATTENTION
Task: {F3F2AE8E-0802-4CA4-AAC7-231D2730CA81} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-03] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PriceMeterUpdater.job => C:\Users\Othmar\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2014-04-16 08:17 - 2011-04-11 06:26 - 00034304 _____ () C:\Windows\System32\spe__l.dll
2014-04-16 08:17 - 2013-03-18 15:16 - 01353728 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\spe__du.dll
2015-01-21 15:01 - 2015-01-21 15:01 - 08898728 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-03 08:25 - 2014-03-03 08:26 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2014-09-29 16:26 - 2014-07-24 18:40 - 00936656 _____ () C:\Users\Othmar\AppData\Local\Viber\Viber.exe
2014-01-10 06:26 - 2014-01-10 06:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-09-02 09:54 - 2012-04-16 21:25 - 00221696 _____ () C:\Program Files (x86)\TV IR\shutTask.exe
2014-09-02 09:54 - 2012-04-26 16:20 - 01454592 _____ () C:\Program Files (x86)\TV IR\TV IR.exe
2014-09-02 09:54 - 2010-07-07 17:21 - 02097152 _____ () C:\Program Files (x86)\TV IR\RmCard.dll
2014-09-25 13:33 - 2014-09-25 13:33 - 02210480 _____ () C:\Program Files\Microsoft Office\Office15\tmpod.dll
2014-01-23 16:05 - 2014-01-23 16:05 - 01424552 _____ () C:\Program Files\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 49471488 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\libViber.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00770048 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\libGLESv2.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00106496 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\qfacebook.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00172032 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\exif.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00049152 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\libEGL.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00876544 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\platforms\qwindows.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00024576 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\imageformats\qgif.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00024576 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\imageformats\qico.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00204800 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\imageformats\qjpeg.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00221184 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\imageformats\qmng.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00016384 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\imageformats\qsvg.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00016384 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\imageformats\qtga.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00311296 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\imageformats\qtiff.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00016384 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\imageformats\qwbmp.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00638976 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\sqldrivers\qsqlite.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00032768 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\iconengines\qsvgicon.dll
2014-01-10 06:28 - 2014-01-10 06:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-09-02 09:52 - 2007-04-19 08:33 - 00035584 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uPiApi.dll
2015-01-21 15:01 - 2015-01-21 15:01 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Othmar\Downloads\Einladung.eml:OECustomProperty
AlternateDataStreams: C:\Users\Othmar\Downloads\Reiseplan – detailliert Reisedatum_ Dienstag, 13. Januar 2015(1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Othmar\Downloads\Reiseplan – detailliert Reisedatum_ Dienstag, 13. Januar 2015(2).eml:OECustomProperty
AlternateDataStreams: C:\Users\Othmar\Downloads\Reiseplan – detailliert Reisedatum_ Dienstag, 13. Januar 2015.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\Control Panel\Desktop\\Wallpaper -> L:\humi\reisen ab 2014\chile Patagonien 2015\_bilder patagonien 2015 best\P1030927.JPG
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2717880484-1776808505-1316206091-500 - Administrator - Disabled)
Gast (S-1-5-21-2717880484-1776808505-1316206091-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2717880484-1776808505-1316206091-1003 - Limited - Enabled)
NeroMediaHomeUser.4 (S-1-5-21-2717880484-1776808505-1316206091-1004 - Limited - Enabled) => C:\Users\NeroMediaHomeUser.4
Othmar (S-1-5-21-2717880484-1776808505-1316206091-1001 - Administrator - Enabled) => C:\Users\Othmar

==================== Faulty Device Manager Devices =============

Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/22/2015 09:16:25 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (03/22/2015 09:16:22 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (03/22/2015 09:16:16 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (03/22/2015 07:15:44 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (03/22/2015 07:15:42 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (03/13/2015 08:02:23 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (03/13/2015 08:02:21 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (03/12/2015 07:56:41 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (03/12/2015 07:56:39 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=4

Error: (03/11/2015 10:34:43 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable


System errors:
=============
Error: (03/13/2015 08:01:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Datamngr Coordinator" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/28/2015 09:45:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Datamngr Coordinator" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/27/2015 11:50:18 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update für Microsoft Visual C++ 2012 Update 4 Redistributable Package (KB3032622)

Error: (02/26/2015 08:03:34 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT-AUTORITÄT)
Description: 0x8000002a171\??\Volume{6f11f9e2-8ce8-11e3-be6a-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{95D3B167-8BB6-40A1-BC3B-4CE12ABA2E19}

Error: (01/11/2015 09:50:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Datamngr Coordinator" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/08/2015 09:17:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Datamngr Coordinator" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/08/2015 09:11:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Datamngr Coordinator" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/07/2015 08:24:46 AM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: Humitsch)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "G:" können nicht gelesen werden.

Error: (01/07/2015 08:22:02 AM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.

Error: (01/07/2015 08:21:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Datamngr Coordinator" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (03/22/2015 09:16:25 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Othmar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DOGCGNGH\esetsmartinstaller_deu.exe

Error: (03/22/2015 09:16:22 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Othmar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DOGCGNGH\esetsmartinstaller_deu.exe

Error: (03/22/2015 09:16:16 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Othmar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DOGCGNGH\esetsmartinstaller_deu.exe

Error: (03/22/2015 07:15:44 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (03/22/2015 07:15:42 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (03/13/2015 08:02:23 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (03/13/2015 08:02:21 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (03/12/2015 07:56:41 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (03/12/2015 07:56:39 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=4

Error: (03/11/2015 10:34:43 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 41%
Total physical RAM: 8136.96 MB
Available physical RAM: 4794.83 MB
Total Pagefile: 9352.96 MB
Available Pagefile: 5384.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.47 GB) (Free:147.95 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (System-reserviert) (Fixed) (Total:0.34 GB) (Free:0.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive l: (Volume) (Fixed) (Total:1862.67 GB) (Free:544.06 GB) NTFS
Drive m: (m) (Fixed) (Total:1863.01 GB) (Free:670.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 114019AF)
Partition 1: (Active) - (Size=238.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: DF3B428C)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 114019A3)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

danke vorab für Eure Hilfe!

humi_o

M-K-D-B · 22.03.2015, 13:22

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die Logdatei von JRT,
die beiden neuen Logdateien von FRST.

humi_o · 25.03.2015, 22:31

so hat ein bißchen gedauert, sorry!

AdwCleaner:

Code:

ATTFilter

# AdwCleaner v4.113 - Bericht erstellt 24/03/2015 um 16:53:36
# Aktualisiert 22/03/2015 von Xplode
# Datenbank : 2015-03-23.1 [Server]
# Betriebssystem : Windows 8 Pro  (x64)
# Benutzername : Othmar - HUMITSCH
# Gestarted von : C:\Users\Othmar\Downloads\AdwCleaner_4.113.exe
# Option : Suchlauf

***** [ Dienste ] *****

Dienst Gefunden : DatamngrCoordinator
Dienst Gefunden : IePluginServices
Dienst Gefunden : {f727685b-ed90-4adc-8eec-8234574a91e6}w64

***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.buenosearch.com_0.localstorage
Datei Gefunden : C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.buenosearch.com_0.localstorage-journal
Datei Gefunden : C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gefunden : C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gefunden : C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Datei Gefunden : C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
Datei Gefunden : C:\Windows\System32\drivers\{f727685b-ed90-4adc-8eec-8234574a91e6}w64.sys
Ordner Gefunden : C:\Program Files (x86)\DriverToolkit
Ordner Gefunden : C:\Program Files (x86)\Greautsaving
Ordner Gefunden : C:\Program Files (x86)\Greautsaving
Ordner Gefunden : C:\Program Files (x86)\SupTab
Ordner Gefunden : C:\ProgramData\374311380 
Ordner Gefunden : C:\ProgramData\6b716175f3ec0430
Ordner Gefunden : C:\ProgramData\Greautsaving
Ordner Gefunden : C:\ProgramData\Greautsaving
Ordner Gefunden : C:\ProgramData\IePluginServices
Ordner Gefunden : C:\ProgramData\PriceMeterLiveUpdate
Ordner Gefunden : C:\ProgramData\simplitec
Ordner Gefunden : C:\ProgramData\wincert
Ordner Gefunden : C:\ProgramData\WindowsMangerProtect
Ordner Gefunden : C:\Users\Othmar\AppData\Local\DownloadGuide
Ordner Gefunden : C:\Users\Othmar\AppData\Local\DriverToolkit
Ordner Gefunden : C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob
Ordner Gefunden : C:\Users\Othmar\AppData\Local\iLivid
Ordner Gefunden : C:\Users\Othmar\AppData\Local\ilividmoviestoolbar181
Ordner Gefunden : C:\Users\Othmar\AppData\Local\PriceMeterLiveUpdate
Ordner Gefunden : C:\Users\Othmar\AppData\LocalLow\ilividmoviestoolbar181
Ordner Gefunden : C:\Users\Othmar\AppData\Roaming\PriceMeterUpdater
Ordner Gefunden : C:\Users\Othmar\AppData\Roaming\RHEng
Ordner Gefunden : C:\Users\Othmar\AppData\Roaming\Security System 2
Ordner Gefunden : C:\Users\Othmar\AppData\Roaming\simplitec

***** [ Geplante Tasks ] *****

Task Gefunden : PriceMeterUpdater

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1404756295&from=smt&uid=SanDiskXSDSSDHP256G_134406413856
Daten Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\suptab\search~1.dll
Daten Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL
Schlüssel Gefunden : HKCU\Software\APNDTX
Schlüssel Gefunden : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gefunden : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gefunden : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DriverToolkit
Schlüssel Gefunden : HKCU\Software\ilivid
Schlüssel Gefunden : HKCU\Software\ilividmoviestoolbar181
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\buenosearch.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C736F63-E728-3713-2E1D-9358C937CA6A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C736F63-E728-3713-2E1D-9358C937CA6A}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\Optimizer Pro
Schlüssel Gefunden : HKCU\Software\PriceMeterLiveUpdate
Schlüssel Gefunden : HKCU\Software\PriceMeterUpdater
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : [x64] HKCU\Software\APNDTX
Schlüssel Gefunden : [x64] HKCU\Software\DataMngr
Schlüssel Gefunden : [x64] HKCU\Software\DriverToolkit
Schlüssel Gefunden : [x64] HKCU\Software\ilivid
Schlüssel Gefunden : [x64] HKCU\Software\ilividmoviestoolbar181
Schlüssel Gefunden : [x64] HKCU\Software\InstallCore
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\Optimizer Pro
Schlüssel Gefunden : [x64] HKCU\Software\PriceMeterLiveUpdate
Schlüssel Gefunden : [x64] HKCU\Software\PriceMeterUpdater
Schlüssel Gefunden : [x64] HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gefunden : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gefunden : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gefunden : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gefunden : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6C736F63-E728-3713-2E1D-9358C937CA6A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\gReaotsaving.gReaotsaving
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\gReaotsaving.gReaotsaving.8.3
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gefunden : HKLM\SOFTWARE\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C736F63-E728-3713-2E1D-9358C937CA6A}
Schlüssel Gefunden : HKLM\SOFTWARE\omiga-plusSoftware
Schlüssel Gefunden : HKLM\SOFTWARE\SupDp
Schlüssel Gefunden : HKLM\SOFTWARE\SupTab
Schlüssel Gefunden : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gefunden : HKLM\SOFTWARE\supWPM
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{6C736F63-E728-3713-2E1D-9358C937CA6A}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [iLivid]
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [PriceMeterW]
Wert Gefunden : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Wert Gefunden : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Wert Gefunden : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x64]
Wert Gefunden : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x86]

***** [ Internetbrowser ] *****

-\\ Internet Explorer v10.0.9200.17267

Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1404756295&from=smt&uid=SanDiskXSDSSDHP256G_134406413856&q={searchTerms}
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1404756295&from=smt&uid=SanDiskXSDSSDHP256G_134406413856&q={searchTerms}
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1404756295&from=smt&uid=SanDiskXSDSSDHP256G_134406413856&q={searchTerms}
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1404756295&from=smt&uid=SanDiskXSDSSDHP256G_134406413856&q={searchTerms}

-\\ Mozilla Firefox v36.0.4 (x86 de)

[pimu1gdx.default] - Zeile Gefunden : user_pref("extensions.crossrider.bic", "144d6603408d223b0fb6825f4361b21c");
[pimu1gdx.default] - Zeile Gefunden : user_pref("extensions.dqVCIsqYLq.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumor[...]
[pimu1gdx.default] - Zeile Gefunden : user_pref("extensions.quick_start.enable_search1", false);
[pimu1gdx.default] - Zeile Gefunden : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Google Chrome v36.0.1985.125

[C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxps://wiki.cwi.migros.net/dosearchsite.action?queryString={searchTerms}
[C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPBB0D903A-1CA0-424C-B42C-32D73519C327&q={searchTerms}&SSPV=
[C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://wiki.ecom.migros.net/dosearchsite.action?queryString={searchTerms}
[C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}
[C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=343&systemid=406&v=n11551-275&apn_uid=0092000244144237&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
[C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gefunden [Extension] : bopakagnckmlgajfccecajhnimjiiedh
[C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gefunden [Extension] : aaaaabcbmongicmdegkmmfgdickgnnob
[C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gefunden [Startup_URLs] : hxxp://isearch.omiga-plus.com/?type=hp&ts=1404756295&from=smt&uid=SanDiskXSDSSDHP256G_134406413856
[C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gefunden [Startup_URLs] : hxxp://isearch.omiga-plus.com/?type=hp&ts=1404756295&from=smt&uid=SanDiskXSDSSDHP256G_134406413856
*************************

AdwCleaner[R0].txt - [15488 Bytes] - [24/03/2015 16:53:36]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [15548 Bytes] ##########

dann MWB:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 24.03.2015
Suchlauf-Zeit: 17:03:32
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.03.24.06
Rootkit Datenbank: v2015.02.25.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Othmar

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 404968
Verstrichene Zeit: 7 Min, 16 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.IePluginService.A, C:\Users\Othmar\AppData\Local\Temp\NODE5A8.tmp, 1236, , [292d99b03b4ff83e7c34e69c659c5ca4]

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 31
PUP.Optional.Babylon.A, HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [ce885feaa4e6b77f4d79fa2d27dc28d8], 
PUP.Optional.BuenoSearch.A, HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}, , [2036a3a64a406bcbd91064ff996a3dc3], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [d4820247e5a543f3bf8972ba7e85936d], 
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\SearchQUIEHelper.DNSGuard, , [065058f1dcae1d190b06c89a9c6745bb], 
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\SearchQUIEHelper.DNSGuard.1, , [183ea7a26e1cf73f65ac144e28db0000], 
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SearchQUIEHelper.DNSGuard, , [183ea7a26e1cf73f65ac144e28db0000], 
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SearchQUIEHelper.DNSGuard.1, , [183ea7a26e1cf73f65ac144e28db0000], 
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\SearchQUIEHelper.DNSGuard, , [183ea7a26e1cf73f65ac144e28db0000], 
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\SearchQUIEHelper.DNSGuard.1, , [183ea7a26e1cf73f65ac144e28db0000], 
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{f727685b-ed90-4adc-8eec-8234574a91e6}w64, , [8dc957f2d0ba1224d5d8b08a0005b050], 
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\${dtUserElevationPolicyID}, , [ee6850f9e3a7c274a720f54784813dc3], 
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\Datamngr, , [f1650c3daae0d0669f747178867d53ad], 
PUP.Optional.ISearch.A, HKLM\SOFTWARE\WOW6432NODE\omiga-plusSoftware, , [a5b11e2bdeaca69093772d06ed1851af], 
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, , [eb6b66e3206add59559a52e8b25335cb], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, , [e373af9a474311254281aa2cc73c728e], 
PUP.Optional.MoviesToolBar.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\aaaaabcbmongicmdegkmmfgdickgnnob, , [de783712662467cf49859f4f6f9418e8], 
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\${dtUserElevationPolicyID}, , [a3b320296129251180478cb064a19070], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP, , [cf8798b1e3a737ff19780acc47bcd030], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, , [df7799b06228da5cfbc733a3de256a96], 
PUP.Optional.Datamngr.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DatamngrCoordinator, , [391d1b2e8208bd79a580c61b5da6c739], 
PUP.Optional.IePluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServices, , [253170d9a1e9c76f4020427ad13240c0], 
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, , [63f389c06a20c96d2fcd1face02324dc], 
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, , [df7773d61674cb6b5ba29932788bfa06], 
PUP.Optional.AddPusHD.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\addplushd, , [4c0acb7e3b4fce686f1be9107f849f61], 
PUP.Optional.DataMngr.A, HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\SOFTWARE\Datamngr, , [df7756f3b9d13bfb8a8553c806ffe31d], 
PUP.Optional.MoviesToolBar.A, HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\SOFTWARE\ilividmoviestoolbar181, , [bb9b1f2ae6a461d576a96f9705ff629e], 
PUP.Optional.PriceMeter.A, HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\SOFTWARE\PriceMeterLiveUpdate, , [ada920299af0f2448a305e6431d25fa1], 
PUP.Optional.PriceMeter.A, HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\SOFTWARE\PriceMeterUpdater, , [79dd2722f9914aec259607bb966dc33d], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [22340643ee9cf64072e2ba75d3327888], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [ce884108167451e515446f96f50f42be], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\SOFTWARE\INSTALLCORE, , [9bbb5dec6822eb4bcd65f5266c992ad6], 

Registrierungswerte: 6
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP|dir, C:\Program Files (x86)\SupTab, , [cf8798b1e3a737ff19780acc47bcd030]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, smt, , [df7799b06228da5cfbc733a3de256a96]
PUP.Optional.DataMangr.A, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER\APPCERTDLLS|x86, C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll, , [d87edf6ab1d961d50fb9241808fd0cf4]
PUP.Optional.DataMangr.A, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER\APPCERTDLLS|x64, C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll, , [4d09d7729dedab8b636595a7fd08ca36]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\SOFTWARE\INSTALLCORE|tb, 0R2Y1I1P1N0J1U1C, , [9bbb5dec6822eb4bcd65f5266c992ad6]
PUP.Optional.PriceMeter.A, HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|PriceMeterW, "C:\Users\Othmar\AppData\Local\PriceMeter\pricemeterw.exe", , [62f4d673d5b57eb8a6e8c1299a69946c]

Registrierungsdaten: 6
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1404756295&from=smt&uid=SanDiskXSDSSDHP256G_134406413856, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1404756295&from=smt&uid=SanDiskXSDSSDHP256G_134406413856),,[7bdb420751397db94d5ef105f312d62a]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1404756295&from=smt&uid=SanDiskXSDSSDHP256G_134406413856&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1404756295&from=smt&uid=SanDiskXSDSSDHP256G_134406413856&q={searchTerms}),,[4f07f2575e2cd462436c2bcb1de8ce32]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1404756295&from=smt&uid=SanDiskXSDSSDHP256G_134406413856&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1404756295&from=smt&uid=SanDiskXSDSSDHP256G_134406413856&q={searchTerms}),,[f75fc1884842a88e4a6926d033d23fc1]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1404756295&from=smt&uid=SanDiskXSDSSDHP256G_134406413856, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1404756295&from=smt&uid=SanDiskXSDSSDHP256G_134406413856),,[b6a0bb8eaae05bdb7239a94df411837d]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1404756295&from=smt&uid=SanDiskXSDSSDHP256G_134406413856&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1404756295&from=smt&uid=SanDiskXSDSSDHP256G_134406413856&q={searchTerms}),,[71e54900622834026946f7ffa85ddd23]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1404756295&from=smt&uid=SanDiskXSDSSDHP256G_134406413856&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1404756295&from=smt&uid=SanDiskXSDSSDHP256G_134406413856&q={searchTerms}),,[7dd9ad9c2b5f5adc53609e5855b0cc34]

Ordner: 62
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr, , [065021280585f64060dff62a48bd619f], 
Rogue.Multiple, C:\ProgramData\374311380, , [a1b5321704867db93aa0bea7758ef709], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\background, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\css, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\css\themes, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\css\themes\avira, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\css\themes\imesh, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\css\themes\mindspark, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\css\themes\plain, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\css\themes\taskbar, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\css\themes\v5parity, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\logo, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\newtab, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\search, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\vanilla, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\imesh-born-star, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\imesh-movies, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\imesh-reviews, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\imesh-trailers, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\imesh-video-tools, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\search-box-imesh, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\search-box-imesh\images, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\toolbar-options_imesh_movie_lvd2-dtx, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\toolbar-options_imesh_movie_lvd2-dtx\css, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\toolbar-options_imesh_movie_lvd2-dtx\images, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\toolbar-options_imesh_movie_lvd2-dtx\js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\toolbar-options_imesh_movie_lvd2-dtx\js\lib, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\content_script, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\content_script\hack, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\lib, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\lib\shims, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\tb_ux, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\widgets, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\widgets\options, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\widgets\options\images, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\widgets\rebuttal, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\widgets\rebuttal\images, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\widgets\search-suggestion, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\widgets\templates, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\widgets\templates\css, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\widgets\templates\css\images, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\widgets\templates\js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.Datamngr.A, C:\Users\Othmar\AppData\LocalLow\DataMngr, , [1541b29792f8ea4c35603a410ef5eb15], 
PUP.Optional.PriceMeter.A, C:\Users\Othmar\AppData\Roaming\PriceMeterUpdater, , [8acc2227e3a7e056936fb9c3d92a7987], 
PUP.Optional.PriceMeter.A, C:\Users\Othmar\AppData\Roaming\PriceMeterUpdater\UpdateProc, , [8acc2227e3a7e056936fb9c3d92a7987], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\ilividmoviestoolbar181, , [f5614405ccbebe78050c780619ea03fd], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\ilividmoviestoolbar181\GC, , [f5614405ccbebe78050c780619ea03fd], 
PUP.Optional.MoviesToolbar.A, C:\Users\Othmar\AppData\LocalLow\ilividmoviestoolbar181, , [282ec28794f635014bcf0b7ae1227d83], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, , [9fb7fc4d7911102677d4cac05aa9b947], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, , [9fb7fc4d7911102677d4cac05aa9b947], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, , [d58193b68bffa3936a0608846b987d83], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log, , [d58193b68bffa3936a0608846b987d83], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, , [d58193b68bffa3936a0608846b987d83], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, , [5006f950098170c65c680e83ef149868], 
PUP.Optional.PriceMeter.A, C:\Users\Othmar\AppData\Local\PriceMeterLiveUpdate, , [60f678d1167434024dd95a4e08fbf709], 
PUP.Optional.PriceMeter.A, C:\Users\Othmar\AppData\Local\PriceMeterLiveUpdate\CrashReports, , [60f678d1167434024dd95a4e08fbf709], 

Dateien: 219
PUP.Optional.IePluginService.A, C:\Users\Othmar\AppData\Local\Temp\NODE5A8.tmp, , [292d99b03b4ff83e7c34e69c659c5ca4], 
PUP.Optional.PriceMeter.A, C:\Windows\System32\Tasks\PriceMeterUpdater, , [a9ad59f0e3a70036e43a41a250b3b34d], 
PUP.Optional.PriceMeter.A, C:\Windows\Tasks\PriceMeterUpdater.job, , [e373b2972763cd69812f4bad5fa4bd43], 
PUP.Optional.BuenoSearch.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.buenosearch.com_0.localstorage-journal, , [5afcff4ad7b3122407f5e814d82b8f71], 
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\coordinator.cfg, , [065021280585f64060dff62a48bd619f], 
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\general.cfg, , [065021280585f64060dff62a48bd619f], 
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-2717880484-1776808505-1316206091-1001.cfg, , [065021280585f64060dff62a48bd619f], 
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\stats.cfg, , [065021280585f64060dff62a48bd619f], 
PUP.Optional.Sanbreel.A, C:\Windows\System32\Drivers\{f727685b-ed90-4adc-8eec-8234574a91e6}w64.sys, , [8dc957f2d0ba1224d5d8b08a0005b050], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\icon.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\manifest.json, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\background\init-bg-messaging.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\background\background-options.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\background\background.html, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\background\background.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\background\browser-action.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\background\cache-config.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\background\cookies.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\background\feeds.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\background\fixup-jquery-for-ie.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\background\history.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\background\ie-bg-shim.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\background\lifecycle.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\background\localStorage.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\background\OneTimeCode.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\background\popup.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\background\preference.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\background\rebuttal.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\background\registry.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\background\reporting.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\background\search.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\background\security.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\background\sideByside.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\background\tabs.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\background\utils.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\build.json, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\lang-config.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\tb-config.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\test-widget-config.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\widget-config.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\widget-config.jse, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\chrome-options.html, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\content-script.xul, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\init-tb-stuff.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\new-tab-page.html, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\newtab-overlay.xul, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\newtab-subscript.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\toolbar.html, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\toolbar.xul, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widget-bundled.xul, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widget-hosted.xul, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\css\chrome-options.css, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\css\containers.css, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\css\hp-new-tab.css, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\css\new-tab.css, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\css\searchbox.css, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\css\toolbar.css, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\css\themes\avira\avira.css, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\css\themes\imesh\imesh.css, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\css\themes\mindspark\mindspark.css, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\css\themes\mindspark\new-search-button-mid.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\css\themes\mindspark\new-search-button-sides.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\css\themes\plain\plain.css, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\css\themes\taskbar\taskbar.css, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\css\themes\v5parity\v5parity.css, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\IDR_WEBSTORE_ICON.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\logo\ask_flat_20x.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\logo\logo_128x.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\logo\logo_19x.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\logo\logo_19x_grey.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\logo\logo_24x.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\logo\logo_32x.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\logo\logo_grey_19x.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\logo\toolbar-icons.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\newtab\homepage_logo.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\newtab\thirdparty_icons.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\search\btn_search_ask_taskbar.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\search\logo_cobrand_18px.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\search\logo_cobrand_24px.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\search\new-search-button-mid.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\search\new-search-button-sides.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\search\search-button-mid.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\search\search-button-sides.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\vanilla\badge_1.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\vanilla\badge_10.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\vanilla\badge_10plus.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\vanilla\badge_2.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\vanilla\badge_3.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\vanilla\badge_4.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\vanilla\badge_5.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\vanilla\badge_6.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\vanilla\badge_7.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\vanilla\badge_8.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\vanilla\badge_9.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\vanilla\badge_exclaim.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\vanilla\badge_numbers.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\vanilla\bdg-gradient.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\vanilla\bg.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\vanilla\curved-divider.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\images\vanilla\left-bg.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\imesh-born-star\button.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\imesh-movies\button.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\imesh-movies\movies_128x.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\imesh-movies\movies_19x.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\imesh-movies\movies_24x.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\imesh-movies\movies_32x.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\imesh-movies\movies_grey_19x.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\imesh-reviews\button.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\imesh-trailers\button.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\imesh-video-tools\button.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\imesh-video-tools\free_mp3_cutter_36.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\imesh-video-tools\movies_CD_Burner_36.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\imesh-video-tools\movies_FLV_Converter_36.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\imesh-video-tools\movies_FLV_Player_36.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\imesh-video-tools\movies_Free_MP3_WMA_Convertor_36.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\imesh-video-tools\movies_Free_Video_Converter_36.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\search-box-imesh\images\ask.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\search-box-imesh\images\btn-search.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\toolbar-options_imesh_movie_lvd2-dtx\about.html, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\toolbar-options_imesh_movie_lvd2-dtx\background.html, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\toolbar-options_imesh_movie_lvd2-dtx\preferences.html, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\toolbar-options_imesh_movie_lvd2-dtx\uninstallInfo.html, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\toolbar-options_imesh_movie_lvd2-dtx\css\style.css, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\toolbar-options_imesh_movie_lvd2-dtx\images\button.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\toolbar-options_imesh_movie_lvd2-dtx\images\logo.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\toolbar-options_imesh_movie_lvd2-dtx\images\options-main.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\toolbar-options_imesh_movie_lvd2-dtx\images\options-search.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\toolbar-options_imesh_movie_lvd2-dtx\images\options-widgets.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\toolbar-options_imesh_movie_lvd2-dtx\js\about.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\toolbar-options_imesh_movie_lvd2-dtx\js\background.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\toolbar-options_imesh_movie_lvd2-dtx\js\controller.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\toolbar-options_imesh_movie_lvd2-dtx\js\dateFormat.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\toolbar-options_imesh_movie_lvd2-dtx\js\uninstallInfo.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\toolbar-options_imesh_movie_lvd2-dtx\js\WebkitRegistry.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\config\skin\widgets\toolbar-options_imesh_movie_lvd2-dtx\js\lib\utilities.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\content_script\content-script.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\content_script\injector.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\content_script\inline-html.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\content_script\notify-presence.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\content_script\positioning.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\content_script\toolbar.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\content_script\widget-hosted.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\content_script\widget.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\content_script\hack\facebook.css, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\content_script\hack\relative.css, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\content_script\hack\static.css, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\lib\async-gate.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\lib\browser-shim.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\lib\constant.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\lib\DataStore.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\lib\default-config.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\lib\i18n.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\lib\jquery.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\lib\json.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\lib\logger.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\lib\polyfill.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\lib\protocol.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\lib\state-machine.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\lib\tb-config-update.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\lib\tb-message.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\lib\widget-config-update.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\lib\widget-messaging.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\lib\window-position.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\lib\shims\console.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\tb_ux\chrome-options.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\tb_ux\ieCS.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\tb_ux\IFrameButton.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\tb_ux\init-toolbar.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\tb_ux\new-tab-page.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\tb_ux\rebuttal.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\tb_ux\reel.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\tb_ux\searchbox.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\tb_ux\shimIE.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\tb_ux\SimpleButton.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\tb_ux\toolbar.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\widgets\options\options.css, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\widgets\options\options.html, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\widgets\options\options.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\widgets\options\images\button-blue-1x20.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\widgets\options\images\button-grey-1x26.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\widgets\options\images\button.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\widgets\options\images\icons.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\widgets\options\images\lightblue-1x43.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\widgets\rebuttal\rebuttal.css, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\widgets\rebuttal\rebuttal.html, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\widgets\rebuttal\rebuttal.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\widgets\rebuttal\images\warning.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\widgets\search-suggestion\search-suggestion.css, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\widgets\search-suggestion\search-suggestion.html, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\widgets\search-suggestion\search-suggestion.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\widgets\templates\feed.html, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\widgets\templates\menu.html, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\widgets\templates\css\menu.css, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\widgets\templates\css\images\footer_gradient.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\widgets\templates\css\images\footer_shadow.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\widgets\templates\css\images\image_placeholder.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\widgets\templates\css\images\item-bg.png, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\widgets\templates\js\api.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\widgets\templates\js\feed.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\35.3_0\widgets\templates\js\menu.js, , [97bf10391d6d86b042bf84f6bf44a858], 
PUP.Optional.Datamngr.A, C:\Users\Othmar\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}64, , [1541b29792f8ea4c35603a410ef5eb15], 
PUP.Optional.PriceMeter.A, C:\Users\Othmar\AppData\Roaming\PriceMeterUpdater\UpdateProc\config.dat, , [8acc2227e3a7e056936fb9c3d92a7987], 
PUP.Optional.PriceMeter.A, C:\Users\Othmar\AppData\Roaming\PriceMeterUpdater\UpdateProc\info.dat, , [8acc2227e3a7e056936fb9c3d92a7987], 
PUP.Optional.PriceMeter.A, C:\Users\Othmar\AppData\Roaming\PriceMeterUpdater\UpdateProc\STTL.DAT, , [8acc2227e3a7e056936fb9c3d92a7987], 
PUP.Optional.PriceMeter.A, C:\Users\Othmar\AppData\Roaming\PriceMeterUpdater\UpdateProc\TTL.DAT, , [8acc2227e3a7e056936fb9c3d92a7987], 
PUP.Optional.MoviesToolBar.A, C:\Users\Othmar\AppData\Local\ilividmoviestoolbar181\GC\toolbar.crx, , [f5614405ccbebe78050c780619ea03fd], 
PUP.Optional.MoviesToolbar.A, C:\Users\Othmar\AppData\LocalLow\ilividmoviestoolbar181\apnuserid.dat, , [282ec28794f635014bcf0b7ae1227d83], 
PUP.Optional.MoviesToolbar.A, C:\Users\Othmar\AppData\LocalLow\ilividmoviestoolbar181\appid.dat, , [282ec28794f635014bcf0b7ae1227d83], 
PUP.Optional.MoviesToolbar.A, C:\Users\Othmar\AppData\LocalLow\ilividmoviestoolbar181\dtx.ini, , [282ec28794f635014bcf0b7ae1227d83], 
PUP.Optional.MoviesToolbar.A, C:\Users\Othmar\AppData\LocalLow\ilividmoviestoolbar181\geodata.xml, , [282ec28794f635014bcf0b7ae1227d83], 
PUP.Optional.MoviesToolbar.A, C:\Users\Othmar\AppData\LocalLow\ilividmoviestoolbar181\guid.dat, , [282ec28794f635014bcf0b7ae1227d83], 
PUP.Optional.MoviesToolbar.A, C:\Users\Othmar\AppData\LocalLow\ilividmoviestoolbar181\setupCfg.xml, , [282ec28794f635014bcf0b7ae1227d83], 
PUP.Optional.MoviesToolbar.A, C:\Users\Othmar\AppData\LocalLow\ilividmoviestoolbar181\sysid.dat, , [282ec28794f635014bcf0b7ae1227d83], 
PUP.Optional.MoviesToolbar.A, C:\Users\Othmar\AppData\LocalLow\ilividmoviestoolbar181\trackid.dat, , [282ec28794f635014bcf0b7ae1227d83], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, , [9fb7fc4d7911102677d4cac05aa9b947], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log\ProtectWindowsManager_2014-07-07[20-05-19-409].log, , [d58193b68bffa3936a0608846b987d83], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, , [d58193b68bffa3936a0608846b987d83], 
PUP.Optional.OmigaPlus.A, C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (      "startup_urls": [ "hxxp://isearch.omiga-plus.com/?type=hp&ts=1404756295&from=smt&uid=SanDiskXSDSSDHP256G_134406413856" ],), ,[96c0b89193f761d54b94b381a26441bf]
PUP.Optional.CrossRider.A, C:\Users\Othmar\AppData\Roaming\Mozilla\Firefox\Profiles\pimu1gdx.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "144d6603408d223b0fb6825f4361b21c");), ,[15412326ff8b70c633c70c26808651af]

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

andere folgen in nächstem Post

humi_o · 25.03.2015, 22:32

und weiter geht es:

dann Junkware Removal Tool:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.6 (03.22.2015:1)
OS: Windows 8 Pro x64
Ran by Othmar on 24.03.2015 at 17:18:08,27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] datamngrcoordinator 
Successfully deleted: [Service] datamngrcoordinator 
Successfully stopped: [Service] iepluginservices 
Successfully deleted: [Service] iepluginservices 



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ResultsAlpha_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ResultsAlpha_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateResultsAlpha_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateResultsAlpha_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilResultsAlpha_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilResultsAlpha_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ResultsAlpha_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ResultsAlpha_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateResultsAlpha_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateResultsAlpha_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilResultsAlpha_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilResultsAlpha_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}



~~~ Files

Successfully deleted: [File] "C:\Users\Othmar\appdata\local\google\chrome\user data\default\local storage\http_www.buenosearch.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Othmar\appdata\local\google\chrome\user data\default\local storage\http_www.buenosearch.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\Othmar\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Othmar\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\Greautsaving
Successfully deleted: [Folder] "C:\ProgramData\datamngr"
Successfully deleted: [Folder] "C:\ProgramData\iepluginservices"
Successfully deleted: [Folder] "C:\ProgramData\simplitec"
Successfully deleted: [Folder] "C:\ProgramData\wincert"
Successfully deleted: [Folder] "C:\ProgramData\windowsmangerprotect"
Successfully deleted: [Folder] "C:\Users\Othmar\AppData\Roaming\simplitec"
Successfully deleted: [Folder] "C:\Users\Othmar\appdata\local\downloadguide"
Successfully deleted: [Folder] "C:\Users\Othmar\appdata\local\ilivid"
Successfully deleted: [Folder] "C:\Users\Othmar\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Program Files (x86)\suptab"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted the following from C:\Users\Othmar\AppData\Roaming\mozilla\firefox\profiles\pimu1gdx.default\prefs.js

user_pref("extensions.crossrider.bic", "144d6603408d223b0fb6825f4361b21c");
user_pref("extensions.dqVCIsqYLq.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\"



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Othmar\appdata\local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.03.2015 at 17:20:40,60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

und nochmal FRST und Addition:
FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Othmar (administrator) on HUMITSCH on 24-03-2015 17:25:31
Running from C:\Users\Othmar\Desktop
Loaded Profiles: Othmar & NeroMediaHomeUser.4 (Available profiles: Othmar & NeroMediaHomeUser.4)
Platform: Windows 8 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
() C:\Users\Othmar\AppData\Local\Viber\Viber.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
() C:\Program Files (x86)\TV IR\shutTask.exe
() C:\Program Files (x86)\TV IR\TV IR.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM-x32\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Nero MediaHome 4] => C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [5179880 2012-12-20] (Nero AG)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-28] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [TVPro Control] => C:\Program Files (x86)\TV IR\TV IR.EXE [1454592 2012-04-26] ()
HKLM-x32\...\Run: [TVPro Task] => C:\Program Files (x86)\TV IR\shutTask.exe [221696 2012-04-16] ()
HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\Run: [iLivid] => "C:\Users\Othmar\AppData\Local\iLivid\iLivid.exe" -autorun
HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\Run: [PriceMeterW] => "C:\Users\Othmar\AppData\Local\PriceMeter\pricemeterw.exe"
HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\Run: [Nero MediaHome 4] => C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [5179880 2012-12-20] (Nero AG)
HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\Run: [Viber] => C:\Users\Othmar\AppData\Local\Viber\Viber.exe [936656 2014-07-24] ()
HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\MountPoints2: {6f11f9e6-8ce8-11e3-be6a-806e6f6e6963} - "H:\setup.exe" 
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 9.3 PE.lnk
ShortcutTarget: PHOTOfunSTUDIO 9.3 PE.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll <===== ATTENTION
HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll <===== ATTENTION
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1404756295&from=smt&uid=SanDiskXSDSSDHP256G_134406413856&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1404756295&from=smt&uid=SanDiskXSDSSDHP256G_134406413856&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1404756295&from=smt&uid=SanDiskXSDSSDHP256G_134406413856&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1404756295&from=smt&uid=SanDiskXSDSSDHP256G_134406413856&q={searchTerms}
HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.at.msn.com/
URLSearchHook: [S-1-5-21-2717880484-1776808505-1316206091-1004] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=343&systemid=406&v=n11551-275&apn_uid=0092000244144237&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2717880484-1776808505-1316206091-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2717880484-1776808505-1316206091-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-01-18] (IvoSoft)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2014-08-26] (Sun Microsystems, Inc.)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
DPF: HKLM-x32 {5852F5ED-8BF4-11D4-A245-0080C6F74284} hxxp://javadl-esd.oracle.com/update/1.6.0/jinstall-6u20-windows-i586.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1404756295&from=smt&uid=SanDiskXSDSSDHP256G_134406413856

FireFox:
========
FF ProfilePath: C:\Users\Othmar\AppData\Roaming\Mozilla\Firefox\Profiles\pimu1gdx.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-26] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-01-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-26] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-07-17] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-09-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-06-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-06-21] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2014-08-26] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-09-25] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Othmar\AppData\Roaming\Mozilla\Firefox\Profiles\pimu1gdx.default\searchplugins\google-images.xml [2014-12-21]
FF SearchPlugin: C:\Users\Othmar\AppData\Roaming\Mozilla\Firefox\Profiles\pimu1gdx.default\searchplugins\google-maps.xml [2014-12-21]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Othmar\AppData\Roaming\Mozilla\Firefox\Profiles\pimu1gdx.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2014-12-21]
FF Extension: Adblock Plus - C:\Users\Othmar\AppData\Roaming\Mozilla\Firefox\Profiles\pimu1gdx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-21]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-24]
FF HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (2cloud) - C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkelgkihphkegiaagbcgglfidabmgkgp [2014-07-28]
CHR Extension: (Skype Click to Call) - C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-09-11]
CHR Extension: (Google Wallet) - C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-06-10] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NeroMediaHomeService.4; C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe [518632 2012-12-20] (Nero AG)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R0 asahci64; C:\Windows\System32\drivers\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [215040 2013-09-24] (Advanced Micro Devices)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-03-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 smsbda; C:\Windows\system32\drivers\smsbda.sys [56960 2011-03-06] (Siano)
R1 {f727685b-ed90-4adc-8eec-8234574a91e6}w64; C:\Windows\System32\drivers\{f727685b-ed90-4adc-8eec-8234574a91e6}w64.sys [61120 2014-04-24] (StdLib)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-24 17:22 - 2015-03-24 17:22 - 00006623 _____ () C:\Users\Othmar\Downloads\JRT.txt
2015-03-24 17:20 - 2015-03-24 17:20 - 00006623 _____ () C:\Users\Othmar\Desktop\JRT.txt
2015-03-24 17:17 - 2015-03-24 17:17 - 01388782 _____ (Thisisu) C:\Users\Othmar\Downloads\JRT.exe
2015-03-24 17:13 - 2015-03-24 17:13 - 00066714 _____ () C:\Users\Othmar\Downloads\mbam.txt
2015-03-24 16:58 - 2015-03-24 16:58 - 00001001 _____ () C:\Users\Othmar\Desktop\AdwCleaner[R0] - Verknüpfung.lnk
2015-03-24 16:53 - 2015-03-24 16:54 - 00000000 ____D () C:\AdwCleaner
2015-03-24 16:53 - 2015-03-24 16:53 - 02168320 _____ () C:\Users\Othmar\Downloads\AdwCleaner_4.113.exe
2015-03-24 09:51 - 2015-03-24 09:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-22 13:15 - 2015-03-24 17:03 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-22 13:14 - 2015-03-24 17:02 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-22 13:14 - 2015-03-24 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-22 13:14 - 2015-03-24 17:02 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-22 13:14 - 2015-03-22 13:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-22 13:14 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-22 13:14 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-22 13:14 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-22 13:13 - 2015-03-22 13:14 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Othmar\Desktop\mbam-setup-2.1.4.1018.exe
2015-03-22 13:12 - 2015-03-23 19:02 - 00035665 _____ () C:\Users\Othmar\Desktop\Addition.txt
2015-03-22 13:11 - 2015-03-24 17:25 - 00020463 _____ () C:\Users\Othmar\Desktop\FRST.txt
2015-03-22 13:11 - 2015-03-24 17:25 - 00000000 ____D () C:\FRST
2015-03-22 13:11 - 2015-03-22 13:11 - 02095616 _____ (Farbar) C:\Users\Othmar\Desktop\FRST64.exe
2015-03-22 09:16 - 2015-03-22 09:16 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-11 08:59 - 2015-03-11 08:59 - 00000000 ____D () C:\Users\Othmar\AppData\Local\LizardTech
2015-03-11 08:58 - 2015-02-23 11:52 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 08:58 - 2015-02-23 11:52 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 08:58 - 2015-02-23 11:51 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 08:58 - 2015-02-23 11:51 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2015-03-11 08:58 - 2015-02-23 11:51 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 08:58 - 2015-02-23 11:51 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 08:58 - 2015-02-23 11:51 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 19301888 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 15410688 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 02656256 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 08:58 - 2015-02-23 11:49 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 08:58 - 2015-02-23 10:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 08:58 - 2015-02-23 10:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2015-03-11 08:58 - 2015-02-23 09:51 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-11 08:58 - 2015-02-21 06:31 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 08:58 - 2015-02-21 06:31 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 08:58 - 2015-02-21 06:31 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 08:58 - 2015-02-21 06:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 14380544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 13768704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 08:58 - 2015-02-21 06:29 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 08:58 - 2015-02-21 06:29 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 08:58 - 2015-02-21 06:29 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 08:58 - 2015-02-21 06:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 08:58 - 2015-02-21 06:07 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2015-03-11 08:58 - 2015-02-21 05:42 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-03-11 08:58 - 2015-02-21 04:00 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2015-03-11 08:57 - 2015-03-06 08:39 - 00588800 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-03-11 08:57 - 2015-03-06 08:39 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 08:57 - 2015-03-06 06:48 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-03-11 08:57 - 2015-03-06 06:48 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 08:57 - 2015-02-26 05:35 - 04063232 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 08:57 - 2015-02-03 00:18 - 00569712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 08:57 - 2015-01-24 07:42 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 08:57 - 2015-01-24 06:00 - 00243712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 08:53 - 2015-02-20 14:59 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 08:53 - 2015-02-20 12:56 - 00366592 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 08:53 - 2015-02-20 09:10 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 08:53 - 2015-02-20 08:24 - 00304128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 08:53 - 2015-01-31 14:48 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-03-11 08:53 - 2015-01-31 06:55 - 00275712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-03-11 08:52 - 2015-01-29 09:45 - 06973248 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 08:52 - 2015-01-29 09:05 - 01627648 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 08:52 - 2015-01-29 07:19 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 08:52 - 2015-01-20 07:41 - 01120256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 08:52 - 2015-01-20 06:10 - 00892416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 08:48 - 2014-04-16 19:20 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-03-11 08:48 - 2014-04-16 19:20 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-03-11 08:46 - 2015-02-17 07:54 - 19777536 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 08:46 - 2015-02-17 06:13 - 17561600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 08:46 - 2015-01-24 07:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 08:46 - 2015-01-24 06:00 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 08:46 - 2015-01-24 05:31 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 08:45 - 2015-02-13 00:18 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-03-11 08:42 - 2015-03-11 08:42 - 00001034 _____ () C:\Users\Othmar\Desktop\GeoViewer.lnk
2015-03-11 08:42 - 2015-03-11 08:42 - 00000000 ____D () C:\Users\Othmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LizardTech
2015-03-11 08:42 - 2015-03-11 08:42 - 00000000 ____D () C:\Users\Othmar\AppData\Roaming\LizardTech
2015-03-11 08:42 - 2015-03-11 08:42 - 00000000 ____D () C:\Users\Othmar\AppData\Roaming\InstallShield Installation Information
2015-03-11 08:42 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-03-11 08:42 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-03-11 08:42 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-03-11 08:42 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-03-11 08:42 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-03-04 07:42 - 2015-03-04 07:42 - 00001894 _____ () C:\Users\Othmar\Desktop\IrfanView Thumbnails.lnk
2015-02-28 21:45 - 2015-03-04 22:24 - 00791496 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-28 21:45 - 2015-03-04 22:24 - 00177608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-26 20:11 - 2014-12-18 09:51 - 00096576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2015-02-26 20:11 - 2014-12-18 07:52 - 00889344 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-02-26 20:11 - 2014-12-18 07:51 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-02-26 20:11 - 2014-12-18 07:50 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-02-26 20:11 - 2014-12-18 07:20 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-02-26 20:11 - 2014-12-06 08:53 - 00458240 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-02-26 20:11 - 2014-12-06 08:53 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-02-26 20:11 - 2014-12-06 08:51 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-02-26 20:11 - 2014-12-06 08:51 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-02-26 20:11 - 2014-12-06 08:50 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-02-26 20:11 - 2014-12-06 07:10 - 00355840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-02-26 20:11 - 2014-12-06 07:10 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-02-26 20:11 - 2014-12-06 07:09 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-02-26 20:10 - 2015-01-29 09:30 - 00593408 _____ (Microsoft Corporation) C:\Windows\system32\AutoUpdate.exe
2015-02-26 20:10 - 2015-01-29 09:30 - 00467952 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2015-02-26 20:10 - 2015-01-29 09:30 - 00011056 _____ () C:\Windows\system32\AutoconfigV2.cab
2015-02-26 20:10 - 2015-01-29 09:05 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-02-26 20:10 - 2015-01-29 09:05 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-02-26 20:10 - 2015-01-29 07:19 - 00568832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-02-26 20:10 - 2015-01-29 07:19 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-02-26 20:10 - 2015-01-15 12:44 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2015-02-26 20:10 - 2015-01-15 12:43 - 01282560 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-26 20:10 - 2015-01-15 11:00 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2015-02-26 20:10 - 2015-01-15 10:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-26 20:10 - 2015-01-15 10:09 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-26 20:10 - 2014-12-11 07:51 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-02-26 20:10 - 2014-11-15 07:06 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-02-26 20:10 - 2014-11-15 06:13 - 03286016 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-02-26 20:10 - 2014-11-15 06:13 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-02-26 20:10 - 2014-11-15 06:13 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-02-26 20:10 - 2014-11-15 06:13 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-02-26 20:10 - 2014-11-15 06:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-02-26 20:10 - 2014-11-15 06:13 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-02-26 20:10 - 2014-11-15 06:13 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-02-26 20:10 - 2014-11-15 06:12 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-02-26 20:10 - 2014-11-15 04:54 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-02-26 20:10 - 2014-11-15 04:53 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-02-26 20:10 - 2014-11-15 04:53 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-02-26 20:10 - 2014-11-15 04:53 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-02-26 20:10 - 2014-11-05 07:40 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-02-26 20:10 - 2014-11-05 07:39 - 01024512 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-02-26 20:10 - 2014-11-01 07:28 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-02-26 20:10 - 2014-10-29 15:21 - 00499008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2015-02-26 20:09 - 2014-12-19 07:48 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-02-26 20:09 - 2014-12-08 07:48 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-26 20:09 - 2014-12-08 06:04 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-26 20:09 - 2014-12-06 08:52 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-02-26 20:09 - 2014-12-06 08:52 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-26 20:09 - 2014-12-06 08:52 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-02-26 20:09 - 2014-12-06 07:09 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-02-26 20:08 - 2014-12-19 05:35 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-26 20:08 - 2014-11-26 07:43 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-26 20:08 - 2014-11-26 05:50 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-26 19:55 - 2015-01-09 07:43 - 00951808 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-02-26 19:55 - 2015-01-09 06:03 - 00601088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-02-26 19:55 - 2015-01-09 00:52 - 00478296 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-26 19:55 - 2015-01-09 00:52 - 00478296 _____ () C:\Windows\system32\locale.nls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-24 17:23 - 2014-02-03 16:41 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2717880484-1776808505-1316206091-1001
2015-03-24 17:17 - 2014-02-03 16:36 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-24 17:11 - 2014-03-23 22:11 - 00000314 _____ () C:\Windows\Tasks\PriceMeterUpdater.job
2015-03-24 17:10 - 2014-02-03 16:35 - 01280537 _____ () C:\Windows\WindowsUpdate.log
2015-03-24 17:03 - 2014-04-16 08:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-24 17:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2015-03-24 16:57 - 2014-05-24 13:36 - 00141824 ___SH () C:\Users\Othmar\Downloads\Thumbs.db
2015-03-24 12:18 - 2014-03-17 19:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-24 07:34 - 2014-02-03 16:40 - 00000000 ____D () C:\Users\Othmar\AppData\Roaming\ClassicShell
2015-03-24 07:30 - 2014-09-29 16:26 - 00000000 ____D () C:\Users\Othmar\AppData\Roaming\ViberPC
2015-03-24 07:30 - 2014-09-29 16:25 - 00000000 ____D () C:\Users\Othmar\AppData\Local\Viber
2015-03-24 07:30 - 2014-02-03 16:36 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-22 17:46 - 2014-04-16 08:19 - 00000072 _____ () C:\Users\Public\LMDebug.log
2015-03-22 11:14 - 2014-03-17 20:07 - 00000000 ____D () C:\Users\Othmar\AppData\Roaming\Security System 2
2015-03-22 11:14 - 2014-02-03 16:35 - 00000000 ____D () C:\Users\Othmar
2015-03-22 08:16 - 2014-03-31 19:12 - 00000143 _____ () C:\Users\Othmar\AppData\Roaming\WB.CFG
2015-03-22 08:06 - 2012-07-26 11:27 - 00751892 _____ () C:\Windows\system32\perfh007.dat
2015-03-22 08:06 - 2012-07-26 11:27 - 00155620 _____ () C:\Windows\system32\perfc007.dat
2015-03-22 08:06 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-13 14:51 - 2014-03-03 09:28 - 00000000 ____D () C:\Users\Othmar\AppData\Roaming\vlc
2015-03-13 09:31 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2015-03-13 08:01 - 2013-02-16 13:23 - 00034226 _____ () C:\Windows\PFRO.log
2015-03-13 08:01 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-12 18:29 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ToastData
2015-03-12 18:29 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 18:29 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 18:29 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2015-03-12 18:29 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-03-12 18:29 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-12 18:29 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-12 18:29 - 2012-07-26 06:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-03-12 08:27 - 2014-02-03 16:35 - 00000000 ____D () C:\Users\Othmar\AppData\Local\Packages
2015-03-11 10:56 - 2014-02-04 11:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-11 10:56 - 2014-02-03 17:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 10:56 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-03-11 10:50 - 2014-03-06 11:43 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 10:50 - 2012-07-26 06:26 - 00000269 _____ () C:\Windows\win.ini
2015-03-11 10:48 - 2013-02-16 13:59 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 08:42 - 2014-03-21 18:45 - 00037812 _____ () C:\Windows\DirectX.log
2015-03-10 14:22 - 2014-03-21 18:45 - 00000000 ____D () C:\Program Files (x86)\HappyFoto-Designer
2015-03-09 19:19 - 2014-09-10 07:11 - 00000000 ____D () C:\Users\Othmar\AppData\Roaming\Skype
2015-03-04 07:42 - 2014-03-18 19:16 - 00001006 _____ () C:\Users\Othmar\Desktop\IrfanView.lnk
2015-03-04 07:42 - 2014-03-18 19:16 - 00000000 ____D () C:\Users\Othmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2015-03-04 07:42 - 2014-03-18 19:16 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2015-03-03 14:17 - 2013-02-16 13:53 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-28 03:00 - 2014-02-03 16:48 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-26 20:03 - 2014-04-16 08:13 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

==================== Files in the root of some directories =======

2014-03-31 19:12 - 2015-03-22 08:16 - 0000143 _____ () C:\Users\Othmar\AppData\Roaming\WB.CFG
2014-07-15 17:34 - 2014-12-22 15:58 - 0008704 _____ () C:\Users\Othmar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-02 14:18 - 2014-11-02 14:18 - 0001555 _____ () C:\Users\Othmar\AppData\Local\recently-used.xbel

Files to move or delete:
====================
C:\Users\Othmar\FreemakeVideoConverterSetup.exe
C:\Users\Othmar\HappyFoto-Bestellassistent.exe
C:\Users\Othmar\HappyFoto-Designer.exe
C:\Users\Othmar\udc.exe


Some content of TEMP:
====================
C:\Users\Othmar\AppData\Local\Temp\13-12_win7_win8_64_dd_ccc_whql.exe
C:\Users\Othmar\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\Othmar\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Othmar\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Othmar\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Othmar\AppData\Local\Temp\FreemakeVideoConverterFull.exe
C:\Users\Othmar\AppData\Local\Temp\hcwclear.exe
C:\Users\Othmar\AppData\Local\Temp\Manuals.exe
C:\Users\Othmar\AppData\Local\Temp\ose00002.exe
C:\Users\Othmar\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Othmar\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Othmar\AppData\Local\Temp\_is30AE.exe
C:\Users\Othmar\AppData\Local\Temp\~convert3240405483724834158.exe
C:\Users\Othmar\AppData\Local\Temp\~convert3888342811581094103.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-23 20:02

==================== End Of Log ============================

--- --- ---

Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Othmar at 2015-03-24 17:25:49
Running from C:\Users\Othmar\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\uTorrent) (Version: 3.3.2.30488 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ACDSee Foto-Editor (HKLM-x32\...\{53AD87D3-72AE-4D07-8A7A-1F4D54E83777}) (Version: 4.00.208 - ACD Systems Ltd.)
ACDSee Free (HKLM-x32\...\ACDSee Free) (Version: 1.0.18 - ACD Systems International Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
ArcSoft TotalMedia 3.5 (HKLM-x32\...\{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}) (Version: 3.5.7.377 - ArcSoft)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - )
CyberViewX (HKLM-x32\...\{D20A621F-5933-4185-922D-51D187670690}) (Version: 5.16.25 - CyberViewX)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Freemake Video Converter Version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HappyFoto - Bestellassistent (HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\HappyFoto - Bestellassistent) (Version:  - HAPPY - FOTO GmbH / ©2014 Aberger Software GmbH)
HappyFoto-Designer 5.2 (HKLM-x32\...\HappyFoto-Designer_is1) (Version:  - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LizardTech GeoViewer 9.0 (HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\{CEEF6E28-ED9B-41C9-973A-82B07E449A53}) (Version: 9.0 - LizardTech)
LoiLoScope Herunterladen (HKLM-x32\...\{C2A254F4-AC74-482F-8F09-DB2843AC2AAE}_is1) (Version: 2.0 - LoiLo inc)
MAGIX Fotos auf DVD 2014 Deluxe (HKLM-x32\...\MX.{C2A5A580-75AF-4021-AA42-F3076434BF80}) (Version: 13.0.0.84 - MAGIX AG)
MAGIX Fotos auf DVD 2014 Deluxe (Version: 13.0.0.84 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{3F70AA2A-CAE4-4898-BBFB-C34165A85DF7}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 Plus (HKLM-x32\...\MX.{9E2FEB28-7407-4009-9DC4-203EF2EF6BB7}) (Version: 13.0.0.28 - MAGIX AG)
MAGIX Video deluxe 2014 Plus (Version: 13.0.0.28 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
MD86351 driver install (HKLM-x32\...\InstallShield_{2320D419-1E49-4FF9-B0D5-4BEDAD3B7724}) (Version: 6.3.6.1 - MEDION AG)
MD86351 driver install (x32 Version: 6.3.6.1 - MEDION AG) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM\...\{90150000-001F-0407-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office ScreenTip Language 2013 - Deutsch (HKLM\...\{90150000-00BD-0407-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero MediaHome 4 Essentials (HKLM-x32\...\{78cff10e-90c4-4454-bb95-17837ff57043}) (Version:  - Nero AG)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PHOTOfunSTUDIO 9.3 PE (HKLM-x32\...\{E33B3B6C-5712-4A39-B30D-1391918D920D}) (Version: 9.03.703 - Panasonic Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.02.00 - Samsung Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SlimDX Runtime .NET 4.0 x64 (January 2012) (HKLM\...\{A2199A06-89C4-4187-AA4A-3A9676FB799D}) (Version: 2.0.13.43 - SlimDX Group)
TV IR (HKLM-x32\...\{C1FD1627-2EAF-48CB-A333-42D39BCB096D}) (Version: 2.4 - MEDION AG)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Viber (HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\Viber) (Version: 3.0.0.134678 - Viber Media Inc)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2717880484-1776808505-1316206091-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Othmar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2717880484-1776808505-1316206091-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Othmar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2717880484-1776808505-1316206091-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Othmar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2717880484-1776808505-1316206091-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Othmar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2717880484-1776808505-1316206091-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Othmar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

07-03-2015 08:34:03 Geplanter Prüfpunkt
11-03-2015 08:41:56 Installed SlimDX Runtime .NET 4.0 x64 (January 2012)
22-03-2015 07:43:03 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {11AA2F56-21E5-45F5-A1FF-E7A33215120F} - System32\Tasks\Othmar1 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe
Task: {1D861D4F-86CE-4817-A37F-E89CBE75FEFC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {4A90F9F6-2EFE-4B03-9675-7148E01E94D6} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe
Task: {50911FCF-12A4-4B4C-BE22-D32C3FEC273F} - System32\Tasks\Windows Defender Update => C:\Program Files\Windows Defender\MpCmdRun.exe [2015-01-31] (Microsoft Corporation)
Task: {54AFC8F0-1A18-476D-860B-94D997572C29} - System32\Tasks\Othmar Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe
Task: {620B6C9C-FF41-414B-A06F-164BA7E57229} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {68A09A3F-6762-4B48-9D87-23934BF317A7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-11] (Microsoft Corporation)
Task: {7185F71C-F70F-4550-90F5-216E1A717B76} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-03] (Google Inc.)
Task: {7925C416-76D5-4D01-AAB3-208FE7530087} - System32\Tasks\Othmar DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
Task: {9BF38F38-ECFC-4ED8-BA33-B59E329FE313} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-26] (Adobe Systems Incorporated)
Task: {9E5CE3F1-E1CA-42AB-B023-D6695553EA35} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {AB9D6AB4-7293-48F4-8AC0-24CF3C494D2D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {C79F84D6-6583-457D-B868-AD22B439C5E5} - System32\Tasks\Othmar => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe
Task: {E14154F9-5233-48CE-AD58-E97BE356232D} - System32\Tasks\PriceMeterUpdater => C:\Users\Othmar\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {F3E8D904-1DC3-4D13-888A-2C9268B9E046} - \AutoKMS No Task File <==== ATTENTION
Task: {F3F2AE8E-0802-4CA4-AAC7-231D2730CA81} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-03] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PriceMeterUpdater.job => C:\Users\Othmar\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2014-04-16 08:17 - 2011-04-11 06:26 - 00034304 _____ () C:\Windows\System32\spe__l.dll
2014-04-16 08:17 - 2013-03-18 15:16 - 01353728 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\spe__du.dll
2014-03-03 08:25 - 2014-03-03 08:26 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2014-09-29 16:26 - 2014-07-24 18:40 - 00936656 _____ () C:\Users\Othmar\AppData\Local\Viber\Viber.exe
2014-01-10 06:26 - 2014-01-10 06:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-09-02 09:54 - 2012-04-16 21:25 - 00221696 _____ () C:\Program Files (x86)\TV IR\shutTask.exe
2014-09-02 09:54 - 2012-04-26 16:20 - 01454592 _____ () C:\Program Files (x86)\TV IR\TV IR.exe
2014-09-02 09:54 - 2010-07-07 17:21 - 02097152 _____ () C:\Program Files (x86)\TV IR\RmCard.dll
2015-01-21 15:01 - 2015-01-21 15:01 - 08898728 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 49471488 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\libViber.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00770048 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\libGLESv2.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00106496 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\qfacebook.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00172032 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\exif.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00049152 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\libEGL.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00876544 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\platforms\qwindows.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00024576 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\imageformats\qgif.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00024576 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\imageformats\qico.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00204800 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\imageformats\qjpeg.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00221184 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\imageformats\qmng.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00016384 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\imageformats\qsvg.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00016384 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\imageformats\qtga.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00311296 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\imageformats\qtiff.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00016384 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\imageformats\qwbmp.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00638976 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\sqldrivers\qsqlite.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00032768 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\iconengines\qsvgicon.dll
2014-09-02 09:52 - 2007-04-19 08:33 - 00035584 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uPiApi.dll
2014-01-10 06:28 - 2014-01-10 06:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-09-02 09:52 - 2007-04-19 08:39 - 00436992 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\fpxlib.dll
2014-09-02 09:52 - 2007-04-19 08:30 - 00039680 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\MMShellHook.dll
2014-09-02 09:52 - 2004-11-12 10:40 - 00032768 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uDx_SlideShowRes.dll
2014-09-02 09:52 - 2008-03-25 10:26 - 00081920 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\iEPGClub.dll
2014-09-02 09:52 - 2006-03-31 10:04 - 01064960 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\dlcllib.dll
2014-09-02 09:52 - 2010-10-15 16:01 - 00073728 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\ComOSD.dll
2015-01-21 15:01 - 2015-01-21 15:01 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Othmar\Downloads\Einladung.eml:OECustomProperty
AlternateDataStreams: C:\Users\Othmar\Downloads\Reiseplan – detailliert Reisedatum_ Dienstag, 13. Januar 2015(1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Othmar\Downloads\Reiseplan – detailliert Reisedatum_ Dienstag, 13. Januar 2015(2).eml:OECustomProperty
AlternateDataStreams: C:\Users\Othmar\Downloads\Reiseplan – detailliert Reisedatum_ Dienstag, 13. Januar 2015.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\Control Panel\Desktop\\Wallpaper -> L:\humi\reisen ab 2014\chile Patagonien 2015\_bilder patagonien 2015 best\P1030927.JPG
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2717880484-1776808505-1316206091-500 - Administrator - Disabled)
Gast (S-1-5-21-2717880484-1776808505-1316206091-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2717880484-1776808505-1316206091-1003 - Limited - Enabled)
NeroMediaHomeUser.4 (S-1-5-21-2717880484-1776808505-1316206091-1004 - Limited - Enabled) => C:\Users\NeroMediaHomeUser.4
Othmar (S-1-5-21-2717880484-1776808505-1316206091-1001 - Administrator - Enabled) => C:\Users\Othmar

==================== Faulty Device Manager Devices =============

Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 38%
Total physical RAM: 8136.96 MB
Available physical RAM: 5022.02 MB
Total Pagefile: 9352.96 MB
Available Pagefile: 5392.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.47 GB) (Free:148.04 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (System-reserviert) (Fixed) (Total:0.34 GB) (Free:0.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive l: (Volume) (Fixed) (Total:1862.67 GB) (Free:542.65 GB) NTFS
Drive m: (m) (Fixed) (Total:1863.01 GB) (Free:670.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 114019AF)
Partition 1: (Active) - (Size=238.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: DF3B428C)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 114019A3)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Vielen Dank für Eure Hilfe!

M-K-D-B · 26.03.2015, 15:20

Servus,

Zitat:

# Option : Suchlauf

du hast die Funde von AdwCleaner nicht entfernen lassen....

Nachdem der Suchlauf bei AdwCleaner abgeschlossen ist, musst du auch auf Löschen drücken... lies dir bitte die Anleitung nochmal genau durch...

AdwCleaner wiederholen, danach nochmal FRST wie beschrieben bitte... alle drei Logdateien posten.

humi_o · 29.03.2015, 00:05

danke....
das headbang smiley trifft zu!

also nochmal AdwClean laufen gelassen, diesmal mit löschen
log:

Code:

ATTFilter

# AdwCleaner v4.113 - Bericht erstellt 28/03/2015 um 13:31:53
# Aktualisiert 22/03/2015 von Xplode
# Datenbank : 2015-03-27.1 [Server]
# Betriebssystem : Windows 8 Pro  (x64)
# Benutzername : Othmar - HUMITSCH
# Gestarted von : C:\Users\Othmar\Downloads\AdwCleaner_4.113.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v10.0.9200.17267


-\\ Mozilla Firefox v36.0.4 (x86 de)


-\\ Google Chrome v36.0.1985.125


*************************

AdwCleaner[R0].txt - [15724 Bytes] - [24/03/2015 16:53:36]
AdwCleaner[R1].txt - [11276 Bytes] - [28/03/2015 13:15:58]
AdwCleaner[R2].txt - [988 Bytes] - [28/03/2015 13:30:37]
AdwCleaner[S0].txt - [9733 Bytes] - [28/03/2015 13:17:37]
AdwCleaner[S1].txt - [911 Bytes] - [28/03/2015 13:31:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [969  Bytes] ##########

und nochmal frisch FRST:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Othmar (administrator) on HUMITSCH on 28-03-2015 14:20:52
Running from C:\Users\Othmar\Desktop
Loaded Profiles: Othmar & NeroMediaHomeUser.4 (Available profiles: Othmar & NeroMediaHomeUser.4)
Platform: Windows 8 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
() C:\Users\Othmar\AppData\Local\Viber\Viber.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\TV IR\shutTask.exe
() C:\Program Files (x86)\TV IR\TV IR.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM-x32\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Nero MediaHome 4] => C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [5179880 2012-12-20] (Nero AG)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-28] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [TVPro Control] => C:\Program Files (x86)\TV IR\TV IR.EXE [1454592 2012-04-26] ()
HKLM-x32\...\Run: [TVPro Task] => C:\Program Files (x86)\TV IR\shutTask.exe [221696 2012-04-16] ()
HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\Run: [Nero MediaHome 4] => C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [5179880 2012-12-20] (Nero AG)
HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\Run: [Viber] => C:\Users\Othmar\AppData\Local\Viber\Viber.exe [936656 2014-07-24] ()
HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\MountPoints2: {6f11f9e6-8ce8-11e3-be6a-806e6f6e6963} - "H:\setup.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 9.3 PE.lnk
ShortcutTarget: PHOTOfunSTUDIO 9.3 PE.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.at.msn.com/
URLSearchHook: [S-1-5-21-2717880484-1776808505-1316206091-1004] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2717880484-1776808505-1316206091-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-01-18] (IvoSoft)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2014-08-26] (Sun Microsystems, Inc.)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
DPF: HKLM-x32 {5852F5ED-8BF4-11D4-A245-0080C6F74284} hxxp://javadl-esd.oracle.com/update/1.6.0/jinstall-6u20-windows-i586.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Othmar\AppData\Roaming\Mozilla\Firefox\Profiles\pimu1gdx.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-26] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-01-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-26] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-07-17] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-09-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-06-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-06-21] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2014-08-26] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-09-25] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Othmar\AppData\Roaming\Mozilla\Firefox\Profiles\pimu1gdx.default\searchplugins\google-images.xml [2014-12-21]
FF SearchPlugin: C:\Users\Othmar\AppData\Roaming\Mozilla\Firefox\Profiles\pimu1gdx.default\searchplugins\google-maps.xml [2014-12-21]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Othmar\AppData\Roaming\Mozilla\Firefox\Profiles\pimu1gdx.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2014-12-21]
FF Extension: Adblock Plus - C:\Users\Othmar\AppData\Roaming\Mozilla\Firefox\Profiles\pimu1gdx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-21]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-24]
FF HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Skype Click to Call) - C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-09-11]
CHR Extension: (Google Wallet) - C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-06-10] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NeroMediaHomeService.4; C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe [518632 2012-12-20] (Nero AG)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R0 asahci64; C:\Windows\System32\drivers\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [215040 2013-09-24] (Advanced Micro Devices)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-03-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 smsbda; C:\Windows\system32\drivers\smsbda.sys [56960 2011-03-06] (Siano)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 14:18 - 2015-03-28 14:18 - 00000617 _____ () C:\Users\Othmar\Desktop\JRT.txt
2015-03-28 13:54 - 2015-03-28 07:20 - 01389240 _____ (Thisisu) C:\Users\Othmar\Desktop\JRT_NEW.exe
2015-03-28 13:47 - 2015-03-28 13:47 - 00001125 _____ () C:\Users\Othmar\Desktop\mbam - Verknüpfung.lnk
2015-03-28 13:36 - 2015-03-28 13:36 - 00001001 _____ () C:\Users\Othmar\Desktop\AdwCleaner[S1] - Verknüpfung.lnk
2015-03-27 16:34 - 2015-03-27 16:34 - 00003043 _____ () C:\Users\Othmar\Desktop\MetaEditor.lnk
2015-03-27 16:34 - 2015-03-27 16:34 - 00000000 ____D () C:\Users\Othmar\AppData\Local\kiwi.software.NET
2015-03-27 16:32 - 2015-03-27 16:32 - 00000000 ____D () C:\Users\Othmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\kiwi.software.NET
2015-03-27 16:32 - 2015-03-27 16:32 - 00000000 ____D () C:\Program Files (x86)\kiwi.software.NET
2015-03-26 16:19 - 2015-03-26 16:19 - 00000000 ____D () C:\Users\Othmar\Documents\Neuer Ordner
2015-03-26 13:01 - 2015-03-26 13:01 - 00544128 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-25 14:08 - 2015-03-04 08:26 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\AutoUpdate.exe
2015-03-25 14:08 - 2015-03-04 08:26 - 00467952 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2015-03-25 14:08 - 2015-03-04 08:26 - 00011105 _____ () C:\Windows\system32\AutoconfigV2.cab
2015-03-25 14:08 - 2015-03-04 07:41 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-03-25 14:08 - 2015-03-04 07:41 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-25 14:08 - 2015-03-04 05:53 - 00568832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-03-25 14:08 - 2015-03-04 05:53 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-24 17:28 - 2015-03-24 17:28 - 00015872 ___SH () C:\Users\Othmar\Desktop\Thumbs.db
2015-03-24 17:22 - 2015-03-24 17:22 - 00006623 _____ () C:\Users\Othmar\Downloads\JRT.txt
2015-03-24 17:17 - 2015-03-24 17:17 - 01388782 _____ (Thisisu) C:\Users\Othmar\Downloads\JRT.exe
2015-03-24 17:13 - 2015-03-28 13:46 - 00002643 _____ () C:\Users\Othmar\Downloads\mbam.txt
2015-03-24 16:58 - 2015-03-24 16:58 - 00001001 _____ () C:\Users\Othmar\Desktop\AdwCleaner[R0] - Verknüpfung.lnk
2015-03-24 16:53 - 2015-03-28 13:31 - 00000000 ____D () C:\AdwCleaner
2015-03-24 16:53 - 2015-03-24 16:53 - 02168320 _____ () C:\Users\Othmar\Downloads\AdwCleaner_4.113.exe
2015-03-24 09:51 - 2015-03-24 09:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-22 13:15 - 2015-03-28 14:11 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-22 13:14 - 2015-03-24 17:02 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-22 13:14 - 2015-03-24 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-22 13:14 - 2015-03-24 17:02 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-22 13:14 - 2015-03-22 13:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-22 13:14 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-22 13:14 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-22 13:14 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-22 13:13 - 2015-03-22 13:14 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Othmar\Desktop\mbam-setup-2.1.4.1018.exe
2015-03-22 13:12 - 2015-03-24 17:26 - 00024028 _____ () C:\Users\Othmar\Desktop\Addition.txt
2015-03-22 13:11 - 2015-03-28 14:20 - 00018517 _____ () C:\Users\Othmar\Desktop\FRST.txt
2015-03-22 13:11 - 2015-03-28 14:20 - 00000000 ____D () C:\FRST
2015-03-22 13:11 - 2015-03-22 13:11 - 02095616 _____ (Farbar) C:\Users\Othmar\Desktop\FRST64.exe
2015-03-22 09:16 - 2015-03-22 09:16 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-11 08:59 - 2015-03-11 08:59 - 00000000 ____D () C:\Users\Othmar\AppData\Local\LizardTech
2015-03-11 08:58 - 2015-02-23 11:52 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 08:58 - 2015-02-23 11:52 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 08:58 - 2015-02-23 11:51 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 08:58 - 2015-02-23 11:51 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2015-03-11 08:58 - 2015-02-23 11:51 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 08:58 - 2015-02-23 11:51 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 08:58 - 2015-02-23 11:51 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 19301888 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 15410688 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 02656256 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 08:58 - 2015-02-23 11:50 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 08:58 - 2015-02-23 11:49 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 08:58 - 2015-02-23 10:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 08:58 - 2015-02-23 10:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2015-03-11 08:58 - 2015-02-23 09:51 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-11 08:58 - 2015-02-21 06:31 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 08:58 - 2015-02-21 06:31 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 08:58 - 2015-02-21 06:31 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 08:58 - 2015-02-21 06:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 14380544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 13768704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 08:58 - 2015-02-21 06:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 08:58 - 2015-02-21 06:29 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 08:58 - 2015-02-21 06:29 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 08:58 - 2015-02-21 06:29 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 08:58 - 2015-02-21 06:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 08:58 - 2015-02-21 06:07 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2015-03-11 08:58 - 2015-02-21 05:42 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-03-11 08:58 - 2015-02-21 04:00 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2015-03-11 08:57 - 2015-03-06 08:39 - 00588800 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-03-11 08:57 - 2015-03-06 08:39 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 08:57 - 2015-03-06 06:48 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-03-11 08:57 - 2015-03-06 06:48 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 08:57 - 2015-02-26 05:35 - 04063232 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 08:57 - 2015-02-03 00:18 - 00569712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 08:57 - 2015-01-24 07:42 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 08:57 - 2015-01-24 06:00 - 00243712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 08:53 - 2015-02-20 14:59 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 08:53 - 2015-02-20 12:56 - 00366592 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 08:53 - 2015-02-20 09:10 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 08:53 - 2015-02-20 08:24 - 00304128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 08:53 - 2015-01-31 14:48 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-03-11 08:53 - 2015-01-31 06:55 - 00275712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-03-11 08:52 - 2015-01-29 09:45 - 06973248 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 08:52 - 2015-01-29 09:05 - 01627648 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 08:52 - 2015-01-29 07:19 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 08:52 - 2015-01-20 07:41 - 01120256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 08:52 - 2015-01-20 06:10 - 00892416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 08:48 - 2014-04-16 19:20 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-03-11 08:48 - 2014-04-16 19:20 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-03-11 08:46 - 2015-02-17 07:54 - 19777536 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 08:46 - 2015-02-17 06:13 - 17561600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 08:46 - 2015-01-24 07:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 08:46 - 2015-01-24 06:00 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 08:46 - 2015-01-24 05:31 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 08:45 - 2015-02-13 00:18 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-03-11 08:42 - 2015-03-11 08:42 - 00001034 _____ () C:\Users\Othmar\Desktop\GeoViewer.lnk
2015-03-11 08:42 - 2015-03-11 08:42 - 00000000 ____D () C:\Users\Othmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LizardTech
2015-03-11 08:42 - 2015-03-11 08:42 - 00000000 ____D () C:\Users\Othmar\AppData\Roaming\LizardTech
2015-03-11 08:42 - 2015-03-11 08:42 - 00000000 ____D () C:\Users\Othmar\AppData\Roaming\InstallShield Installation Information
2015-03-11 08:42 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-03-11 08:42 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-03-11 08:42 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-03-11 08:42 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-03-11 08:42 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-03-04 07:42 - 2015-03-04 07:42 - 00001894 _____ () C:\Users\Othmar\Desktop\IrfanView Thumbnails.lnk
2015-02-28 21:45 - 2015-03-04 22:24 - 00791496 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-28 21:45 - 2015-03-04 22:24 - 00177608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-26 20:11 - 2014-12-18 09:51 - 00096576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2015-02-26 20:11 - 2014-12-18 07:52 - 00889344 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-02-26 20:11 - 2014-12-18 07:51 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-02-26 20:11 - 2014-12-18 07:50 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-02-26 20:11 - 2014-12-18 07:20 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-02-26 20:11 - 2014-12-06 08:53 - 00458240 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-02-26 20:11 - 2014-12-06 08:53 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-02-26 20:11 - 2014-12-06 08:51 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-02-26 20:11 - 2014-12-06 08:51 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-02-26 20:11 - 2014-12-06 08:50 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-02-26 20:11 - 2014-12-06 07:10 - 00355840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-02-26 20:11 - 2014-12-06 07:10 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-02-26 20:11 - 2014-12-06 07:09 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-02-26 20:10 - 2015-01-15 12:44 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2015-02-26 20:10 - 2015-01-15 12:43 - 01282560 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-26 20:10 - 2015-01-15 11:00 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2015-02-26 20:10 - 2015-01-15 10:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-26 20:10 - 2015-01-15 10:09 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-26 20:10 - 2014-12-11 07:51 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-02-26 20:10 - 2014-11-15 07:06 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-02-26 20:10 - 2014-11-15 06:13 - 03286016 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-02-26 20:10 - 2014-11-15 06:13 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-02-26 20:10 - 2014-11-15 06:13 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-02-26 20:10 - 2014-11-15 06:13 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-02-26 20:10 - 2014-11-15 06:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-02-26 20:10 - 2014-11-15 06:13 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-02-26 20:10 - 2014-11-15 06:13 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-02-26 20:10 - 2014-11-15 06:12 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-02-26 20:10 - 2014-11-15 04:54 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-02-26 20:10 - 2014-11-15 04:53 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-02-26 20:10 - 2014-11-15 04:53 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-02-26 20:10 - 2014-11-15 04:53 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-02-26 20:10 - 2014-11-05 07:40 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-02-26 20:10 - 2014-11-05 07:39 - 01024512 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-02-26 20:10 - 2014-11-01 07:28 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-02-26 20:10 - 2014-10-29 15:21 - 00499008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2015-02-26 20:09 - 2014-12-19 07:48 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-02-26 20:09 - 2014-12-08 07:48 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-26 20:09 - 2014-12-08 06:04 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-26 20:09 - 2014-12-06 08:52 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-02-26 20:09 - 2014-12-06 08:52 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-26 20:09 - 2014-12-06 08:52 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-02-26 20:09 - 2014-12-06 07:09 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-02-26 20:08 - 2014-12-19 05:35 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-26 20:08 - 2014-11-26 07:43 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-26 20:08 - 2014-11-26 05:50 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-26 19:55 - 2015-01-09 07:43 - 00951808 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-02-26 19:55 - 2015-01-09 06:03 - 00601088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-02-26 19:55 - 2015-01-09 00:52 - 00478296 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-26 19:55 - 2015-01-09 00:52 - 00478296 _____ () C:\Windows\system32\locale.nls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 14:17 - 2014-02-03 16:36 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-28 14:10 - 2014-02-03 16:35 - 01474015 _____ () C:\Windows\WindowsUpdate.log
2015-03-28 14:03 - 2014-04-16 08:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-28 14:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2015-03-28 13:56 - 2014-02-03 16:41 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2717880484-1776808505-1316206091-1001
2015-03-28 13:46 - 2014-05-24 13:36 - 00145920 ___SH () C:\Users\Othmar\Downloads\Thumbs.db
2015-03-28 13:38 - 2012-07-26 11:27 - 00751892 _____ () C:\Windows\system32\perfh007.dat
2015-03-28 13:38 - 2012-07-26 11:27 - 00155620 _____ () C:\Windows\system32\perfc007.dat
2015-03-28 13:38 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-28 13:32 - 2014-09-29 16:26 - 00000000 ____D () C:\Users\Othmar\AppData\Roaming\ViberPC
2015-03-28 13:32 - 2014-09-29 16:25 - 00000000 ____D () C:\Users\Othmar\AppData\Local\Viber
2015-03-28 13:32 - 2014-02-03 16:36 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-28 13:32 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-28 13:32 - 2012-07-26 06:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-03-28 11:31 - 2014-02-03 16:40 - 00000000 ____D () C:\Users\Othmar\AppData\Roaming\ClassicShell
2015-03-27 09:02 - 2014-03-03 09:28 - 00000000 ____D () C:\Users\Othmar\AppData\Roaming\vlc
2015-03-26 14:32 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2015-03-26 13:20 - 2014-04-16 08:19 - 00000072 _____ () C:\Users\Public\LMDebug.log
2015-03-26 13:01 - 2014-03-17 19:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-26 13:01 - 2013-02-16 13:23 - 00034594 _____ () C:\Windows\PFRO.log
2015-03-25 14:42 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-03-25 14:41 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2015-03-22 11:14 - 2014-02-03 16:35 - 00000000 ____D () C:\Users\Othmar
2015-03-22 08:16 - 2014-03-31 19:12 - 00000143 _____ () C:\Users\Othmar\AppData\Roaming\WB.CFG
2015-03-12 18:29 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ToastData
2015-03-12 18:29 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 18:29 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 18:29 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-03-12 18:29 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-12 18:29 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-12 08:27 - 2014-02-03 16:35 - 00000000 ____D () C:\Users\Othmar\AppData\Local\Packages
2015-03-11 10:56 - 2014-02-04 11:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-11 10:56 - 2014-02-03 17:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 10:50 - 2014-03-06 11:43 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 10:50 - 2012-07-26 06:26 - 00000269 _____ () C:\Windows\win.ini
2015-03-11 10:48 - 2013-02-16 13:59 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 08:42 - 2014-03-21 18:45 - 00037812 _____ () C:\Windows\DirectX.log
2015-03-10 14:22 - 2014-03-21 18:45 - 00000000 ____D () C:\Program Files (x86)\HappyFoto-Designer
2015-03-09 19:19 - 2014-09-10 07:11 - 00000000 ____D () C:\Users\Othmar\AppData\Roaming\Skype
2015-03-04 07:42 - 2014-03-18 19:16 - 00001006 _____ () C:\Users\Othmar\Desktop\IrfanView.lnk
2015-03-04 07:42 - 2014-03-18 19:16 - 00000000 ____D () C:\Users\Othmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2015-03-04 07:42 - 2014-03-18 19:16 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2015-03-03 14:17 - 2013-02-16 13:53 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-28 03:00 - 2014-02-03 16:48 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-26 20:03 - 2014-04-16 08:13 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

==================== Files in the root of some directories =======

2014-03-31 19:12 - 2015-03-22 08:16 - 0000143 _____ () C:\Users\Othmar\AppData\Roaming\WB.CFG
2014-07-15 17:34 - 2014-12-22 15:58 - 0008704 _____ () C:\Users\Othmar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-02 14:18 - 2014-11-02 14:18 - 0001555 _____ () C:\Users\Othmar\AppData\Local\recently-used.xbel

Files to move or delete:
====================
C:\Users\Othmar\FreemakeVideoConverterSetup.exe
C:\Users\Othmar\HappyFoto-Bestellassistent.exe
C:\Users\Othmar\HappyFoto-Designer.exe
C:\Users\Othmar\udc.exe


Some content of TEMP:
====================
C:\Users\Othmar\AppData\Local\Temp\13-12_win7_win8_64_dd_ccc_whql.exe
C:\Users\Othmar\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\Othmar\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Othmar\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Othmar\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Othmar\AppData\Local\Temp\FreemakeVideoConverterFull.exe
C:\Users\Othmar\AppData\Local\Temp\hcwclear.exe
C:\Users\Othmar\AppData\Local\Temp\Manuals.exe
C:\Users\Othmar\AppData\Local\Temp\ose00002.exe
C:\Users\Othmar\AppData\Local\Temp\Quarantine.exe
C:\Users\Othmar\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Othmar\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Othmar\AppData\Local\Temp\sqlite3.dll
C:\Users\Othmar\AppData\Local\Temp\_is30AE.exe
C:\Users\Othmar\AppData\Local\Temp\~convert3240405483724834158.exe
C:\Users\Othmar\AppData\Local\Temp\~convert3888342811581094103.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-23 20:02

==================== End Of Log ============================

--- --- ---

--- --- ---

und die addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Othmar at 2015-03-28 14:21:06
Running from C:\Users\Othmar\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\uTorrent) (Version: 3.3.2.30488 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ACDSee Foto-Editor (HKLM-x32\...\{53AD87D3-72AE-4D07-8A7A-1F4D54E83777}) (Version: 4.00.208 - ACD Systems Ltd.)
ACDSee Free (HKLM-x32\...\ACDSee Free) (Version: 1.0.18 - ACD Systems International Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
ArcSoft TotalMedia 3.5 (HKLM-x32\...\{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}) (Version: 3.5.7.377 - ArcSoft)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - )
CyberViewX (HKLM-x32\...\{D20A621F-5933-4185-922D-51D187670690}) (Version: 5.16.25 - CyberViewX)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Freemake Video Converter Version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HappyFoto - Bestellassistent (HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\HappyFoto - Bestellassistent) (Version:  - HAPPY - FOTO GmbH / ©2014 Aberger Software GmbH)
HappyFoto-Designer 5.2 (HKLM-x32\...\HappyFoto-Designer_is1) (Version:  - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LizardTech GeoViewer 9.0 (HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\{CEEF6E28-ED9B-41C9-973A-82B07E449A53}) (Version: 9.0 - LizardTech)
LoiLoScope Herunterladen (HKLM-x32\...\{C2A254F4-AC74-482F-8F09-DB2843AC2AAE}_is1) (Version: 2.0 - LoiLo inc)
MAGIX Fotos auf DVD 2014 Deluxe (HKLM-x32\...\MX.{C2A5A580-75AF-4021-AA42-F3076434BF80}) (Version: 13.0.0.84 - MAGIX AG)
MAGIX Fotos auf DVD 2014 Deluxe (Version: 13.0.0.84 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{3F70AA2A-CAE4-4898-BBFB-C34165A85DF7}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 Plus (HKLM-x32\...\MX.{9E2FEB28-7407-4009-9DC4-203EF2EF6BB7}) (Version: 13.0.0.28 - MAGIX AG)
MAGIX Video deluxe 2014 Plus (Version: 13.0.0.28 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
MD86351 driver install (HKLM-x32\...\InstallShield_{2320D419-1E49-4FF9-B0D5-4BEDAD3B7724}) (Version: 6.3.6.1 - MEDION AG)
MD86351 driver install (x32 Version: 6.3.6.1 - MEDION AG) Hidden
MetaEditor (HKLM-x32\...\{1D04B4D4-80C2-4F02-B5BE-3A5991FF6077}) (Version: 1.0.0 - kiwi.software.NET)
Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM\...\{90150000-001F-0407-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office ScreenTip Language 2013 - Deutsch (HKLM\...\{90150000-00BD-0407-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero MediaHome 4 Essentials (HKLM-x32\...\{78cff10e-90c4-4454-bb95-17837ff57043}) (Version:  - Nero AG)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PHOTOfunSTUDIO 9.3 PE (HKLM-x32\...\{E33B3B6C-5712-4A39-B30D-1391918D920D}) (Version: 9.03.703 - Panasonic Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.02.00 - Samsung Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SlimDX Runtime .NET 4.0 x64 (January 2012) (HKLM\...\{A2199A06-89C4-4187-AA4A-3A9676FB799D}) (Version: 2.0.13.43 - SlimDX Group)
TV IR (HKLM-x32\...\{C1FD1627-2EAF-48CB-A333-42D39BCB096D}) (Version: 2.4 - MEDION AG)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Viber (HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\Viber) (Version: 3.0.0.134678 - Viber Media Inc)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2717880484-1776808505-1316206091-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Othmar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2717880484-1776808505-1316206091-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Othmar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2717880484-1776808505-1316206091-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Othmar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2717880484-1776808505-1316206091-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Othmar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2717880484-1776808505-1316206091-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Othmar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

11-03-2015 08:41:56 Installed SlimDX Runtime .NET 4.0 x64 (January 2012)
22-03-2015 07:43:03 Geplanter Prüfpunkt
25-03-2015 14:41:47 Windows Update
27-03-2015 16:32:25 MetaEditor wird installiert

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {11AA2F56-21E5-45F5-A1FF-E7A33215120F} - System32\Tasks\Othmar1 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe
Task: {1D861D4F-86CE-4817-A37F-E89CBE75FEFC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {4A90F9F6-2EFE-4B03-9675-7148E01E94D6} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe
Task: {50911FCF-12A4-4B4C-BE22-D32C3FEC273F} - System32\Tasks\Windows Defender Update => C:\Program Files\Windows Defender\MpCmdRun.exe [2015-01-31] (Microsoft Corporation)
Task: {54AFC8F0-1A18-476D-860B-94D997572C29} - System32\Tasks\Othmar Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe
Task: {620B6C9C-FF41-414B-A06F-164BA7E57229} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {7185F71C-F70F-4550-90F5-216E1A717B76} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-03] (Google Inc.)
Task: {7925C416-76D5-4D01-AAB3-208FE7530087} - System32\Tasks\Othmar DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
Task: {99DBF88F-999F-46FA-B001-85C73C8E822D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-11] (Microsoft Corporation)
Task: {9BF38F38-ECFC-4ED8-BA33-B59E329FE313} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-26] (Adobe Systems Incorporated)
Task: {9E5CE3F1-E1CA-42AB-B023-D6695553EA35} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {AB9D6AB4-7293-48F4-8AC0-24CF3C494D2D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {C79F84D6-6583-457D-B868-AD22B439C5E5} - System32\Tasks\Othmar => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe
Task: {F3E8D904-1DC3-4D13-888A-2C9268B9E046} - \AutoKMS No Task File <==== ATTENTION
Task: {F3F2AE8E-0802-4CA4-AAC7-231D2730CA81} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-03] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-04-16 08:17 - 2011-04-11 06:26 - 00034304 _____ () C:\Windows\System32\spe__l.dll
2014-09-29 16:26 - 2014-07-24 18:40 - 00936656 _____ () C:\Users\Othmar\AppData\Local\Viber\Viber.exe
2014-01-10 06:26 - 2014-01-10 06:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-09-02 09:54 - 2012-04-16 21:25 - 00221696 _____ () C:\Program Files (x86)\TV IR\shutTask.exe
2014-09-02 09:54 - 2012-04-26 16:20 - 01454592 _____ () C:\Program Files (x86)\TV IR\TV IR.exe
2014-09-02 09:54 - 2010-07-07 17:21 - 02097152 _____ () C:\Program Files (x86)\TV IR\RmCard.dll
2015-01-21 15:01 - 2015-01-21 15:01 - 08898728 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-01-21 15:01 - 2015-01-21 15:01 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 49471488 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\libViber.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00770048 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\libGLESv2.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00106496 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\qfacebook.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00172032 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\exif.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00049152 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\libEGL.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00876544 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\platforms\qwindows.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00024576 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\imageformats\qgif.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00024576 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\imageformats\qico.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00204800 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\imageformats\qjpeg.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00221184 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\imageformats\qmng.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00016384 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\imageformats\qsvg.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00016384 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\imageformats\qtga.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00311296 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\imageformats\qtiff.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00016384 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\imageformats\qwbmp.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00638976 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\sqldrivers\qsqlite.dll
2015-03-09 19:53 - 2015-03-09 19:53 - 00032768 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\iconengines\qsvgicon.dll
2014-09-02 09:52 - 2007-04-19 08:33 - 00035584 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uPiApi.dll
2014-01-10 06:28 - 2014-01-10 06:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Othmar\Downloads\Einladung.eml:OECustomProperty
AlternateDataStreams: C:\Users\Othmar\Downloads\Reiseplan – detailliert Reisedatum_ Dienstag, 13. Januar 2015(1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Othmar\Downloads\Reiseplan – detailliert Reisedatum_ Dienstag, 13. Januar 2015(2).eml:OECustomProperty
AlternateDataStreams: C:\Users\Othmar\Downloads\Reiseplan – detailliert Reisedatum_ Dienstag, 13. Januar 2015.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\Control Panel\Desktop\\Wallpaper -> L:\humi\reisen ab 2014\chile Patagonien 2015\_bilder patagonien 2015 best\P1030927.JPG
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2717880484-1776808505-1316206091-500 - Administrator - Disabled)
Gast (S-1-5-21-2717880484-1776808505-1316206091-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2717880484-1776808505-1316206091-1003 - Limited - Enabled)
NeroMediaHomeUser.4 (S-1-5-21-2717880484-1776808505-1316206091-1004 - Limited - Enabled) => C:\Users\NeroMediaHomeUser.4
Othmar (S-1-5-21-2717880484-1776808505-1316206091-1001 - Administrator - Enabled) => C:\Users\Othmar

==================== Faulty Device Manager Devices =============

Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 25%
Total physical RAM: 8136.96 MB
Available physical RAM: 6047.38 MB
Total Pagefile: 9352.96 MB
Available Pagefile: 7035.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.47 GB) (Free:143.67 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (System-reserviert) (Fixed) (Total:0.34 GB) (Free:0.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive l: (Volume) (Fixed) (Total:1862.67 GB) (Free:538.41 GB) NTFS
Drive m: (m) (Fixed) (Total:1863.01 GB) (Free:670.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 114019AF)
Partition 1: (Active) - (Size=238.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 114019A3)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.7 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: DF3B428C)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================

hoffe es paßt jetzt so mit der Reihenfolge.
Danke für Deine Unterstützung!

Humi

M-K-D-B · 29.03.2015, 11:50

Servus,

ja, jetzt passts.

Wir machen so weiter:

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {F3E8D904-1DC3-4D13-888A-2C9268B9E046} - \AutoKMS No Task File <==== ATTENTION
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)

Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
Code:
ATTFilter
```
:regfind
Datamngr
IePluginServices
Greautsaving
PriceMeter
iLivid
         
```
Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.

Schritt 3

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von SystemLook,
die beiden neuen Logdateien von FRST.

humi_o · 30.03.2015, 08:55

Hallo,
anbei die logfiles:
FixLog:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Othmar at 2015-03-30 09:22:23 Run:2
Running from C:\Users\Othmar\Desktop
Loaded Profiles: Othmar & NeroMediaHomeUser.4 (Available profiles: Othmar & NeroMediaHomeUser.4)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {F3E8D904-1DC3-4D13-888A-2C9268B9E046} - \AutoKMS No Task File <==== ATTENTION
EmptyTemp:
end
*****************

Processes closed successfully.
HKLM\SOFTWARE\Policies\Google => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3E8D904-1DC3-4D13-888A-2C9268B9E046} => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS => Key not found. 
EmptyTemp: => Removed 20.2 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 09:22:40 ====

Systemlook:

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 09:27 on 30/03/2015 by Othmar
Administrator - Elevation successful

========== regfind ==========

Searching for "Datamngr"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5BC75993-AB1A-4925-9B78-88F3D91D9092}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe|Name=Movies Toolbar (Dist. by Bandoo Media, Inc.) DTX Broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4EB5C489-62D0-4FFA-B7DA-9B80343883AA}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe|Name=Movies Toolbar (Dist. by Bandoo Media, Inc.) DTX Broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5BC75993-AB1A-4925-9B78-88F3D91D9092}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe|Name=Movies Toolbar (Dist. by Bandoo Media, Inc.) DTX Broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4EB5C489-62D0-4FFA-B7DA-9B80343883AA}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe|Name=Movies Toolbar (Dist. by Bandoo Media, Inc.) DTX Broker|"

Searching for "IePluginServices"
No data found.

Searching for "Greautsaving"
No data found.

Searching for "PriceMeter"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\df12a89d_0]
@="{2}.\\?\pci#ven_1102&dev_0007&subsys_10041102&rev_00#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\topology/00010003|\Device\HarddiskVolume4\Users\Othmar\AppData\Local\PriceMeter\pricemeter.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-2717880484-1776808505-1316206091-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\df12a89d_0]
@="{2}.\\?\pci#ven_1102&dev_0007&subsys_10041102&rev_00#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\topology/00010003|\Device\HarddiskVolume4\Users\Othmar\AppData\Local\PriceMeter\pricemeter.exe%b{00000000-0000-0000-0000-000000000000}"

Searching for "iLivid"
[HKEY_CURRENT_USER\"Software\iLivid]
[HKEY_CURRENT_USER\"Software\iLivid\iLivid"]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Othmar\AppData\Local\iLivid]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Othmar\AppData\Local\iLivid]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\addplushd\Plugins\220]
"JavaScript"="var ICMBaseManager=function(a){if(appAPI.isBackground){(function(h){var f=false,g=/xyz/.test(function(){xyz;})?/\b_super\b/:/.*/;h.Class=function(){};h.Class.extend=function(m){var l=this.prototype;f=true;var k=new this();f=false;for(var j in m){k[j]=typeof m[j]=="function"&&typeof l[j]=="function"&&g.test(m[j])?(function(n,o){return function(){var q=this._super;this._super=l[n];var p=o.apply(this,arguments);this._super=q;return p;};})(j,m[j]):m[j];}function i(){if(!f&&this.init){this.init.apply(this,arguments);}}i.prototype=k;i.prototype.constructor=i;i.extend=arguments.callee;return i;};})($jquery_171);var e={Base64:{_keyStr:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",decode:function(h){var f="";var p,n,l;var o,m,k,j;var g=0;h=h.replace(/[^A-Za-z0-9\+\/\=]/g,"");while(g<h.length){o=this._keyStr.indexOf(h.cha
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r343-n-bc.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BC893443-6629-45C5-8707-76512EC51C91}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\Othmar\AppData\Local\iLivid\iLivid.exe|Name=iLivid|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{928BD343-4EE9-47FA-BDA8-BD98A7507EC9}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\Othmar\AppData\Local\iLivid\iLivid.exe|Name=iLivid|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BC893443-6629-45C5-8707-76512EC51C91}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\Othmar\AppData\Local\iLivid\iLivid.exe|Name=iLivid|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{928BD343-4EE9-47FA-BDA8-BD98A7507EC9}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\Othmar\AppData\Local\iLivid\iLivid.exe|Name=iLivid|"
[HKEY_USERS\S-1-5-21-2717880484-1776808505-1316206091-1001\"Software\iLivid]
[HKEY_USERS\S-1-5-21-2717880484-1776808505-1316206091-1001\"Software\iLivid\iLivid"]
[HKEY_USERS\S-1-5-21-2717880484-1776808505-1316206091-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Othmar\AppData\Local\iLivid]
[HKEY_USERS\S-1-5-21-2717880484-1776808505-1316206091-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Othmar\AppData\Local\iLivid]
[HKEY_USERS\S-1-5-21-2717880484-1776808505-1316206091-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\addplushd\Plugins\220]
"JavaScript"="var ICMBaseManager=function(a){if(appAPI.isBackground){(function(h){var f=false,g=/xyz/.test(function(){xyz;})?/\b_super\b/:/.*/;h.Class=function(){};h.Class.extend=function(m){var l=this.prototype;f=true;var k=new this();f=false;for(var j in m){k[j]=typeof m[j]=="function"&&typeof l[j]=="function"&&g.test(m[j])?(function(n,o){return function(){var q=this._super;this._super=l[n];var p=o.apply(this,arguments);this._super=q;return p;};})(j,m[j]):m[j];}function i(){if(!f&&this.init){this.init.apply(this,arguments);}}i.prototype=k;i.prototype.constructor=i;i.extend=arguments.callee;return i;};})($jquery_171);var e={Base64:{_keyStr:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",decode:function(h){var f="";var p,n,l;var o,m,k,j;var g=0;h=h.replace(/[^A-Za-z0-9\+\/\=]/g,"");while(
[HKEY_USERS\S-1-5-21-2717880484-1776808505-1316206091-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\addplushd\Plugins\220]
"JavaScript"="var ICMBaseManager=function(a){if(appAPI.isBackground){(function(h){var f=false,g=/xyz/.test(function(){xyz;})?/\b_super\b/:/.*/;h.Class=function(){};h.Class.extend=function(m){var l=this.prototype;f=true;var k=new this();f=false;for(var j in m){k[j]=typeof m[j]=="function"&&typeof l[j]=="function"&&g.test(m[j])?(function(n,o){return function(){var q=this._super;this._super=l[n];var p=o.apply(this,arguments);this._super=q;return p;};})(j,m[j]):m[j];}function i(){if(!f&&this.init){this.init.apply(this,arguments);}}i.prototype=k;i.prototype.constructor=i;i.extend=arguments.callee;return i;};})($jquery_171);var e={Base64:{_keyStr:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",decode:function(h){var f="";var p,n,l;var o,m,k,j;var g=0;h=h.replace(/[^A-Za-z0-9\+\/\=]/g,"");while(g<h.lengt

-= EOF =-

und frische FRST

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Othmar (administrator) on HUMITSCH on 30-03-2015 09:29:33
Running from C:\Users\Othmar\Desktop
Loaded Profiles: Othmar & NeroMediaHomeUser.4 (Available profiles: Othmar & NeroMediaHomeUser.4)
Platform: Windows 8 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Othmar\AppData\Local\Viber\Viber.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\TV IR\shutTask.exe
() C:\Program Files (x86)\TV IR\TV IR.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM-x32\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Nero MediaHome 4] => C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [5179880 2012-12-20] (Nero AG)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-28] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [TVPro Control] => C:\Program Files (x86)\TV IR\TV IR.EXE [1454592 2012-04-26] ()
HKLM-x32\...\Run: [TVPro Task] => C:\Program Files (x86)\TV IR\shutTask.exe [221696 2012-04-16] ()
HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\Run: [Nero MediaHome 4] => C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [5179880 2012-12-20] (Nero AG)
HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\Run: [Viber] => C:\Users\Othmar\AppData\Local\Viber\Viber.exe [936656 2014-07-24] ()
HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\MountPoints2: {6f11f9e6-8ce8-11e3-be6a-806e6f6e6963} - "H:\setup.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 9.3 PE.lnk
ShortcutTarget: PHOTOfunSTUDIO 9.3 PE.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.at.msn.com/
URLSearchHook: [S-1-5-21-2717880484-1776808505-1316206091-1004] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2717880484-1776808505-1316206091-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-01-18] (IvoSoft)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2014-08-26] (Sun Microsystems, Inc.)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
DPF: HKLM-x32 {5852F5ED-8BF4-11D4-A245-0080C6F74284} hxxp://javadl-esd.oracle.com/update/1.6.0/jinstall-6u20-windows-i586.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Othmar\AppData\Roaming\Mozilla\Firefox\Profiles\pimu1gdx.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-26] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-01-31] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-26] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-07-17] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-09-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2014-08-26] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-09-25] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Othmar\AppData\Roaming\Mozilla\Firefox\Profiles\pimu1gdx.default\searchplugins\google-images.xml [2014-12-21]
FF SearchPlugin: C:\Users\Othmar\AppData\Roaming\Mozilla\Firefox\Profiles\pimu1gdx.default\searchplugins\google-maps.xml [2014-12-21]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Othmar\AppData\Roaming\Mozilla\Firefox\Profiles\pimu1gdx.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2014-12-21]
FF Extension: Adblock Plus - C:\Users\Othmar\AppData\Roaming\Mozilla\Firefox\Profiles\pimu1gdx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-21]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-24]
FF HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Skype Click to Call) - C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-09-11]
CHR Extension: (Google Wallet) - C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-06-10] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NeroMediaHomeService.4; C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe [518632 2012-12-20] (Nero AG)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R0 asahci64; C:\Windows\System32\drivers\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [215040 2013-09-24] (Advanced Micro Devices)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-03-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 smsbda; C:\Windows\system32\drivers\smsbda.sys [56960 2011-03-06] (Siano)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-30 09:27 - 2015-03-30 09:28 - 00015246 _____ () C:\Users\Othmar\Desktop\SystemLook.txt
2015-03-30 09:26 - 2015-03-30 09:26 - 00165376 _____ () C:\Users\Othmar\Desktop\SystemLook_x64.exe
2015-03-28 15:18 - 2015-03-28 15:18 - 00000617 _____ () C:\Users\Othmar\Desktop\JRT.txt
2015-03-28 14:54 - 2015-03-28 08:20 - 01389240 _____ (Thisisu) C:\Users\Othmar\Desktop\JRT_NEW.exe
2015-03-28 14:47 - 2015-03-28 14:47 - 00001125 _____ () C:\Users\Othmar\Desktop\mbam - Verknüpfung.lnk
2015-03-28 14:36 - 2015-03-28 14:36 - 00001001 _____ () C:\Users\Othmar\Desktop\AdwCleaner[S1] - Verknüpfung.lnk
2015-03-27 17:34 - 2015-03-27 17:34 - 00003043 _____ () C:\Users\Othmar\Desktop\MetaEditor.lnk
2015-03-27 17:34 - 2015-03-27 17:34 - 00000000 ____D () C:\Users\Othmar\AppData\Local\kiwi.software.NET
2015-03-27 17:32 - 2015-03-27 17:32 - 00000000 ____D () C:\Users\Othmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\kiwi.software.NET
2015-03-27 17:32 - 2015-03-27 17:32 - 00000000 ____D () C:\Program Files (x86)\kiwi.software.NET
2015-03-26 17:19 - 2015-03-26 17:19 - 00000000 ____D () C:\Users\Othmar\Documents\Neuer Ordner
2015-03-26 14:01 - 2015-03-26 14:01 - 00544128 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-25 15:08 - 2015-03-04 09:26 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\AutoUpdate.exe
2015-03-25 15:08 - 2015-03-04 09:26 - 00467952 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2015-03-25 15:08 - 2015-03-04 09:26 - 00011105 _____ () C:\Windows\system32\AutoconfigV2.cab
2015-03-25 15:08 - 2015-03-04 08:41 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-03-25 15:08 - 2015-03-04 08:41 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-25 15:08 - 2015-03-04 06:53 - 00568832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-03-25 15:08 - 2015-03-04 06:53 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-24 18:28 - 2015-03-30 09:25 - 00042496 ___SH () C:\Users\Othmar\Desktop\Thumbs.db
2015-03-24 18:22 - 2015-03-24 18:22 - 00006623 _____ () C:\Users\Othmar\Downloads\JRT.txt
2015-03-24 18:17 - 2015-03-24 18:17 - 01388782 _____ (Thisisu) C:\Users\Othmar\Downloads\JRT.exe
2015-03-24 18:13 - 2015-03-28 14:46 - 00002643 _____ () C:\Users\Othmar\Downloads\mbam.txt
2015-03-24 17:58 - 2015-03-24 17:58 - 00001001 _____ () C:\Users\Othmar\Desktop\AdwCleaner[R0] - Verknüpfung.lnk
2015-03-24 17:53 - 2015-03-28 14:31 - 00000000 ____D () C:\AdwCleaner
2015-03-24 17:53 - 2015-03-24 17:53 - 02168320 _____ () C:\Users\Othmar\Downloads\AdwCleaner_4.113.exe
2015-03-24 10:51 - 2015-03-24 10:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-22 14:15 - 2015-03-30 09:25 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-22 14:14 - 2015-03-24 18:02 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-22 14:14 - 2015-03-24 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-22 14:14 - 2015-03-24 18:02 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-22 14:14 - 2015-03-22 14:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-22 14:14 - 2015-03-17 07:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-22 14:14 - 2015-03-17 07:15 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-22 14:14 - 2015-03-17 07:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-22 14:13 - 2015-03-22 14:14 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Othmar\Desktop\mbam-setup-2.1.4.1018.exe
2015-03-22 14:12 - 2015-03-28 15:21 - 00022870 _____ () C:\Users\Othmar\Desktop\Addition.txt
2015-03-22 14:11 - 2015-03-30 09:29 - 00018468 _____ () C:\Users\Othmar\Desktop\FRST.txt
2015-03-22 14:11 - 2015-03-30 09:29 - 00000000 ____D () C:\FRST
2015-03-22 14:11 - 2015-03-22 14:11 - 02095616 _____ (Farbar) C:\Users\Othmar\Desktop\FRST64.exe
2015-03-22 10:16 - 2015-03-22 10:16 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-11 09:59 - 2015-03-11 09:59 - 00000000 ____D () C:\Users\Othmar\AppData\Local\LizardTech
2015-03-11 09:58 - 2015-02-23 12:52 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 09:58 - 2015-02-23 12:52 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 09:58 - 2015-02-23 12:51 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 09:58 - 2015-02-23 12:51 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2015-03-11 09:58 - 2015-02-23 12:51 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 09:58 - 2015-02-23 12:51 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 09:58 - 2015-02-23 12:51 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2015-03-11 09:58 - 2015-02-23 12:50 - 19301888 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 09:58 - 2015-02-23 12:50 - 15410688 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 09:58 - 2015-02-23 12:50 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 09:58 - 2015-02-23 12:50 - 02656256 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 09:58 - 2015-02-23 12:50 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-03-11 09:58 - 2015-02-23 12:50 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-11 09:58 - 2015-02-23 12:50 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 09:58 - 2015-02-23 12:50 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 09:58 - 2015-02-23 12:50 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 09:58 - 2015-02-23 12:50 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 09:58 - 2015-02-23 12:50 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-03-11 09:58 - 2015-02-23 12:50 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 09:58 - 2015-02-23 12:50 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 09:58 - 2015-02-23 12:50 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 09:58 - 2015-02-23 12:50 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 09:58 - 2015-02-23 12:49 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 09:58 - 2015-02-23 11:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 09:58 - 2015-02-23 11:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2015-03-11 09:58 - 2015-02-23 10:51 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-11 09:58 - 2015-02-21 07:31 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 09:58 - 2015-02-21 07:31 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 09:58 - 2015-02-21 07:31 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 09:58 - 2015-02-21 07:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2015-03-11 09:58 - 2015-02-21 07:30 - 14380544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 09:58 - 2015-02-21 07:30 - 13768704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 09:58 - 2015-02-21 07:30 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 09:58 - 2015-02-21 07:30 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 09:58 - 2015-02-21 07:30 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-03-11 09:58 - 2015-02-21 07:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-11 09:58 - 2015-02-21 07:30 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 09:58 - 2015-02-21 07:30 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 09:58 - 2015-02-21 07:30 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 09:58 - 2015-02-21 07:30 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-03-11 09:58 - 2015-02-21 07:30 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 09:58 - 2015-02-21 07:30 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 09:58 - 2015-02-21 07:30 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 09:58 - 2015-02-21 07:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 09:58 - 2015-02-21 07:29 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 09:58 - 2015-02-21 07:29 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 09:58 - 2015-02-21 07:29 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 09:58 - 2015-02-21 07:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 09:58 - 2015-02-21 07:07 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2015-03-11 09:58 - 2015-02-21 06:42 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-03-11 09:58 - 2015-02-21 05:00 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2015-03-11 09:57 - 2015-03-06 09:39 - 00588800 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-03-11 09:57 - 2015-03-06 09:39 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 09:57 - 2015-03-06 07:48 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-03-11 09:57 - 2015-03-06 07:48 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 09:57 - 2015-02-26 06:35 - 04063232 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 09:57 - 2015-02-03 01:18 - 00569712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 09:57 - 2015-01-24 08:42 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 09:57 - 2015-01-24 07:00 - 00243712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 09:53 - 2015-02-20 15:59 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 09:53 - 2015-02-20 13:56 - 00366592 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 09:53 - 2015-02-20 10:10 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 09:53 - 2015-02-20 09:24 - 00304128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 09:53 - 2015-01-31 15:48 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-03-11 09:53 - 2015-01-31 07:55 - 00275712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-03-11 09:52 - 2015-01-29 10:45 - 06973248 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 09:52 - 2015-01-29 10:05 - 01627648 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 09:52 - 2015-01-29 08:19 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 09:52 - 2015-01-20 08:41 - 01120256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 09:52 - 2015-01-20 07:10 - 00892416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 09:48 - 2014-04-16 20:20 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-03-11 09:48 - 2014-04-16 20:20 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-03-11 09:46 - 2015-02-17 08:54 - 19777536 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 09:46 - 2015-02-17 07:13 - 17561600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 09:46 - 2015-01-24 08:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 09:46 - 2015-01-24 07:00 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 09:46 - 2015-01-24 06:31 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 09:45 - 2015-02-13 01:18 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-03-11 09:42 - 2015-03-11 09:42 - 00001034 _____ () C:\Users\Othmar\Desktop\GeoViewer.lnk
2015-03-11 09:42 - 2015-03-11 09:42 - 00000000 ____D () C:\Users\Othmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LizardTech
2015-03-11 09:42 - 2015-03-11 09:42 - 00000000 ____D () C:\Users\Othmar\AppData\Roaming\LizardTech
2015-03-11 09:42 - 2015-03-11 09:42 - 00000000 ____D () C:\Users\Othmar\AppData\Roaming\InstallShield Installation Information
2015-03-11 09:42 - 2010-05-26 12:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-03-11 09:42 - 2010-05-26 12:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-03-11 09:42 - 2010-05-26 12:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-03-11 09:42 - 2010-02-04 11:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-03-11 09:42 - 2007-04-04 19:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-03-04 08:42 - 2015-03-04 08:42 - 00001894 _____ () C:\Users\Othmar\Desktop\IrfanView Thumbnails.lnk
2015-02-28 22:45 - 2015-03-04 23:24 - 00791496 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-28 22:45 - 2015-03-04 23:24 - 00177608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-30 09:27 - 2014-02-03 17:35 - 01102847 _____ () C:\Windows\WindowsUpdate.log
2015-03-30 09:25 - 2014-09-29 17:26 - 00000000 ____D () C:\Users\Othmar\AppData\Roaming\ViberPC
2015-03-30 09:25 - 2014-09-29 17:25 - 00000000 ____D () C:\Users\Othmar\AppData\Local\Viber
2015-03-30 09:25 - 2014-02-03 17:36 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-30 09:25 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-30 09:24 - 2012-07-26 07:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-03-30 09:22 - 2014-02-03 17:36 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-30 09:21 - 2014-02-03 17:41 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2717880484-1776808505-1316206091-1001
2015-03-30 09:21 - 2012-07-26 12:27 - 00751892 _____ () C:\Windows\system32\perfh007.dat
2015-03-30 09:21 - 2012-07-26 12:27 - 00155620 _____ () C:\Windows\system32\perfc007.dat
2015-03-30 09:21 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-30 09:18 - 2014-05-24 14:36 - 00263680 ___SH () C:\Users\Othmar\Downloads\Thumbs.db
2015-03-30 09:17 - 2014-02-03 17:36 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-03-30 09:17 - 2014-02-03 17:36 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-03-30 09:16 - 2013-02-16 14:23 - 00034892 _____ () C:\Windows\PFRO.log
2015-03-30 09:06 - 2014-03-03 10:28 - 00000000 ____D () C:\Users\Othmar\AppData\Roaming\vlc
2015-03-30 09:03 - 2014-04-16 09:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-30 08:18 - 2014-02-03 17:40 - 00000000 ____D () C:\Users\Othmar\AppData\Roaming\ClassicShell
2015-03-30 08:17 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2015-03-29 06:41 - 2014-09-10 08:11 - 00000000 ____D () C:\Users\Othmar\AppData\Roaming\Skype
2015-03-28 17:40 - 2014-09-10 08:11 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-28 17:40 - 2014-09-10 08:11 - 00000000 ____D () C:\ProgramData\Skype
2015-03-26 15:32 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2015-03-26 14:20 - 2014-04-16 09:19 - 00000072 _____ () C:\Users\Public\LMDebug.log
2015-03-26 14:01 - 2014-03-17 20:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-25 15:42 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-03-25 15:41 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2015-03-22 12:14 - 2014-02-03 17:35 - 00000000 ____D () C:\Users\Othmar
2015-03-22 09:16 - 2014-03-31 20:12 - 00000143 _____ () C:\Users\Othmar\AppData\Roaming\WB.CFG
2015-03-12 19:29 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2015-03-12 19:29 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 19:29 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 19:29 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-03-12 19:29 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-12 19:29 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-12 09:27 - 2014-02-03 17:35 - 00000000 ____D () C:\Users\Othmar\AppData\Local\Packages
2015-03-11 11:56 - 2014-02-04 12:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-11 11:56 - 2014-02-03 18:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 11:50 - 2014-03-06 12:43 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 11:50 - 2012-07-26 07:26 - 00000269 _____ () C:\Windows\win.ini
2015-03-11 11:48 - 2013-02-16 14:59 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 09:42 - 2014-03-21 19:45 - 00037812 _____ () C:\Windows\DirectX.log
2015-03-10 15:22 - 2014-03-21 19:45 - 00000000 ____D () C:\Program Files (x86)\HappyFoto-Designer
2015-03-04 08:42 - 2014-03-18 20:16 - 00001006 _____ () C:\Users\Othmar\Desktop\IrfanView.lnk
2015-03-04 08:42 - 2014-03-18 20:16 - 00000000 ____D () C:\Users\Othmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2015-03-04 08:42 - 2014-03-18 20:16 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2015-03-03 15:17 - 2013-02-16 14:53 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-28 04:00 - 2014-02-03 17:48 - 00000000 ____D () C:\ProgramData\Package Cache

==================== Files in the root of some directories =======

2014-03-31 20:12 - 2015-03-22 09:16 - 0000143 _____ () C:\Users\Othmar\AppData\Roaming\WB.CFG
2014-07-15 18:34 - 2014-12-22 16:58 - 0008704 _____ () C:\Users\Othmar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-02 15:18 - 2014-11-02 15:18 - 0001555 _____ () C:\Users\Othmar\AppData\Local\recently-used.xbel

Files to move or delete:
====================
C:\Users\Othmar\FreemakeVideoConverterSetup.exe
C:\Users\Othmar\HappyFoto-Bestellassistent.exe
C:\Users\Othmar\HappyFoto-Designer.exe
C:\Users\Othmar\udc.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-29 03:00

==================== End Of Log ============================

--- --- ---

--- --- ---

und addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Othmar at 2015-03-30 09:29:53
Running from C:\Users\Othmar\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\uTorrent) (Version: 3.3.2.30488 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ACDSee Foto-Editor (HKLM-x32\...\{53AD87D3-72AE-4D07-8A7A-1F4D54E83777}) (Version: 4.00.208 - ACD Systems Ltd.)
ACDSee Free (HKLM-x32\...\ACDSee Free) (Version: 1.0.18 - ACD Systems International Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
ArcSoft TotalMedia 3.5 (HKLM-x32\...\{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}) (Version: 3.5.7.377 - ArcSoft)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - )
CyberViewX (HKLM-x32\...\{D20A621F-5933-4185-922D-51D187670690}) (Version: 5.16.25 - CyberViewX)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Freemake Video Converter Version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HappyFoto - Bestellassistent (HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\HappyFoto - Bestellassistent) (Version:  - HAPPY - FOTO GmbH / ©2014 Aberger Software GmbH)
HappyFoto-Designer 5.2 (HKLM-x32\...\HappyFoto-Designer_is1) (Version:  - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LizardTech GeoViewer 9.0 (HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\{CEEF6E28-ED9B-41C9-973A-82B07E449A53}) (Version: 9.0 - LizardTech)
LoiLoScope Herunterladen (HKLM-x32\...\{C2A254F4-AC74-482F-8F09-DB2843AC2AAE}_is1) (Version: 2.0 - LoiLo inc)
MAGIX Fotos auf DVD 2014 Deluxe (HKLM-x32\...\MX.{C2A5A580-75AF-4021-AA42-F3076434BF80}) (Version: 13.0.0.84 - MAGIX AG)
MAGIX Fotos auf DVD 2014 Deluxe (Version: 13.0.0.84 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{3F70AA2A-CAE4-4898-BBFB-C34165A85DF7}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 Plus (HKLM-x32\...\MX.{9E2FEB28-7407-4009-9DC4-203EF2EF6BB7}) (Version: 13.0.0.28 - MAGIX AG)
MAGIX Video deluxe 2014 Plus (Version: 13.0.0.28 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
MD86351 driver install (HKLM-x32\...\InstallShield_{2320D419-1E49-4FF9-B0D5-4BEDAD3B7724}) (Version: 6.3.6.1 - MEDION AG)
MD86351 driver install (x32 Version: 6.3.6.1 - MEDION AG) Hidden
MetaEditor (HKLM-x32\...\{1D04B4D4-80C2-4F02-B5BE-3A5991FF6077}) (Version: 1.0.0 - kiwi.software.NET)
Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM\...\{90150000-001F-0407-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office ScreenTip Language 2013 - Deutsch (HKLM\...\{90150000-00BD-0407-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero MediaHome 4 Essentials (HKLM-x32\...\{78cff10e-90c4-4454-bb95-17837ff57043}) (Version:  - Nero AG)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PHOTOfunSTUDIO 9.3 PE (HKLM-x32\...\{E33B3B6C-5712-4A39-B30D-1391918D920D}) (Version: 9.03.703 - Panasonic Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.02.00 - Samsung Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
SlimDX Runtime .NET 4.0 x64 (January 2012) (HKLM\...\{A2199A06-89C4-4187-AA4A-3A9676FB799D}) (Version: 2.0.13.43 - SlimDX Group)
TV IR (HKLM-x32\...\{C1FD1627-2EAF-48CB-A333-42D39BCB096D}) (Version: 2.4 - MEDION AG)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Viber (HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\...\Viber) (Version: 3.0.0.134678 - Viber Media Inc)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2717880484-1776808505-1316206091-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Othmar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2717880484-1776808505-1316206091-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Othmar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2717880484-1776808505-1316206091-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Othmar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2717880484-1776808505-1316206091-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Othmar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2717880484-1776808505-1316206091-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Othmar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

11-03-2015 09:41:56 Installed SlimDX Runtime .NET 4.0 x64 (January 2012)
22-03-2015 08:43:03 Geplanter Prüfpunkt
25-03-2015 15:41:47 Windows Update
27-03-2015 17:32:25 MetaEditor wird installiert

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {11AA2F56-21E5-45F5-A1FF-E7A33215120F} - System32\Tasks\Othmar1 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe
Task: {1627F21B-B1C5-4D95-8F87-E374D6FF0A9D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-11] (Microsoft Corporation)
Task: {1D861D4F-86CE-4817-A37F-E89CBE75FEFC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {4A90F9F6-2EFE-4B03-9675-7148E01E94D6} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe
Task: {50911FCF-12A4-4B4C-BE22-D32C3FEC273F} - System32\Tasks\Windows Defender Update => C:\Program Files\Windows Defender\MpCmdRun.exe [2015-01-31] (Microsoft Corporation)
Task: {54AFC8F0-1A18-476D-860B-94D997572C29} - System32\Tasks\Othmar Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe
Task: {620B6C9C-FF41-414B-A06F-164BA7E57229} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {7185F71C-F70F-4550-90F5-216E1A717B76} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-03] (Google Inc.)
Task: {7925C416-76D5-4D01-AAB3-208FE7530087} - System32\Tasks\Othmar DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
Task: {9BF38F38-ECFC-4ED8-BA33-B59E329FE313} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-26] (Adobe Systems Incorporated)
Task: {9E5CE3F1-E1CA-42AB-B023-D6695553EA35} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {AB9D6AB4-7293-48F4-8AC0-24CF3C494D2D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {C79F84D6-6583-457D-B868-AD22B439C5E5} - System32\Tasks\Othmar => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe
Task: {F3F2AE8E-0802-4CA4-AAC7-231D2730CA81} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-03] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-04-16 09:17 - 2011-04-11 07:26 - 00034304 _____ () C:\Windows\System32\spe__l.dll
2015-01-21 16:01 - 2015-01-21 16:01 - 08898728 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-09-29 17:26 - 2014-07-24 19:40 - 00936656 _____ () C:\Users\Othmar\AppData\Local\Viber\Viber.exe
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-09-02 10:54 - 2012-04-16 22:25 - 00221696 _____ () C:\Program Files (x86)\TV IR\shutTask.exe
2014-09-02 10:54 - 2012-04-26 17:20 - 01454592 _____ () C:\Program Files (x86)\TV IR\TV IR.exe
2014-09-02 10:54 - 2010-07-07 18:21 - 02097152 _____ () C:\Program Files (x86)\TV IR\RmCard.dll
2015-01-21 16:01 - 2015-01-21 16:01 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-03-09 20:53 - 2015-03-09 20:53 - 49471488 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\libViber.dll
2015-03-09 20:53 - 2015-03-09 20:53 - 00770048 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\libGLESv2.dll
2015-03-09 20:53 - 2015-03-09 20:53 - 00106496 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\qfacebook.dll
2015-03-09 20:53 - 2015-03-09 20:53 - 00172032 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\exif.dll
2015-03-09 20:53 - 2015-03-09 20:53 - 00049152 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\libEGL.dll
2015-03-09 20:53 - 2015-03-09 20:53 - 00876544 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\platforms\qwindows.dll
2015-03-09 20:53 - 2015-03-09 20:53 - 00024576 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\imageformats\qgif.dll
2015-03-09 20:53 - 2015-03-09 20:53 - 00024576 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\imageformats\qico.dll
2015-03-09 20:53 - 2015-03-09 20:53 - 00204800 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\imageformats\qjpeg.dll
2015-03-09 20:53 - 2015-03-09 20:53 - 00221184 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\imageformats\qmng.dll
2015-03-09 20:53 - 2015-03-09 20:53 - 00016384 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\imageformats\qsvg.dll
2015-03-09 20:53 - 2015-03-09 20:53 - 00016384 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\imageformats\qtga.dll
2015-03-09 20:53 - 2015-03-09 20:53 - 00311296 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\imageformats\qtiff.dll
2015-03-09 20:53 - 2015-03-09 20:53 - 00016384 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\imageformats\qwbmp.dll
2015-03-09 20:53 - 2015-03-09 20:53 - 00638976 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\sqldrivers\qsqlite.dll
2015-03-09 20:53 - 2015-03-09 20:53 - 00032768 _____ () C:\Users\Othmar\AppData\Local\Viber\5.0.1.42\iconengines\qsvgicon.dll
2014-09-02 10:52 - 2007-04-19 09:33 - 00035584 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uPiApi.dll
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Othmar\Downloads\Einladung.eml:OECustomProperty
AlternateDataStreams: C:\Users\Othmar\Downloads\Reiseplan – detailliert Reisedatum_ Dienstag, 13. Januar 2015(1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Othmar\Downloads\Reiseplan – detailliert Reisedatum_ Dienstag, 13. Januar 2015(2).eml:OECustomProperty
AlternateDataStreams: C:\Users\Othmar\Downloads\Reiseplan – detailliert Reisedatum_ Dienstag, 13. Januar 2015.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\Control Panel\Desktop\\Wallpaper -> L:\humi\reisen ab 2014\chile Patagonien 2015\_bilder patagonien 2015 best\P1030927.JPG
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2717880484-1776808505-1316206091-500 - Administrator - Disabled)
Gast (S-1-5-21-2717880484-1776808505-1316206091-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2717880484-1776808505-1316206091-1003 - Limited - Enabled)
NeroMediaHomeUser.4 (S-1-5-21-2717880484-1776808505-1316206091-1004 - Limited - Enabled) => C:\Users\NeroMediaHomeUser.4
Othmar (S-1-5-21-2717880484-1776808505-1316206091-1001 - Administrator - Enabled) => C:\Users\Othmar

==================== Faulty Device Manager Devices =============

Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/30/2015 09:25:59 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (03/30/2015 09:25:57 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (03/30/2015 09:17:08 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (03/30/2015 09:17:06 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (03/30/2015 09:16:31 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex (4100) Versuch, Datei "C:\Users\Othmar\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (03/30/2015 08:18:46 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (03/30/2015 08:18:44 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=3

Error: (03/29/2015 03:08:20 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (03/29/2015 03:08:17 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (03/29/2015 03:08:03 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex (5220) Versuch, Datei "C:\Users\Othmar\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.


System errors:
=============
Error: (03/30/2015 09:22:54 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (03/30/2015 09:22:24 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/30/2015 09:22:24 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/30/2015 09:22:24 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "FABS - Helping agent for MAGIX media database" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/30/2015 09:22:24 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/30/2015 09:22:24 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/30/2015 09:22:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Nero MediaHome 4 Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/30/2015 09:22:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/30/2015 09:22:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Skype Click to Call PNR Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/30/2015 09:22:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Skype Click to Call Updater" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (03/30/2015 09:25:59 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (03/30/2015 09:25:57 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (03/30/2015 09:17:08 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (03/30/2015 09:17:06 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (03/30/2015 09:16:31 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex4100C:\Users\Othmar\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (03/30/2015 08:18:46 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (03/30/2015 08:18:44 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=3

Error: (03/29/2015 03:08:20 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (03/29/2015 03:08:17 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (03/29/2015 03:08:03 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex5220C:\Users\Othmar\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 24%
Total physical RAM: 8136.96 MB
Available physical RAM: 6160.49 MB
Total Pagefile: 9352.96 MB
Available Pagefile: 7136.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.47 GB) (Free:148.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (System-reserviert) (Fixed) (Total:0.34 GB) (Free:0.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive l: (Volume) (Fixed) (Total:1862.67 GB) (Free:521.31 GB) NTFS
Drive m: (m) (Fixed) (Total:1863.01 GB) (Free:670.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 114019AF)
Partition 1: (Active) - (Size=238.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 114019A3)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.7 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: DF3B428C)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================

DANKE für die Unterstützung

Humi

M-K-D-B · 30.03.2015, 10:31

Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
DeleteKey: HKEY_CURRENT_USER\"Software
DeleteKey: HKEY_CURRENT_USER\Software\Trolltech
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r343-n-bc.exe
URLSearchHook: [S-1-5-21-2717880484-1776808505-1316206091-1004] ATTENTION ==> Default URLSearchHook is missing.
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.

Starte die HitmanPro.exe
Klicke auf
Entferne den Haken bei
Klicke auf
und
Akzeptiere die Lizenzbedingungen und klicke auf
Klicke auf

und auf
Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro und poste mir das Log.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von HitmanPro,
die Logdatei von ESET,
die Logdatei von SecurityCheck.

humi_o · 31.03.2015, 21:24

Hallo,

anbei das Fixlog

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Othmar at 2015-03-31 15:28:27 Run:3
Running from C:\Users\Othmar\Desktop
Loaded Profiles: Othmar & NeroMediaHomeUser.4 &  (Available profiles: Othmar & NeroMediaHomeUser.4)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
DeleteKey: HKEY_CURRENT_USER\"Software
DeleteKey: HKEY_CURRENT_USER\Software\Trolltech
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r343-n-bc.exe
URLSearchHook: [S-1-5-21-2717880484-1776808505-1316206091-1004] ATTENTION ==> Default URLSearchHook is missing.
EmptyTemp:
end
         
*****************

Processes closed successfully.
HKEY_CURRENT_USER\"Software => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_CURRENT_USER\"Software => Key Deleted Successfully.
HKEY_CURRENT_USER\Software\Trolltech => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_CURRENT_USER\Software\Trolltech => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r343-n-bc.exe => Key Deleted successfully.
Error setting Default URLSearchHook.
EmptyTemp: => Removed 68.2 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 15:28:40 ====

als nächstes die hitman_pro

Code:

ATTFilter

HitmanPro 3.7.9.240
www.hitmanpro.com

   Computer name . . . . : HUMITSCH
   Windows . . . . . . . : 6.2.0.9200.X64/8
   User name . . . . . . : Humitsch\Othmar
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2015-03-31 15:43:11
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 3s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : Yes

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 9

   Objects scanned . . . : 1*801*848
   Files scanned . . . . : 69*139
   Remnants scanned  . . : 491*685 files / 1*241*024 keys

Malware _____________________________________________________________________

   C:\Users\Othmar\Downloads\Microsoft Office Professional Plus 2013 x86 x64 Final ♥ 007 ♥\Activators\KMSPico v9.0.5.20131119\KMSpico Install\KMSpico_setup.exe -> Deleted
      Size . . . . . . . : 2*806*144 bytes
      Age  . . . . . . . : 420.9 days (2014-02-03 17:45:58)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 0ECA9EEE4E62CC6998ECB593B0C6AA971C08C0E44F97BBCF550E7A930F9CF178
      Product  . . . . . : KMSpico                                                     
      Publisher  . . . . :                                                             
      Description  . . . : KMSpico Setup                                               
      Version  . . . . . : 9.0.5
      RSA Key Size . . . : 1024
      LanguageID . . . . : 0
      Authenticode . . . : Self-signed
    > Bitdefender  . . . : Trojan.Generic.10016248
    > Kaspersky  . . . . : HEUR:Trojan.Win32.Generic
      Fuzzy  . . . . . . : 111.0


Suspicious files ____________________________________________________________

   C:\Users\Othmar\Desktop\FRST64.exe
      Size . . . . . . . : 2*095*616 bytes
      Age  . . . . . . . : 9.1 days (2015-03-22 14:11:35)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 72AAB1C62CF0BC00F5B102954B603D1509B2AF5F0BD1911E9CAE98C4DDE2D152
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 23.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -9.4s C:\Users\Othmar\Desktop\FRST64.exe
         10.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F1E20B6A-F358-4FA8-815F-798110D86995}
         11.8s C:\FRST\
         11.8s C:\FRST\Hives\
         11.8s C:\FRST\Logs\
         11.8s C:\FRST\Quarantine\
         12.6s C:\FRST\Hives\ERDNT.INF
         12.6s C:\FRST\Hives\ERDNT.CON
         12.6s C:\FRST\Hives\SYSTEM
         12.8s C:\FRST\Hives\SOFTWARE
         14.3s C:\FRST\Hives\DEFAULT
         14.3s C:\FRST\Hives\SECURITY
         14.3s C:\FRST\Hives\SAM
         14.3s C:\FRST\Hives\Users\
         14.3s C:\FRST\Hives\Users\00000001\
         14.4s C:\FRST\Hives\Users\00000001\NTUSER.DAT
         14.4s C:\FRST\Hives\Users\00000002\
         14.4s C:\FRST\Hives\Users\00000002\UsrClass.dat
         14.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E5F4E179-A53F-466C-B505-8C0BD0E256BF}
         14.6s C:\FRST\Hives\BCD
         14.7s C:\FRST\Hives\ERDNT.EXE
         14.7s C:\FRST\Hives\ERDNTWIN.LOC
         14.7s C:\FRST\Hives\ERDNTDOS.LOC
         14.7s C:\Users\Othmar\Desktop\FRST.txt
         18.0s C:\Windows\Prefetch\FRST64.EXE-C9E457C5.pf
         36.0s C:\Users\Othmar\Desktop\Addition.txt
         57.5s C:\FRST\Logs\Addition_22-03-2015_13-12-32.txt
         59.3s C:\FRST\Logs\FRST_22-03-2015_13-12-34.txt


Potential Unwanted Programs _________________________________________________

   HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player) -> Deleted
   HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro) -> Deleted
   HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player) -> PendingDelete
   HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro) -> PendingDelete
   HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro) -> Deleted
   HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}\ (PCOptimizerPro) -> Deleted
   HKU\S-1-5-21-2717880484-1776808505-1316206091-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} (iLivid) -> Deleted

eset log:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=b678d9c8737a7e40893b1979b6c50b29
# engine=23019
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-22 10:16:19
# local_time=2015-03-22 11:16:19 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 8167 4500511 0 0
# scanned=765666
# found=50
# cleaned=45
# scan_time=6751
sh=58082C6FD69B624C913A4F5B4F0E1641EAAB2C6F ft=1 fh=311ff3fd5f86bccf vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\IePluginServices\PluginService.exe"
sh=E15DF75E5B81A209E0E453092C9610C3F8DC7073 ft=1 fh=8918dac93ad3a346 vn="Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Wincert\win32cert.dll"
sh=9B56D5787C88CF939DABA1E9273775A1D33EF25F ft=1 fh=8aacdf233e2d6e39 vn="Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Wincert\win32prop.dll"
sh=2FA019C3D1CC2BC1905FBD6765DA3CFBE851DD64 ft=1 fh=f275e610e24fd946 vn="Win64/Toolbar.SearchSuite.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Wincert\win64cert.dll"
sh=34ABB88310B01A075382292FDE9F2B6E727E5D66 ft=1 fh=1bef8d0f51d0bf3a vn="Win64/Toolbar.SearchSuite.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Wincert\win64prop.dll"
sh=1DBF1556C82A78CA45882E66DD83C0A977BF8D23 ft=1 fh=328989ef9803066c vn="Win32/Thinknice.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\SupTab\DpInterface32.dll"
sh=9042385F0336C5429FCD45FC347CC29A9BC06BB0 ft=1 fh=a7a426d7c77c80fb vn="Win32/Thinknice.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\SupTab\SupTab.dll"
sh=58082C6FD69B624C913A4F5B4F0E1641EAAB2C6F ft=1 fh=311ff3fd5f86bccf vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung (gelöscht (nach dem nächsten Neustart) - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\IePluginServices\PluginService.exe"
sh=E15DF75E5B81A209E0E453092C9610C3F8DC7073 ft=1 fh=8918dac93ad3a346 vn="Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\Wincert\win32cert.dll"
sh=9B56D5787C88CF939DABA1E9273775A1D33EF25F ft=1 fh=8aacdf233e2d6e39 vn="Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\Wincert\win32prop.dll"
sh=2FA019C3D1CC2BC1905FBD6765DA3CFBE851DD64 ft=1 fh=f275e610e24fd946 vn="Win64/Toolbar.SearchSuite.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\Wincert\win64cert.dll"
sh=34ABB88310B01A075382292FDE9F2B6E727E5D66 ft=1 fh=1bef8d0f51d0bf3a vn="Win64/Toolbar.SearchSuite.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\Wincert\win64prop.dll"
sh=A4A6E371BE916A39716CAAD865FE347EAE3FD8D2 ft=1 fh=f8ac8fd70f0db805 vn="Variante von Win32/Toolbar.SearchSuite.W.gen evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Othmar\ViberSetup.exe"
sh=49BCD5E02656CE5C67C3D9D1AA76F9AFFD09321A ft=1 fh=55bf422dc7db24ed vn="Win32/Packed.ScrambleWrapper.M evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Othmar\AppData\Local\DownloadGuide\Offers\plus-hd-8-8.exe"
sh=A416ACC21756868987F275190BD1033BF74E180C ft=1 fh=d3699c00a2c5c199 vn="Variante von Win32/Adware.Synatix.A Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Othmar\AppData\Local\DownloadGuide\Offers\protegere.exe"
sh=95D1E596ACC1912879100C54027750C1772027C7 ft=1 fh=212faf0536ad9d68 vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Othmar\AppData\Local\DownloadGuide\Offers\ResultsAlphaSetup.exe"
sh=C44FEB9DD6271C71E9D4B4899D73CAA0F5F93746 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c"
sh=C44FEB9DD6271C71E9D4B4899D73CAA0F5F93746 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000054"
sh=315A51E8232B7D3866629D4A03D8C0FEB572D021 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b4"
sh=26665B45DC515852BF1B6D1278DA8615995225F6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Othmar\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000d6"
sh=AC3EDAD8683B505636EEDF34C85B882E096245FA ft=1 fh=49ad4c2161af039f vn="Variante von Win32/Toolbar.SearchSuite.P evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Othmar\AppData\Local\iLivid\Helper.dll"
sh=4A157461043BF52BD89134CC9A718CB2BBF614B4 ft=1 fh=95b8994d155fbc7d vn="Variante von Win32/Toolbar.SearchSuite.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Othmar\AppData\Local\iLivid\Uninstall.exe"
sh=315A51E8232B7D3866629D4A03D8C0FEB572D021 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Othmar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GEDQ45YQ\monetizationLoader[1].js"
sh=C44FEB9DD6271C71E9D4B4899D73CAA0F5F93746 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Othmar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3061122\monetizationLoader[1].js"
sh=26665B45DC515852BF1B6D1278DA8615995225F6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Othmar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3061122\monetizationLoader[2].js"
sh=C44FEB9DD6271C71E9D4B4899D73CAA0F5F93746 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Othmar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HSLIVV6B\monetizationLoader[1].js"
sh=7C05A460CED51E5C586D5651A9D4822B41BD3D80 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Othmar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HSLIVV6B\monetizationLoader[2].js"
sh=02EE4B9FBDD56A94CAD254A78B59B16F8EC00AB7 ft=1 fh=f0f18af391f65e2f vn="Variante von Win32/Toolbar.Babylon.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Othmar\AppData\Local\Temp\BuenoSearchTB.exe"
sh=A9CC2FBE35C252046EB170B8413AA080E21CA155 ft=1 fh=f0cdfbc8323ede76 vn="Variante von Win32/AdWare.SpeedingUpMyPC.N Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Othmar\AppData\Local\Temp\OptimizerPro.exe"
sh=A965352522DB9DC82312DC9D4B3A768D6B3F1C95 ft=1 fh=a84ab7f51d33cc18 vn="Mehrere Bedrohungen (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Othmar\AppData\Local\Temp\optprosetup.exe"
sh=CEB2379D06A3069DEB115847F10804A6C3CA87A3 ft=1 fh=e517f2ff65b47a36 vn="Variante von Win32/ELEX.AQ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Othmar\AppData\Local\Temp\smt_omiga-plus.exe"
sh=FB3F7E2BF56F5EA06763303CDAA0E962E975E063 ft=1 fh=c0dea5299389dc4e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Othmar\AppData\Local\Temp\DMR\dmr_72.exe"
sh=0549F1CF9B69BCF65C1CB0B3BAC28025F275801C ft=1 fh=1072d6cd2f1153d4 vn="Win32/Toolbar.SearchSuite.W evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Othmar\AppData\Local\Viber\Helper.dll"
sh=E54A0979FCE354F20EE9D0B1C43E4A509D75ADF1 ft=1 fh=c447c7400866f495 vn="Variante von Win32/Toolbar.SearchSuite.W.gen evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Othmar\AppData\Local\Viber\Uninstall.exe"
sh=3A92D0D4B9D889BEB6661D21AFA48DFD8E1BC2C0 ft=1 fh=22a2631311e9dca9 vn="Variante von Win32/DealPly.S evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Othmar\AppData\Roaming\PriceMeterUpdater\UpdateProc\UpdateTask.exe"
sh=1D9AE65A97C417A8083FB38EFDB8022EAE3A9698 ft=1 fh=8dd7dc1cf3445b5c vn="Variante von Win32/Adware.Synatix.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Othmar\AppData\Roaming\Security System 2\uninstaller.exe"
sh=4CB8BAEC932D45AD9DF4E866C50668F3857DF132 ft=1 fh=c71c001110b3f691 vn="Variante von Win32/Injected.F Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Othmar\Downloads\COMPUTER_BILD-Download-Manager_fuer_gimp-help-2-2.8.0-de-setup.exe"
sh=AD9CE8659ED70302962AEE55285BE03D21DD2D34 ft=1 fh=d711bf25f8700f75 vn="Win32/Somoto.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Othmar\Downloads\SAMSUNG_downloader-I1xILlaM0.exe"
sh=19E76C043E0459C53BCBF6ADB2686467723E3667 ft=1 fh=f852cabdd8f1aafa vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Othmar\Downloads\SoftonicDownloader_fuer_acdsee-foto-editor (1).exe"
sh=19E76C043E0459C53BCBF6ADB2686467723E3667 ft=1 fh=f852cabdd8f1aafa vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Othmar\Downloads\SoftonicDownloader_fuer_acdsee-foto-editor.exe"
sh=4550A8928CD76418EB64E8102C6DD516A9FAF622 ft=1 fh=04e48fca5f1d7ef5 vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Othmar\Downloads\SoftonicDownloader_fuer_acdsee-free (1).exe"
sh=4550A8928CD76418EB64E8102C6DD516A9FAF622 ft=1 fh=04e48fca5f1d7ef5 vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Othmar\Downloads\SoftonicDownloader_fuer_acdsee-free (2).exe"
sh=4550A8928CD76418EB64E8102C6DD516A9FAF622 ft=1 fh=04e48fca5f1d7ef5 vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Othmar\Downloads\SoftonicDownloader_fuer_acdsee-free.exe"
sh=5E6AAC7478B58AC43ACB54E91922C0A1EF077E22 ft=1 fh=fe4cc736e5840d25 vn="Variante von MSIL/DownloadGuide.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Othmar\Downloads\wintv7_cd_3.2-Downloader(1).exe"
sh=5E6AAC7478B58AC43ACB54E91922C0A1EF077E22 ft=1 fh=fe4cc736e5840d25 vn="Variante von MSIL/DownloadGuide.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Othmar\Downloads\wintv7_cd_3.2-Downloader.exe"
sh=A49A87421113D3EFDCE3DD1FDA9B1247D67A00E0 ft=1 fh=9f43e2c99e2d4cbd vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="L:\$RECYCLE.BIN\S-1-5-21-2717880484-1776808505-1316206091-1001\$RX6FPF7.exe"
sh=08FDED08826C535A6DB13E816065FD95CBE89949 ft=1 fh=e8b1ca870856da57 vn="Variante von Win32/AdInstaller evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="L:\humi\humi (humi2)\PC\zlsSetup_70_462_000_de.exe"
sh=08FDED08826C535A6DB13E816065FD95CBE89949 ft=1 fh=e8b1ca870856da57 vn="Variante von Win32/AdInstaller evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="L:\humi\humi (humi2)\PC\PC\zlsSetup_70_462_000_de.exe"
sh=08FDED08826C535A6DB13E816065FD95CBE89949 ft=1 fh=e8b1ca870856da57 vn="Variante von Win32/AdInstaller evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="M:\humi_12032015\humi (humi2)\PC\zlsSetup_70_462_000_de.exe"
sh=08FDED08826C535A6DB13E816065FD95CBE89949 ft=1 fh=e8b1ca870856da57 vn="Variante von Win32/AdInstaller evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="M:\humi_12032015\humi (humi2)\PC\PC\zlsSetup_70_462_000_de.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=b678d9c8737a7e40893b1979b6c50b29
# engine=23169
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-31 04:19:45
# local_time=2015-03-31 06:19:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 8872 5138681 0 0
# scanned=752957
# found=0
# cleaned=0
# scan_time=8080

next checkup.txt

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.99  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java(TM) 6 Update 20  
 Java version 32-bit out of Date! 
  Adobe Flash Player 	16.0.0.305 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (36.0.4) 
 Google Chrome 36.0.1985.125  Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Windows Defender MsMpEng.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

DANKE DANKE DANKE für die Unterstützung

Humi

M-K-D-B · 31.03.2015, 21:57

Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren

Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
Klicke auf OK.
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

M-K-D-B · 04.04.2015, 09:50

Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

humi_o · 06.04.2015, 12:57

Hi vielen Dank für die rasche und kompetente Hilfe.
Ihr seid einfach spitze!

Humi

Win8 PC langsam, cookie verhalten in Firefox anders als eingestellt Virus?

Log-Analyse und Auswertung: Win8 PC langsam, cookie verhalten in Firefox anders als eingestellt Virus?