FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014 02
Ran by Ulrike (administrator) on FEE on 12-10-2014 23:43:42
Running from C:\Users\Ulrike\Downloads
Loaded Profiles: Ulrike & UpdatusUser (Available profiles: Ulrike & UpdatusUser)
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\SysWOW64\Rezip.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Users\Ulrike\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
() C:\Windows\System32\dsound64.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Elgato Systems) C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(SMART Technologies ULC) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Joyent, Inc) C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9644576 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2149160 2010-05-21] (Synaptics Incorporated)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [Ocs_SM] => C:\Users\Ulrike\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2011-05-20] (OCS)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
HKLM-x32\...\Run: [SweetIM] => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SMART Board Tools] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe [9279824 2013-01-31] (SMART Technologies ULC)
HKLM-x32\...\Run: [sbsdk-server] => C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe [62800 2013-03-07] (SMART Technologies)
HKLM-x32\...\Run: [SMART Board Service] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe [2111824 2013-03-07] (SMART Technologies)
HKLM-x32\...\Run: [SMART Ink] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe [99152 2013-03-04] (SMART Technologies)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1989920 2013-08-26] (Wondershare)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\...\Run: [Remote Control Editor] => C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe [1689088 2010-06-09] (Elgato Systems)
HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\...\Run: [vProt] => C:\Program Files (x86)\GameBox\vprot.exe
HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - Winamp Toolbar Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
URLSearchHook: HKLM-x32 - (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No File
URLSearchHook: HKCU - Winamp Toolbar Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
URLSearchHook: HKCU - (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
SearchScopes: HKLM-x32 - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20110604213404697&tb_oid=04-06-2011&tb_mrud=04-06-2011
SearchScopes: HKCU - DefaultScope Plasmoo URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - Plasmoo URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {1AAA4C45-8822-406A-A5F2-E02E11DB0F18} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=6245dc2d-e7a0-4871-a851-f54e50e7f0fd&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {3EFCB509-A1C8-4DA3-83A2-843E54C07D9C} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=6245dc2d-e7a0-4871-a851-f54e50e7f0fd&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {9F16F45B-8EF0-49B1-B3EE-499FAC1C28FD} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=6245dc2d-e7a0-4871-a851-f54e50e7f0fd&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {BDC2801B-E02B-4AB4-A9AF-391950B3C993} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=6245dc2d-e7a0-4871-a851-f54e50e7f0fd&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL =
BHO: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files (x86)\SMART Technologies\Education Software\Win64\NotebookPlugin.dll (SMART Technologies ULC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files (x86)\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
Toolbar: HKLM-x32 - No Name - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No File
Toolbar: HKLM-x32 - Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File
Toolbar: HKCU - No Name - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No File
Toolbar: HKCU - No Name - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://www.google.de?hl=de&gl=de
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.9 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\icqplugin-6.xml
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\icqplugin-7.xml
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\icqplugin-8.xml
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\ponseu--franzsisch--deutsch.xml
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\stupidedia-de.xml
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\wortschatz-deutsch.xml
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\youtube-videosuche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\Extensions\abs@avira.com [2014-10-02]
FF Extension: Avira SafeSearch - C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\Extensions\safesearch@avira.com [2014-09-18]
FF Extension: DownloadHelper - C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-09]
FF Extension: DuckDuckGo Plus - C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2014-10-12]
FF Extension: NoScript - C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-10-12]
FF Extension: Adblock Plus - C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-12]
FF Extension: BetterPrivacy - C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-10-12]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-10-25]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF HKLM-x32\...\Firefox\Extensions: [{52B371F0-828A-43FB-B887-83DF5E00F635}] - C:\windows\Installer\{5219D5B4-2539-48C6-B225-EF366037A661}\{52B371F0-828A-43FB-B887-83DF5E00F635}.xpi
FF Extension: Download Protect - C:\windows\Installer\{5219D5B4-2539-48C6-B225-EF366037A661}\{52B371F0-828A-43FB-B887-83DF5E00F635}.xpi [2014-10-12]
Chrome:
=======
CHR Profile: C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Download Protect) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\abmoeddnkegjhaajcemkbdfeffffbjmh [2014-03-12]
CHR Extension: (Google Docs) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-09]
CHR Extension: (Google Drive) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-09]
CHR Extension: (YouTube) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-09]
CHR Extension: (Google-Suche) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-09]
CHR Extension: (Download Protect) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljioomgcfdinaakfcgkdfnpobgmhbn [2014-01-06]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]
CHR Extension: (Google Mail) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-09]
CHR HKLM-x32\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.crx []
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-19] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] () [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 SearchAnonymizer; C:\Users\Ulrike\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2011-05-20] () [File not signed]
R2 SMARTHelperService; C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [582992 2013-03-07] (SMART Technologies)
R2 subst64; C:\windows\system32\dsound64.exe [118784 2014-03-08] () [File not signed]
S2 fosfiles; C:\windows\system32\MP3DMODd.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-14] (Avira Operations GmbH & Co. KG)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2010-12-29] (Windows (R) 2003 DDK 3790 provider)
R3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [10240 2013-03-07] (SMART Technologies)
R3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [9216 2013-03-07] (SMART Technologies)
R3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [22184 2013-03-07] (SMART Technologies ULC)
S3 TTHID; C:\Windows\System32\DRIVERS\Cinergy_Hybrid-Stick_HID.sys [26688 2009-11-04] (DTV-DVB)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()
S3 UDXTTM6010; C:\Windows\System32\DRIVERS\UDXTTM6010.sys [840128 2009-11-04] ()
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
S3 Ser2pl; system32\DRIVERS\ser2pl64.sys [X]
U2 TMAgent; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-12 23:43 - 2014-10-12 23:45 - 00026662 _____ () C:\Users\Ulrike\Downloads\FRST.txt
2014-10-12 23:43 - 2014-10-12 23:43 - 00000000 ____D () C:\FRST
2014-10-12 23:42 - 2014-10-12 23:42 - 02110464 _____ (Farbar) C:\Users\Ulrike\Downloads\FRST64.exe
2014-10-12 11:55 - 2014-10-11 15:00 - 00022688 _____ () C:\Users\Ulrike\Documents\D-Gruppen_Fächerwahl_2014_2015.xls_0.ods
2014-10-12 00:48 - 2014-10-12 00:48 - 00000000 ____D () C:\windows\system32\SPReview
2014-10-06 01:10 - 2014-10-06 01:10 - 09548621 _____ (HalfBaked ) C:\Users\Ulrike\Downloads\setup_hotpot_6305(2).exe
2014-10-05 23:46 - 2014-10-05 23:46 - 00002875 _____ () C:\Users\Ulrike\Desktop\CrissCross 8.40.lnk
2014-10-05 23:46 - 2014-10-05 23:46 - 00000000 ____D () C:\Users\Ulrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CrissCross
2014-10-05 23:44 - 2014-10-05 23:44 - 00000000 ____D () C:\Users\Ulrike\Downloads\CrissCross-Kreuzworträtsel-Generator
2014-10-05 23:43 - 2014-10-05 23:43 - 00000000 ____D () C:\Users\Ulrike\AppData\Roaming\NVIDIA
2014-10-05 23:42 - 2014-10-05 23:43 - 00712432 _____ ( ) C:\Users\Ulrike\Downloads\FileOpenerSetup.exe
2014-10-05 23:42 - 2014-10-05 23:42 - 01047704 _____ () C:\Users\Ulrike\Downloads\CrissCross-Kreuzwortrtsel-Generator-lnstall.exe
2014-09-29 14:44 - 2014-09-29 14:34 - 00052793 _____ () C:\Users\Ulrike\Documents\BPiqueNiqueErster%20Hörtext.doc_0.odt
2014-09-29 09:47 - 2014-09-29 09:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-14 16:11 - 2014-09-14 16:11 - 00087984 _____ () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-14 16:11 - 2014-09-14 16:11 - 00087984 _____ () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-14 16:10 - 2014-09-14 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-12 17:51 - 2014-09-05 04:01 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-12 17:51 - 2014-09-05 03:55 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-12 22:48 - 2013-03-02 20:36 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-12 22:47 - 2012-06-23 22:05 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-10-12 22:00 - 2010-10-26 00:18 - 02085261 _____ () C:\windows\WindowsUpdate.log
2014-10-12 21:36 - 2013-03-02 20:36 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-12 20:20 - 2011-04-19 18:17 - 00000000 ____D () C:\Users\Ulrike\AppData\Local\Axialis
2014-10-12 09:08 - 2011-04-16 21:08 - 00000000 ____D () C:\Users\Ulrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-10-12 09:01 - 2009-07-14 06:45 - 00019808 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-12 09:01 - 2009-07-14 06:45 - 00019808 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-12 08:56 - 2014-03-27 14:27 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-10-12 08:54 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-12 08:53 - 2009-07-14 06:51 - 00148717 _____ () C:\windows\setupact.log
2014-10-11 00:10 - 2012-02-14 20:08 - 00003914 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{17820771-15AD-4F22-9070-B5047305D849}
2014-10-07 22:51 - 2010-10-25 08:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-06 01:11 - 2013-02-19 11:12 - 00001027 _____ () C:\Users\Ulrike\Desktop\HotPotatoes 6.lnk
2014-10-06 01:11 - 2013-02-19 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HotPotatoes 6
2014-10-06 01:11 - 2013-02-19 11:12 - 00000000 ____D () C:\Program Files (x86)\HotPotatoes6
2014-10-02 11:11 - 2011-04-16 21:08 - 00000000 ____D () C:\Users\Ulrike
2014-10-02 11:05 - 2010-10-25 09:30 - 00850236 _____ () C:\windows\PFRO.log
2014-10-02 08:43 - 2012-07-04 18:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-29 13:30 - 2010-10-26 00:56 - 00652274 _____ () C:\windows\system32\perfh007.dat
2014-09-29 13:30 - 2010-10-26 00:56 - 00129282 _____ () C:\windows\system32\perfc007.dat
2014-09-29 13:30 - 2009-07-14 07:13 - 01492544 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-29 09:47 - 2012-06-23 22:05 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-29 09:47 - 2012-06-23 22:05 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-09-29 09:47 - 2011-06-15 14:40 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-14 23:58 - 2011-11-02 00:21 - 00000000 ____D () C:\Users\Ulrike\Documents\Sinja
2014-09-14 16:10 - 2014-08-20 16:23 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-14 16:10 - 2014-08-20 16:23 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-14 16:10 - 2013-08-14 00:15 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-13 15:00 - 2014-07-10 13:56 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-09-13 15:00 - 2013-08-14 00:46 - 00000000 ____D () C:\windows\system32\MRT
2014-09-13 14:52 - 2012-03-03 23:06 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\Ulrike\AppData\Local\Temp\avgnt.exe
C:\Users\Ulrike\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Ulrike\AppData\Local\Temp\sdan.exe
C:\Users\Ulrike\AppData\Local\Temp\sdapk.exe
C:\Users\Ulrike\AppData\Local\Temp\sdaspwn.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-06 16:06
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- ---
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014 02
Ran by Ulrike (administrator) on FEE on 12-10-2014 23:43:42
Running from C:\Users\Ulrike\Downloads
Loaded Profiles: Ulrike & UpdatusUser (Available profiles: Ulrike & UpdatusUser)
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\SysWOW64\Rezip.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Users\Ulrike\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
() C:\Windows\System32\dsound64.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Elgato Systems) C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(SMART Technologies ULC) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Joyent, Inc) C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9644576 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2149160 2010-05-21] (Synaptics Incorporated)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [Ocs_SM] => C:\Users\Ulrike\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2011-05-20] (OCS)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
HKLM-x32\...\Run: [SweetIM] => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SMART Board Tools] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe [9279824 2013-01-31] (SMART Technologies ULC)
HKLM-x32\...\Run: [sbsdk-server] => C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe [62800 2013-03-07] (SMART Technologies)
HKLM-x32\...\Run: [SMART Board Service] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe [2111824 2013-03-07] (SMART Technologies)
HKLM-x32\...\Run: [SMART Ink] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe [99152 2013-03-04] (SMART Technologies)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1989920 2013-08-26] (Wondershare)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\...\Run: [Remote Control Editor] => C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe [1689088 2010-06-09] (Elgato Systems)
HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\...\Run: [vProt] => C:\Program Files (x86)\GameBox\vprot.exe
HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - Winamp Toolbar Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
URLSearchHook: HKLM-x32 - (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No File
URLSearchHook: HKCU - Winamp Toolbar Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
URLSearchHook: HKCU - (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
SearchScopes: HKLM-x32 - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20110604213404697&tb_oid=04-06-2011&tb_mrud=04-06-2011
SearchScopes: HKCU - DefaultScope Plasmoo URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - Plasmoo URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {1AAA4C45-8822-406A-A5F2-E02E11DB0F18} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=6245dc2d-e7a0-4871-a851-f54e50e7f0fd&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {3EFCB509-A1C8-4DA3-83A2-843E54C07D9C} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=6245dc2d-e7a0-4871-a851-f54e50e7f0fd&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {9F16F45B-8EF0-49B1-B3EE-499FAC1C28FD} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=6245dc2d-e7a0-4871-a851-f54e50e7f0fd&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {BDC2801B-E02B-4AB4-A9AF-391950B3C993} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=6245dc2d-e7a0-4871-a851-f54e50e7f0fd&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL =
BHO: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files (x86)\SMART Technologies\Education Software\Win64\NotebookPlugin.dll (SMART Technologies ULC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files (x86)\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
Toolbar: HKLM-x32 - No Name - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No File
Toolbar: HKLM-x32 - Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File
Toolbar: HKCU - No Name - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No File
Toolbar: HKCU - No Name - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://www.google.de?hl=de&gl=de
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.9 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\icqplugin-6.xml
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\icqplugin-7.xml
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\icqplugin-8.xml
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\ponseu--franzsisch--deutsch.xml
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\stupidedia-de.xml
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\wortschatz-deutsch.xml
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\youtube-videosuche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\Extensions\abs@avira.com [2014-10-02]
FF Extension: Avira SafeSearch - C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\Extensions\safesearch@avira.com [2014-09-18]
FF Extension: DownloadHelper - C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-09]
FF Extension: DuckDuckGo Plus - C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2014-10-12]
FF Extension: NoScript - C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-10-12]
FF Extension: Adblock Plus - C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-12]
FF Extension: BetterPrivacy - C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-10-12]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-10-25]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF HKLM-x32\...\Firefox\Extensions: [{52B371F0-828A-43FB-B887-83DF5E00F635}] - C:\windows\Installer\{5219D5B4-2539-48C6-B225-EF366037A661}\{52B371F0-828A-43FB-B887-83DF5E00F635}.xpi
FF Extension: Download Protect - C:\windows\Installer\{5219D5B4-2539-48C6-B225-EF366037A661}\{52B371F0-828A-43FB-B887-83DF5E00F635}.xpi [2014-10-12]
Chrome:
=======
CHR Profile: C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Download Protect) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\abmoeddnkegjhaajcemkbdfeffffbjmh [2014-03-12]
CHR Extension: (Google Docs) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-09]
CHR Extension: (Google Drive) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-09]
CHR Extension: (YouTube) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-09]
CHR Extension: (Google-Suche) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-09]
CHR Extension: (Download Protect) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljioomgcfdinaakfcgkdfnpobgmhbn [2014-01-06]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]
CHR Extension: (Google Mail) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-09]
CHR HKLM-x32\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.crx []
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-19] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] () [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 SearchAnonymizer; C:\Users\Ulrike\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2011-05-20] () [File not signed]
R2 SMARTHelperService; C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [582992 2013-03-07] (SMART Technologies)
R2 subst64; C:\windows\system32\dsound64.exe [118784 2014-03-08] () [File not signed]
S2 fosfiles; C:\windows\system32\MP3DMODd.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-14] (Avira Operations GmbH & Co. KG)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2010-12-29] (Windows (R) 2003 DDK 3790 provider)
R3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [10240 2013-03-07] (SMART Technologies)
R3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [9216 2013-03-07] (SMART Technologies)
R3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [22184 2013-03-07] (SMART Technologies ULC)
S3 TTHID; C:\Windows\System32\DRIVERS\Cinergy_Hybrid-Stick_HID.sys [26688 2009-11-04] (DTV-DVB)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()
S3 UDXTTM6010; C:\Windows\System32\DRIVERS\UDXTTM6010.sys [840128 2009-11-04] ()
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
S3 Ser2pl; system32\DRIVERS\ser2pl64.sys [X]
U2 TMAgent; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-12 23:43 - 2014-10-12 23:45 - 00026662 _____ () C:\Users\Ulrike\Downloads\FRST.txt
2014-10-12 23:43 - 2014-10-12 23:43 - 00000000 ____D () C:\FRST
2014-10-12 23:42 - 2014-10-12 23:42 - 02110464 _____ (Farbar) C:\Users\Ulrike\Downloads\FRST64.exe
2014-10-12 11:55 - 2014-10-11 15:00 - 00022688 _____ () C:\Users\Ulrike\Documents\D-Gruppen_Fächerwahl_2014_2015.xls_0.ods
2014-10-12 00:48 - 2014-10-12 00:48 - 00000000 ____D () C:\windows\system32\SPReview
2014-10-06 01:10 - 2014-10-06 01:10 - 09548621 _____ (HalfBaked ) C:\Users\Ulrike\Downloads\setup_hotpot_6305(2).exe
2014-10-05 23:46 - 2014-10-05 23:46 - 00002875 _____ () C:\Users\Ulrike\Desktop\CrissCross 8.40.lnk
2014-10-05 23:46 - 2014-10-05 23:46 - 00000000 ____D () C:\Users\Ulrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CrissCross
2014-10-05 23:44 - 2014-10-05 23:44 - 00000000 ____D () C:\Users\Ulrike\Downloads\CrissCross-Kreuzworträtsel-Generator
2014-10-05 23:43 - 2014-10-05 23:43 - 00000000 ____D () C:\Users\Ulrike\AppData\Roaming\NVIDIA
2014-10-05 23:42 - 2014-10-05 23:43 - 00712432 _____ ( ) C:\Users\Ulrike\Downloads\FileOpenerSetup.exe
2014-10-05 23:42 - 2014-10-05 23:42 - 01047704 _____ () C:\Users\Ulrike\Downloads\CrissCross-Kreuzwortrtsel-Generator-lnstall.exe
2014-09-29 14:44 - 2014-09-29 14:34 - 00052793 _____ () C:\Users\Ulrike\Documents\BPiqueNiqueErster%20Hörtext.doc_0.odt
2014-09-29 09:47 - 2014-09-29 09:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-14 16:11 - 2014-09-14 16:11 - 00087984 _____ () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-14 16:11 - 2014-09-14 16:11 - 00087984 _____ () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-14 16:10 - 2014-09-14 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-12 17:51 - 2014-09-05 04:01 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-12 17:51 - 2014-09-05 03:55 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-12 22:48 - 2013-03-02 20:36 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-12 22:47 - 2012-06-23 22:05 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-10-12 22:00 - 2010-10-26 00:18 - 02085261 _____ () C:\windows\WindowsUpdate.log
2014-10-12 21:36 - 2013-03-02 20:36 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-12 20:20 - 2011-04-19 18:17 - 00000000 ____D () C:\Users\Ulrike\AppData\Local\Axialis
2014-10-12 09:08 - 2011-04-16 21:08 - 00000000 ____D () C:\Users\Ulrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-10-12 09:01 - 2009-07-14 06:45 - 00019808 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-12 09:01 - 2009-07-14 06:45 - 00019808 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-12 08:56 - 2014-03-27 14:27 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-10-12 08:54 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-12 08:53 - 2009-07-14 06:51 - 00148717 _____ () C:\windows\setupact.log
2014-10-11 00:10 - 2012-02-14 20:08 - 00003914 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{17820771-15AD-4F22-9070-B5047305D849}
2014-10-07 22:51 - 2010-10-25 08:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-06 01:11 - 2013-02-19 11:12 - 00001027 _____ () C:\Users\Ulrike\Desktop\HotPotatoes 6.lnk
2014-10-06 01:11 - 2013-02-19 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HotPotatoes 6
2014-10-06 01:11 - 2013-02-19 11:12 - 00000000 ____D () C:\Program Files (x86)\HotPotatoes6
2014-10-02 11:11 - 2011-04-16 21:08 - 00000000 ____D () C:\Users\Ulrike
2014-10-02 11:05 - 2010-10-25 09:30 - 00850236 _____ () C:\windows\PFRO.log
2014-10-02 08:43 - 2012-07-04 18:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-29 13:30 - 2010-10-26 00:56 - 00652274 _____ () C:\windows\system32\perfh007.dat
2014-09-29 13:30 - 2010-10-26 00:56 - 00129282 _____ () C:\windows\system32\perfc007.dat
2014-09-29 13:30 - 2009-07-14 07:13 - 01492544 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-29 09:47 - 2012-06-23 22:05 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-29 09:47 - 2012-06-23 22:05 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-09-29 09:47 - 2011-06-15 14:40 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-14 23:58 - 2011-11-02 00:21 - 00000000 ____D () C:\Users\Ulrike\Documents\Sinja
2014-09-14 16:10 - 2014-08-20 16:23 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-14 16:10 - 2014-08-20 16:23 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-14 16:10 - 2013-08-14 00:15 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-13 15:00 - 2014-07-10 13:56 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-09-13 15:00 - 2013-08-14 00:46 - 00000000 ____D () C:\windows\system32\MRT
2014-09-13 14:52 - 2012-03-03 23:06 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\Ulrike\AppData\Local\Temp\avgnt.exe
C:\Users\Ulrike\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Ulrike\AppData\Local\Temp\sdan.exe
C:\Users\Ulrike\AppData\Local\Temp\sdapk.exe
C:\Users\Ulrike\AppData\Local\Temp\sdaspwn.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-06 16:06
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- ---
Lieber Schrauber,
Danke für die umgehende Antwort mit gleichzeitiger Schulung ! (die Raute hätte ich nich gefunden). Sorry, dass Dir zusätzliche Arbeit entstanden ist ! Es tut mir echt leid... weiß doch, wie man sich zwischen 1000 Jobs einklemmen kann und keine überflüssigen Sekunden hat.
So herzlichen Dank fürs Durchsehen. Ist nvidia tray vielleicht schuld (kling so böse) ?
Inzwischen habe ich ecosia wieder als Suchmaschine, und da meldet sich nun better privacy brav wieder. Vielleicht sollte man einfach nicht mehr googeln...
Also herzlichen Dank !
Und nimm Dir Zeit,
umu |
FRST 32-Bit | FRST 64-Bit
So funktioniert es:
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
