Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Computer fährt nachts selbstständig hoch und "arbeitet"! Häufiges Einfrieren des gesamten Systems. (https://www.trojaner-board.de/162866-computer-faehrt-nachts-selbststaendig-hoch-arbeitet-haeufiges-einfrieren-gesamten-systems.html)

mephatokles 17.01.2015 12:06
Computer fährt nachts selbstständig hoch und "arbeitet"! Häufiges Einfrieren des gesamten Systems.
 
Liste der Anhänge anzeigen (Anzahl: 2)
Hallo liebes Team,

hier meine Computerprobleme einmal auf den Punkt gebracht:

1) Computer friert immer wieder ein

Dies geschieht häufig (aber nicht immer) während des Streamings von z.B. youTube Videos. Der Computer ist dann nur durch ein manuelles Unterbrechen der Stromzufuhr (mittels langem Drücken des Powerbuttons) ausschaltbar.

2) Speicherprobleme treten öfters auf

Ich habe bewusst das das Wort "Speicher" so allgemein gehalten, da ich mir hier nicht sicher bin wo genau das Problem liegt. Äußern tut sich das in einer generellen Verlangsamung des Systems, was sich initial an der Bewegung der Funkmaus abzeichnet, welche dann nicht mehr Flüssig läuft und sich zeitweise gar nicht bewegen lässt. Dazu werden Befehle mit deutlicher Verzögerung ausgeführt (Fenster öffnen, einfaches Abspeichern von Dokumenten).

Diese Probleme konnte ich besonders feststellen, während meine externe Festplatte mit dem Rechner verbunden ist, treten aber auch absolut unabhängig davon auf.

3) Rechner verselbstständigt sich nachts

Das ist eigentlich das gruseligste: Der Rechner kehrt Nachts selbstständig aus dem Ruhezustand zurück und scheint "etwas zu tun" (das indiziert zumindest die Lüfteraktivität dabei). Die Zeiten wann dies geschieht sind nicht exakt gleich aber meistens passiert es im Zeitraum zwischen 4.00 und 5.00 Uhr.

In der letzten Zeit habe ich den Rechner deswegen abends heruntergefahren, musste aber feststellen, dass er er auch aus dem völlig ausgeschalteten Zustand nachts hochfährt.

Um was für ein System handelt es sich?

Der betreffende Computer ist ein HP Pavillon mit 3.40GHz AMD A10-5700 APU (Quodcore-)Prozessor mit einer AMD Radeon HD 7500 Graphikkarte. Der Arbeitspeicher beträgt 8.00GB und es läuft Windows 8.1 als 64-Bit-Betriebssystem.

Der PC wird eigentlich ausschließlich als privater Büro-PC verwendet und dient im Wesentlichen der Anwendung von Office-Programmen, dem Sammeln von Multimedia-Daten (Musik, Videos, Fotos, Bücher, Dokumente...) sowie dem täglichen Surfen.

Der Computer ist gerade 2 Jahre alt und wurde im Mittel eher weniger stark ausgelastet.

Wie ist das System geschützt?

Nun, bis vor wenigen Monaten hatte ich stets das Kaspersky Sicherheitspaket verwendet und regelmäßig Scans durchgeführt. Nachdem die Lizenz ausgelaufen war, bin ich temporär auf Avira (Free Version) umgestiegen mit dem Hintergrund, dass ich mir auf Grund der aktuellen Probleme nicht sicher war, ob es sich lohnt wieder in ein teures Programm zu investieren. Kaspersky hat nie etwas gefunden bei den Scans, aber die beschriebenen Probleme traten trotzdem auf.

Entwicklung der Probleme

Die Probleme 1) und 2) hatte ich bei meinem letzten PC in ähnlicher Form auch. Hier wurde irgendwann (im Garantiefall) ein Festplattenschaden festgestellt. Mein Verdacht gilt meinen alten Daten auf der externen Festplatte. Hier gab es auch vor Jahren (auf dem alten PC) - zu Zeiten als ich noch viel runtergeladen habe - schonmal ein Trojaner-Problem, welches aber von einer Firma behoben wurde. Angeblich seien die Daten danach "clean" gewesen.

Ich habe die Befürchtung, dass in meinen gesammelten Daten irgendwo noch etwas versteckt liegt, was ich nun von Computer zu Computer mitschleppe und mir jedesmal Probleme bereitet.

Ein simples Löschen all dieser Daten kommt nicht in Frage.

Schritte zur Problembehebung

Die Virenscans brachten nichts zum Vorschein und mehr habe ich nicht gemacht. Bei der Durchführung "eurer Schritte" hatte ich das Problem, dass Gmer mir trotz vorherigem beenden aller Programme die Fehlermeldung gab:

C:\Windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Ansonsten habe ich alles durchgeführt und die Datein mit angehangen.


Ich würde mich freuen, wenn ich hier im Forum Hilfe finden würde.

schrauber 17.01.2015 12:26
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

mephatokles 17.01.2015 12:36
defogger_disable

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:39 on 16/01/2015 (tkies_000)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Farbar

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015 01
Ran by tkies_000 at 2015-01-16 23:42:29
Running from C:\Users\tkies_000\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Accelrys DS Visualizer ActiveX Control 2.0 (HKLM-x32\...\{7935FFA0-1E80-41A4-8CD5-8CB566610555}) (Version: 2.0.2 - Accelrys Software Inc.)
ACD/Labs Software in C:\ACDFREE12\ (HKLM-x32\...\ACDLabs in C__ACDFREE12_) (Version: v12.00, FREE - ACD/Labs)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
Amazon MP3-Downloader 1.0.18 (HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Amazon Amazon Music) (Version: 3.7.0.693 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{BF821093-CFD3-EC1B-B357-6817EE34E5C7}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (HKLM-x32\...\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}) (Version: 1.00.0000 - )
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
CDBurnerXP (HKLM-x32\...\{909A791A-DBB0-432F-BC0E-D0C81925E340}) (Version: 4.5.3.4746 - Canneverbe Limited)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05187 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05187 - Cisco Systems, Inc.) Hidden
ClearSkinFX for Digital Cameras (HKLM-x32\...\ClearSkinFX for Digital Cameras_is1) (Version:  - )
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CopyTrans Control Center deinstallieren (HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\CopyTrans Suite) (Version: 3.003 - WindSolutions)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5511 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
EPSON BX310FN Series Printer Uninstall (HKLM\...\EPSON BX310FN Series) (Version:  - SEIKO EPSON Corporation)
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.00 - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Free YouTube to MP3 Converter version 3.12.27.225 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.27.225 - DVDVideoSoft Ltd.)
Google Chrome (HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.236.0 - Advanced Micro Devices, Inc.) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6482.0 - IDT)
iExplorer 3.4.0.1 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
iLinc Client (HKLM-x32\...\uninstall.exe) (Version:  - )
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.710 - Oracle)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Mediencenter 3.8.9799.6 (HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Mediencenter) (Version: 3.8.9799.6 - Deutsche Telekom AG)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
Nero CoverDesigner (HKLM-x32\...\{C36C7B74-EE4D-4C7F-97EA-0FD14F110D2F}) (Version: 12.0.01800 - Nero AG)
PDF Blender (HKLM-x32\...\PDF Blender) (Version:  - )
PDF24 Creator 6.8.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFtk - The PDF Toolkit version 2.02 (HKLM-x32\...\{C65EA7B8-FC21-4896-AD44-9CE952BB1255}_is1) (Version: 2.02 - PDF Labs)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1500}) (Version: 12.21.0.114 - APN, LLC) <==== ATTENTION
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.18.20.209 - Search Protect) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Softonic toolbar  on IE and Chrome (HKLM-x32\...\Softonic) (Version: 1.8.21.14 - Softonic) <==== ATTENTION
Sony Pictures Download Manager (HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\4013686257.redeem.sonypicturesstore.com) (Version:  - redeem.sonypicturesstore.com)
Spotify (HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steuererklärung 2012 (HKLM-x32\...\{9DE3AAF8-BA05-417B-989E-A37DAF0CFF2F}) (Version: 20.00.8137 - Buhl Data Service GmbH)
Steuererklärung 2013 (HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\{FFF9665F-A14B-4A29-B911-A0E7B4E41BA3}) (Version: 21.00.8480 - Buhl Data Service GmbH)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-596752582-1759811035-1413813987-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-596752582-1759811035-1413813987-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\tkies_000\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-596752582-1759811035-1413813987-1001_Classes\CLSID\{268502F4-815D-4358-A8D6-B783FDB58EF0}\InprocServer32 -> C:\Users\tkies_000\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.ContextMenuHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-596752582-1759811035-1413813987-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\tkies_000\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-596752582-1759811035-1413813987-1001_Classes\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}\InprocServer32 -> C:\Users\tkies_000\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-596752582-1759811035-1413813987-1001_Classes\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}\InprocServer32 -> C:\Users\tkies_000\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-596752582-1759811035-1413813987-1001_Classes\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}\InprocServer32 -> C:\Users\tkies_000\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-596752582-1759811035-1413813987-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\tkies_000\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-596752582-1759811035-1413813987-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\tkies_000\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-596752582-1759811035-1413813987-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\tkies_000\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-596752582-1759811035-1413813987-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-596752582-1759811035-1413813987-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-596752582-1759811035-1413813987-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-596752582-1759811035-1413813987-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-596752582-1759811035-1413813987-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-596752582-1759811035-1413813987-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-596752582-1759811035-1413813987-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-596752582-1759811035-1413813987-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-596752582-1759811035-1413813987-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\tkies_000\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

27-12-2014 13:15:04 Geplanter Prüfpunkt
05-01-2015 22:55:29 Geplanter Prüfpunkt
15-01-2015 04:22:24 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {282CD71A-73AF-4EB4-BEDC-31386D9C1DEC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {286C46EA-952E-45D0-8C1A-10473D7C8A58} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {2EDD8DC9-10A8-4C8D-AF26-3C41C1847D01} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {3A766711-853E-4931-B49B-0617E060EA8C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4203A312-AD9E-491C-832D-FE7F24D2737F} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
Task: {70EC3564-9467-4009-B9BA-E64C9D9AC52D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {7C3C2E0E-DDA3-4F26-AD33-2118026A3A37} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-596752582-1759811035-1413813987-1001UA => C:\Users\tkies_000\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-09] (Google Inc.)
Task: {7FA084A3-8895-46C9-82A8-EB8D48B4DA91} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {90917A10-7ECA-47D8-8AAB-D470D2EF4216} - System32\Tasks\HPCeeScheduleFortkies_000 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {A37D282C-A52C-4EC2-8899-409BD76ECC9E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {AD70963B-DA3B-4182-879C-9CD3DA2E9AC9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-11] (Microsoft Corporation)
Task: {B446EFA3-4AA0-4933-8A45-86B8E1BDC6FF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-596752582-1759811035-1413813987-1001Core => C:\Users\tkies_000\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-09] (Google Inc.)
Task: {B55FBD61-72A5-4B4B-AA77-860BD7907081} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-20] (Google Inc.)
Task: {CCD26EDD-D472-444C-B111-062005B1B7B6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {F038504E-B2FA-472A-8836-5A0AB3F5E599} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-20] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-596752582-1759811035-1413813987-1001Core.job => C:\Users\tkies_000\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-596752582-1759811035-1413813987-1001UA.job => C:\Users\tkies_000\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleFortkies_000.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-05-22 19:50 - 2013-05-22 19:50 - 00400704 _____ () C:\Users\tkies_000\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2014-12-08 21:45 - 2014-11-19 01:55 - 06277952 _____ () C:\Users\tkies_000\AppData\Local\Amazon Music\Amazon Music Helper.exe
2015-01-08 19:06 - 2015-01-08 19:06 - 00374840 _____ () C:\Users\tkies_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-04-23 03:52 - 2014-04-23 03:52 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-08-29 11:02 - 2012-08-29 11:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-08-29 11:02 - 2012-08-29 11:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-08-29 11:02 - 2012-08-29 11:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2014-07-05 13:56 - 2014-07-05 13:56 - 00120224 _____ () C:\Users\tkies_000\AppData\Local\assembly\dl3\ZKLKGKA6.A72\JGGYRVRV.TBK\8ac0b4ec\0017145d_cd85cd01\HPItunesModule.DLL
2014-10-16 06:48 - 2014-10-16 06:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-08 19:06 - 2015-01-08 19:06 - 36966968 _____ () C:\Users\tkies_000\AppData\Roaming\Spotify\Data\libcef.dll
2012-12-18 08:08 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-16 17:50 - 2015-01-16 17:50 - 00043008 _____ () c:\Users\tkies_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxfrqij.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-01-16 17:49 - 2015-01-16 17:49 - 00098816 _____ () C:\Users\tkies_000\AppData\Local\Temp\_MEI45722\win32api.pyd
2015-01-16 17:49 - 2015-01-16 17:49 - 00110080 _____ () C:\Users\tkies_000\AppData\Local\Temp\_MEI45722\pywintypes27.dll
2015-01-16 17:49 - 2015-01-16 17:49 - 00364544 _____ () C:\Users\tkies_000\AppData\Local\Temp\_MEI45722\pythoncom27.dll
2015-01-16 17:49 - 2015-01-16 17:49 - 00045568 _____ () C:\Users\tkies_000\AppData\Local\Temp\_MEI45722\_socket.pyd
2015-01-16 17:49 - 2015-01-16 17:49 - 01160704 _____ () C:\Users\tkies_000\AppData\Local\Temp\_MEI45722\_ssl.pyd
2015-01-16 17:49 - 2015-01-16 17:49 - 00320512 _____ () C:\Users\tkies_000\AppData\Local\Temp\_MEI45722\win32com.shell.shell.pyd
2015-01-16 17:49 - 2015-01-16 17:49 - 00713216 _____ () C:\Users\tkies_000\AppData\Local\Temp\_MEI45722\_hashlib.pyd
2015-01-16 17:49 - 2015-01-16 17:49 - 01175040 _____ () C:\Users\tkies_000\AppData\Local\Temp\_MEI45722\wx._core_.pyd
2015-01-16 17:49 - 2015-01-16 17:49 - 00805888 _____ () C:\Users\tkies_000\AppData\Local\Temp\_MEI45722\wx._gdi_.pyd
2015-01-16 17:49 - 2015-01-16 17:49 - 00811008 _____ () C:\Users\tkies_000\AppData\Local\Temp\_MEI45722\wx._windows_.pyd
2015-01-16 17:49 - 2015-01-16 17:49 - 01062400 _____ () C:\Users\tkies_000\AppData\Local\Temp\_MEI45722\wx._controls_.pyd
2015-01-16 17:49 - 2015-01-16 17:49 - 00735232 _____ () C:\Users\tkies_000\AppData\Local\Temp\_MEI45722\wx._misc_.pyd
2015-01-16 17:49 - 2015-01-16 17:49 - 00128512 _____ () C:\Users\tkies_000\AppData\Local\Temp\_MEI45722\_elementtree.pyd
2015-01-16 17:49 - 2015-01-16 17:49 - 00127488 _____ () C:\Users\tkies_000\AppData\Local\Temp\_MEI45722\pyexpat.pyd
2015-01-16 17:49 - 2015-01-16 17:49 - 00557056 _____ () C:\Users\tkies_000\AppData\Local\Temp\_MEI45722\pysqlite2._sqlite.pyd
2015-01-16 17:49 - 2015-01-16 17:49 - 00087552 _____ () C:\Users\tkies_000\AppData\Local\Temp\_MEI45722\_ctypes.pyd
2015-01-16 17:49 - 2015-01-16 17:49 - 00119808 _____ () C:\Users\tkies_000\AppData\Local\Temp\_MEI45722\win32file.pyd
2015-01-16 17:49 - 2015-01-16 17:49 - 00108544 _____ () C:\Users\tkies_000\AppData\Local\Temp\_MEI45722\win32security.pyd
2015-01-16 17:49 - 2015-01-16 17:49 - 00007168 _____ () C:\Users\tkies_000\AppData\Local\Temp\_MEI45722\hashobjs_ext.pyd
2015-01-16 17:49 - 2015-01-16 17:49 - 00167936 _____ () C:\Users\tkies_000\AppData\Local\Temp\_MEI45722\win32gui.pyd
2015-01-16 17:49 - 2015-01-16 17:49 - 00018432 _____ () C:\Users\tkies_000\AppData\Local\Temp\_MEI45722\win32event.pyd
2015-01-16 17:49 - 2015-01-16 17:49 - 00038912 _____ () C:\Users\tkies_000\AppData\Local\Temp\_MEI45722\win32inet.pyd
2015-01-16 17:49 - 2015-01-16 17:49 - 00011264 _____ () C:\Users\tkies_000\AppData\Local\Temp\_MEI45722\win32crypt.pyd
2015-01-16 17:49 - 2015-01-16 17:49 - 00070656 _____ () C:\Users\tkies_000\AppData\Local\Temp\_MEI45722\wx._html2.pyd
2015-01-16 17:49 - 2015-01-16 17:49 - 00027136 _____ () C:\Users\tkies_000\AppData\Local\Temp\_MEI45722\_multiprocessing.pyd
2015-01-16 17:49 - 2015-01-16 17:49 - 00035840 _____ () C:\Users\tkies_000\AppData\Local\Temp\_MEI45722\win32process.pyd
2015-01-16 17:49 - 2015-01-16 17:49 - 00686080 _____ () C:\Users\tkies_000\AppData\Local\Temp\_MEI45722\unicodedata.pyd
2015-01-16 17:49 - 2015-01-16 17:49 - 00122368 _____ () C:\Users\tkies_000\AppData\Local\Temp\_MEI45722\wx._wizard.pyd
2015-01-16 17:49 - 2015-01-16 17:49 - 00024064 _____ () C:\Users\tkies_000\AppData\Local\Temp\_MEI45722\win32pipe.pyd
2015-01-16 17:49 - 2015-01-16 17:49 - 00025600 _____ () C:\Users\tkies_000\AppData\Local\Temp\_MEI45722\win32pdh.pyd
2015-01-16 17:49 - 2015-01-16 17:49 - 00525640 _____ () C:\Users\tkies_000\AppData\Local\Temp\_MEI45722\windows._lib_cacheinvalidation.pyd
2015-01-16 17:49 - 2015-01-16 17:49 - 00010240 _____ () C:\Users\tkies_000\AppData\Local\Temp\_MEI45722\select.pyd
2015-01-16 17:49 - 2015-01-16 17:49 - 00017408 _____ () C:\Users\tkies_000\AppData\Local\Temp\_MEI45722\win32profile.pyd
2015-01-16 17:49 - 2015-01-16 17:49 - 00022528 _____ () C:\Users\tkies_000\AppData\Local\Temp\_MEI45722\win32ts.pyd
2015-01-16 17:49 - 2015-01-16 17:49 - 00078336 _____ () C:\Users\tkies_000\AppData\Local\Temp\_MEI45722\wx._animate.pyd
2013-01-11 21:57 - 2008-12-22 09:50 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2013-01-11 21:57 - 2008-11-21 13:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
2013-11-08 13:30 - 2014-12-27 12:53 - 03339376 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2013-11-08 13:30 - 2014-12-27 12:53 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2013-11-08 13:30 - 2014-12-27 12:53 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2015-01-08 19:06 - 2015-01-08 19:06 - 00867896 _____ () C:\Users\tkies_000\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2015-01-08 19:06 - 2015-01-08 19:06 - 00886840 _____ () C:\Users\tkies_000\AppData\Roaming\Spotify\Data\libglesv2.dll
2015-01-08 19:06 - 2015-01-08 19:06 - 00108600 _____ () C:\Users\tkies_000\AppData\Roaming\Spotify\Data\libegl.dll
2014-12-13 12:33 - 2014-12-06 02:50 - 01077064 _____ () C:\Users\tkies_000\AppData\Local\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-13 12:33 - 2014-12-06 02:50 - 00211272 _____ () C:\Users\tkies_000\AppData\Local\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-13 12:33 - 2014-12-06 02:50 - 09009480 _____ () C:\Users\tkies_000\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 12:33 - 2014-12-06 02:50 - 01677128 _____ () C:\Users\tkies_000\AppData\Local\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\tkies_000\OneDrive:ms-properties
AlternateDataStreams: C:\Users\tkies_000\Documents\Aprobation.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\tkies_000\Documents\Aprobation.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\tkies_000\Documents\Rechnung Aldi.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\tkies_000\Documents\Rechnung Aldi.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\tkies_000\Documents\Ärztlicher Befund.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\tkies_000\Documents\Ärztlicher Befund.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-596752582-1759811035-1413813987-500 - Administrator - Disabled)
Franziska (S-1-5-21-596752582-1759811035-1413813987-1006 - Limited - Enabled) => C:\Users\Franziska
Gast (S-1-5-21-596752582-1759811035-1413813987-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-596752582-1759811035-1413813987-1008 - Limited - Enabled)
tkies_000 (S-1-5-21-596752582-1759811035-1413813987-1001 - Administrator - Enabled) => C:\Users\tkies_000

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/16/2015 10:36:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iTunesHelper.exe, Version: 12.0.1.26, Zeitstempel: 0x543e52f9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0112b614
ID des fehlerhaften Prozesses: 0x15b4
Startzeit der fehlerhaften Anwendung: 0xiTunesHelper.exe0
Pfad der fehlerhaften Anwendung: iTunesHelper.exe1
Pfad des fehlerhaften Moduls: iTunesHelper.exe2
Berichtskennung: iTunesHelper.exe3
Vollständiger Name des fehlerhaften Pakets: iTunesHelper.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: iTunesHelper.exe5

Error: (01/16/2015 07:35:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AppleChromeDAV.exe, Version: 1.4.10.0, Zeitstempel: 0x53e03f2f
Name des fehlerhaften Moduls: AppleChromeDAV.exe, Version: 1.4.10.0, Zeitstempel: 0x53e03f2f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000f72b
ID des fehlerhaften Prozesses: 0x19a4
Startzeit der fehlerhaften Anwendung: 0xAppleChromeDAV.exe0
Pfad der fehlerhaften Anwendung: AppleChromeDAV.exe1
Pfad des fehlerhaften Moduls: AppleChromeDAV.exe2
Berichtskennung: AppleChromeDAV.exe3
Vollständiger Name des fehlerhaften Pakets: AppleChromeDAV.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppleChromeDAV.exe5

Error: (01/16/2015 06:05:27 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (01/16/2015 06:05:27 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (01/16/2015 06:05:27 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (01/16/2015 05:50:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Mediencenter.exe, Version: 3.8.9799.6, Zeitstempel: 0x524ac73e
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebf2e
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000000606c
ID des fehlerhaften Prozesses: 0x1048
Startzeit der fehlerhaften Anwendung: 0xMediencenter.exe0
Pfad der fehlerhaften Anwendung: Mediencenter.exe1
Pfad des fehlerhaften Moduls: Mediencenter.exe2
Berichtskennung: Mediencenter.exe3
Vollständiger Name des fehlerhaften Pakets: Mediencenter.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Mediencenter.exe5

Error: (01/16/2015 05:50:33 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Mediencenter.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.BadImageFormatException
Stapel:
  bei DTAG.Mediencenter.Client.DefaultConfiguration.InitClassFactory()
  bei DTAG.Mediencenter.Client.App.Main()

Error: (01/14/2015 11:14:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2906

Error: (01/14/2015 11:14:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2906

Error: (01/14/2015 11:14:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (01/16/2015 05:52:16 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (01/16/2015 05:52:08 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (01/16/2015 05:45:48 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎16.‎01.‎2015 um 09:29:27 unerwartet heruntergefahren.

Error: (01/14/2015 10:48:03 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (01/13/2015 05:34:18 AM) (Source: DCOM) (EventID: 10010) (User: BÜRO-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (01/13/2015 05:34:18 AM) (Source: DCOM) (EventID: 10010) (User: BÜRO-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (01/13/2015 05:34:18 AM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (01/13/2015 05:34:13 AM) (Source: DCOM) (EventID: 10010) (User: BÜRO-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (01/13/2015 05:34:13 AM) (Source: DCOM) (EventID: 10010) (User: BÜRO-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (01/13/2015 05:34:13 AM) (Source: DCOM) (EventID: 10010) (User: BÜRO-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Microsoft Office Sessions:
=========================
Error: (01/16/2015 10:36:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iTunesHelper.exe12.0.1.26543e52f9unknown0.0.0.000000000c00000050112b61415b401d031ac6fbc7d22C:\Program Files (x86)\iTunes\iTunesHelper.exeunknownc9bc8dfc-9dc7-11e4-bf70-78e3b5b56b2d

Error: (01/16/2015 07:35:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AppleChromeDAV.exe1.4.10.053e03f2fAppleChromeDAV.exe1.4.10.053e03f2fc00000050000f72b19a401d031b90776caf4C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exeC:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe602d803e-9dae-11e4-bf70-78e3b5b56b2d

Error: (01/16/2015 06:05:27 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (01/16/2015 06:05:27 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000

Error: (01/16/2015 06:05:27 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000

Error: (01/16/2015 05:50:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Mediencenter.exe3.8.9799.6524ac73eKERNELBASE.dll6.3.9600.1727853eebf2ee0434352000000000000606c104801d031ac6b67c29cC:\Users\tkies_000\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exeC:\WINDOWS\system32\KERNELBASE.dllcb326350-9d9f-11e4-bf70-78e3b5b56b2d

Error: (01/16/2015 05:50:33 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Mediencenter.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.BadImageFormatException
Stapel:
  bei DTAG.Mediencenter.Client.DefaultConfiguration.InitClassFactory()
  bei DTAG.Mediencenter.Client.App.Main()

Error: (01/14/2015 11:14:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2906

Error: (01/14/2015 11:14:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2906

Error: (01/14/2015 11:14:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info ===========================

Processor: AMD A10-5700 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 25%
Total physical RAM: 8087.3 MB
Available physical RAM: 6008.47 MB
Total Pagefile: 9367.3 MB
Available Pagefile: 5786.02 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.67 GB) (Free:509.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:10.92 GB) (Free:1.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Keine_Bange) (CDROM) (Total:0.37 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 06EDB448)

Partition: GPT Partition Type.

==================== End Of Log ============================
FRST


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by tkies_000 (administrator) on BÜRO-PC on 16-01-2015 23:41:24
Running from C:\Users\tkies_000\Downloads
Loaded Profiles: tkies_000 (Available profiles: tkies_000 & Franziska)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Users\tkies_000\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
() C:\Users\tkies_000\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Spotify Ltd) C:\Users\tkies_000\AppData\Roaming\Spotify\spotify.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Dropbox, Inc.) C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
() C:\Users\tkies_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Users\tkies_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\tkies_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\tkies_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Search Protect) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
() C:\Users\tkies_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\tkies_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Google Inc.) C:\Users\tkies_000\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\tkies_000\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\tkies_000\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\tkies_000\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\tkies_000\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\tkies_000\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\tkies_000\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
(Google Inc.) C:\Users\tkies_000\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-11-14] (Hewlett-Packard )
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-14] (IDT, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [669520 2009-01-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-04-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-10-13] (Geek Software GmbH)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2039192 2014-11-24] (APN)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2014-10-16] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [NCPluginUpdater] => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Run: [Google Update] => C:\Users\tkies_000\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-01-09] (Google Inc.)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Run: [GoogleChromeAutoLaunch_B24FCD1D8919BB20DDE7FE1198BA23CC] => C:\Users\tkies_000\AppData\Local\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\tkies_000\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Run: [Epson Stylus Office BX310FN] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFHE.EXE [223232 2008-11-17] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Run: [Amazon Music] => C:\Users\tkies_000\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-11-19] ()
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Run: [Spotify] => C:\Users\tkies_000\AppData\Roaming\Spotify\Spotify.exe [6737976 2015-01-08] (Spotify Ltd)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\MountPoints2: {33b57798-03c4-11e4-824f-806e6f6e6963} - "E:\Keine_Bange.exe"
HKU\S-1-5-18\...\Run: [EPSON BX310FN Series] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIFHE.EXE [223232 2008-11-17] (SEIKO EPSON CORPORATION)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [233280 2014-11-10] (Search Protect)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [188224 2014-11-10] (Search Protect)
Startup: C:\Users\tkies_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\tkies_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk
ShortcutTarget: Mediencenter.lnk -> C:\Users\tkies_000\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG)
Startup: C:\Users\tkies_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk
ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Startup: C:\Users\tkies_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [01Mediencenter_InSync] -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\tkies_000\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [02Mediencenter_ToSync] -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\tkies_000\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [03Mediencenter_Failed] -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\tkies_000\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP82D2770F-4B03-4798-B94F-93571658B2DE&SSPV=
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {CB9D9BCB-2E1B-4A0F-97A5-9D4D3A11F18C} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {CB9D9BCB-2E1B-4A0F-97A5-9D4D3A11F18C} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-596752582-1759811035-1413813987-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP82D2770F-4B03-4798-B94F-93571658B2DE&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-596752582-1759811035-1413813987-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP82D2770F-4B03-4798-B94F-93571658B2DE&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-596752582-1759811035-1413813987-1001 -> {019A123F-0480-4047-96A0-4D86BB939F1F} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=9858467c00000000000078e3b5b56b2d&r=605
SearchScopes: HKU\S-1-5-21-596752582-1759811035-1413813987-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-596752582-1759811035-1413813987-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-596752582-1759811035-1413813987-1001 -> {CB9D9BCB-2E1B-4A0F-97A5-9D4D3A11F18C} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-596752582-1759811035-1413813987-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ->  No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: Softonic Helper Object -> {E87806B5-E908-45FD-AF5E-957D83E58E68} -> C:\Program Files (x86)\Softonic\Softonic\1.8.21.14\bh\Softonic.dll (Softonic.com)
BHO-x32: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ->  No File
Toolbar: HKLM-x32 - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.8.21.14\SoftonicTlbr.dll (Softonic.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\tkies_000\AppData\Roaming\Mozilla\Firefox\Profiles\x94gsevh.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-596752582-1759811035-1413813987-1001: @tools.google.com/Google Update;version=3 -> C:\Users\tkies_000\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-596752582-1759811035-1413813987-1001: @tools.google.com/Google Update;version=9 -> C:\Users\tkies_000\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-596752582-1759811035-1413813987-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\tkies_000\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\tkies_000\AppData\Roaming\Mozilla\Firefox\Profiles\x94gsevh.default\user.js
FF SearchPlugin: C:\Users\tkies_000\AppData\Roaming\Mozilla\Firefox\Profiles\x94gsevh.default\searchplugins\softonic.xml
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-03-13]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovigo.com/?gd=&ctid=CT3319434&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=4&UP=SP82D2770F-4B03-4798-B94F-93571658B2DE&SSPV=
CHR StartupUrls: Default -> "hxxp://www.google.de/", "hxxp://www.google.de/"
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Users\tkies_000\AppData\Local\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\tkies_000\AppData\Local\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\tkies_000\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.0.0.72_0\npcoplgn.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\tkies_000\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2013-11-20]
CHR Extension: (Google Drive) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (Brushed) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg [2013-01-11]
CHR Extension: (YouTube) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-09]
CHR Extension: (Google-Suche) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-09]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-03-14]
CHR Extension: (Google Kalender) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-12-03]
CHR Extension: (Google Tabellen) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2013-11-20]
CHR Extension: (iCloud-Lesezeichen) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2013-12-04]
CHR Extension: (Avira Browserschutz) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-05]
CHR Extension: (ProxMate - Proxy on steroids!) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm [2013-02-19]
CHR Extension: (WEB.DE MailCheck) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2014-11-07]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-09]
CHR Extension: (Google Maps) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-01-10]
CHR Extension: (Google Wallet) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-09]
CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2014-11-24]
CHR HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2014-11-24]
CHR HKLM-x32\...\Chrome\Extension: [elchiiiejkobdbblfejjkbphbddgmljf] - C:\Program Files (x86)\Softonic\Softonic\1.8.21.14\Softonic.crx [2013-06-11]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-23] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-10-30] (APN LLC.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3056960 2014-11-10] (Search Protect)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2013-11-14] (IDT, Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-04] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-03] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43064 2014-10-16] (Avira Operations GmbH & Co. KG)
R3 cbfs3; C:\Windows\System32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 SPPD; \??\C:\WINDOWS\system32\drivers\SPPD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 23:41 - 2015-01-16 23:41 - 00030780 _____ () C:\Users\tkies_000\Downloads\FRST.txt
2015-01-16 23:40 - 2015-01-16 23:41 - 00000000 ____D () C:\FRST
2015-01-16 23:40 - 2015-01-16 23:40 - 02125312 _____ (Farbar) C:\Users\tkies_000\Downloads\FRST64.exe
2015-01-16 23:39 - 2015-01-16 23:39 - 00000480 _____ () C:\Users\tkies_000\Downloads\defogger_disable.log
2015-01-16 23:39 - 2015-01-16 23:39 - 00000000 _____ () C:\Users\tkies_000\defogger_reenable
2015-01-16 22:43 - 2015-01-16 22:43 - 00000000 ____D () C:\Users\tkies_000\Documents\Pics4Presi
2015-01-16 22:43 - 2014-12-22 14:29 - 00014123 _____ () C:\Users\tkies_000\Documents\Weihnachtsplan.xlsx
2015-01-16 22:43 - 2014-12-03 09:14 - 00142751 _____ () C:\Users\tkies_000\Documents\Evaluation Parvex_new.xlsx
2015-01-16 22:26 - 2015-01-16 22:26 - 00050477 _____ () C:\Users\tkies_000\Downloads\Defogger.exe
2015-01-16 19:11 - 2014-11-05 15:36 - 29490708 _____ () C:\Users\tkies_000\Documents\I'm an Albatraoz - AronChupa.wav
2015-01-16 19:11 - 2014-08-25 17:01 - 00032256 _____ () C:\Users\tkies_000\Documents\Vorlesungsplan PT WS14 15.xls
2015-01-15 04:20 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-15 04:20 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-15 04:20 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-15 04:20 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-15 04:20 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-15 04:20 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-15 04:20 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-15 04:20 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-15 04:20 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-15 04:20 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-15 04:20 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-15 04:20 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-15 04:20 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-15 04:20 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-15 04:20 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-15 04:20 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-15 04:20 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-15 04:20 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-15 04:20 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-15 04:20 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-15 04:20 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-15 04:20 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-15 04:20 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-15 04:20 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-15 04:20 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-15 04:20 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-15 04:20 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-15 04:20 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-15 04:20 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-15 04:20 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-15 04:20 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-08 19:06 - 2015-01-16 23:02 - 00000000 ____D () C:\Users\tkies_000\AppData\Roaming\Spotify
2015-01-08 19:06 - 2015-01-15 04:17 - 00000000 ____D () C:\Users\tkies_000\AppData\Local\Spotify
2015-01-08 19:06 - 2015-01-08 19:06 - 00001860 _____ () C:\Users\tkies_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-01-04 17:27 - 2015-01-04 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mediachance
2015-01-04 17:27 - 2015-01-04 17:27 - 00000000 ____D () C:\Program Files (x86)\ClearSkin
2014-12-27 12:55 - 2014-12-27 12:55 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 23:39 - 2014-07-04 22:51 - 00000000 ____D () C:\Users\tkies_000
2015-01-16 23:33 - 2013-01-09 10:23 - 00001152 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-596752582-1759811035-1413813987-1001UA.job
2015-01-16 23:12 - 2013-05-20 11:15 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-16 23:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-16 22:49 - 2014-07-04 23:09 - 01962342 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-16 22:20 - 2013-04-14 15:48 - 00000000 ____D () C:\Users\tkies_000\AppData\Local\Apple
2015-01-16 18:05 - 2014-03-18 11:03 - 00006470 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-16 18:05 - 2014-03-18 10:25 - 01335018 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-16 18:05 - 2014-03-18 10:25 - 00344434 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-16 18:05 - 2013-08-22 15:46 - 00351967 _____ () C:\WINDOWS\setupact.log
2015-01-16 17:57 - 2013-01-10 09:53 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-01-16 17:56 - 2014-07-05 15:58 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C2FB2F8C-40B7-493B-9256-49BC25AFFB33}
2015-01-16 17:56 - 2013-01-10 09:52 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-16 17:51 - 2014-01-01 14:34 - 00000000 ___RD () C:\Users\tkies_000\Dropbox
2015-01-16 17:50 - 2014-01-01 14:29 - 00000000 ____D () C:\Users\tkies_000\AppData\Roaming\Dropbox
2015-01-16 17:50 - 2013-11-20 21:38 - 00000000 ___RD () C:\Users\tkies_000\Google Drive
2015-01-16 17:49 - 2014-09-24 20:28 - 00000000 ___RD () C:\Users\tkies_000\iCloudDrive
2015-01-16 17:49 - 2014-07-05 14:00 - 00000000 ___DO () C:\Users\tkies_000\OneDrive
2015-01-16 17:49 - 2013-05-20 11:15 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 17:48 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-16 17:47 - 2013-08-22 14:25 - 01048576 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-16 09:26 - 2013-01-08 11:17 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-596752582-1759811035-1413813987-1001
2015-01-16 09:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-15 04:27 - 2013-01-24 09:53 - 00003186 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleFortkies_000
2015-01-15 04:27 - 2013-01-24 09:53 - 00000364 _____ () C:\WINDOWS\Tasks\HPCeeScheduleFortkies_000.job
2015-01-15 04:25 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-11 08:33 - 2013-01-09 10:23 - 00001100 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-596752582-1759811035-1413813987-1001Core.job
2015-01-06 11:27 - 2014-07-04 22:45 - 00003281 _____ () C:\WINDOWS\LkmdfCoInst.log
2015-01-06 01:08 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-06 01:08 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-05 17:09 - 2014-07-04 22:45 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2014-12-27 12:58 - 2013-01-09 10:35 - 00000000 ____D () C:\Users\tkies_000\AppData\Local\Thunderbird
2014-12-27 12:54 - 2013-11-08 13:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-12-22 13:26 - 2013-02-10 17:34 - 01018880 ___SH () C:\Users\tkies_000\Desktop\Thumbs.db
2014-12-21 17:08 - 2014-01-01 14:31 - 00000000 ____D () C:\Users\tkies_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-20 17:13 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports

Some content of TEMP:
====================
C:\Users\tkies_000\AppData\Local\Temp\APNSetup.exe
C:\Users\tkies_000\AppData\Local\Temp\avgnt.exe
C:\Users\tkies_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxfrqij.dll
C:\Users\tkies_000\AppData\Local\Temp\Extract.exe
C:\Users\tkies_000\AppData\Local\Temp\iExplorer_Setup_3401.exe
C:\Users\tkies_000\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\tkies_000\AppData\Local\Temp\SP64760.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-16 17:59

==================== End Of Log ============================
--- --- ---

--- --- ---


Gmer

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-17 00:33:02
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000027 WDC_WD10EZEX-60ZF5A0 rev.80.00A80 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\TKIES_~1\AppData\Local\Temp\pxldqpog.sys


---- Kernel code sections - GMER 2.1 ----

.text    C:\WINDOWS\System32\win32k.sys!W32pServiceTable                                                                                                                                                                                                                  fffff960000b3200 15 bytes [00, 28, F6, 01, 80, 1C, 6C, ...]
.text    C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16                                                                                                                                                                                                              fffff960000b3210 11 bytes [00, 0E, FC, FF, 00, 05, C4, ...]

---- User code sections - GMER 2.1 ----

.text    C:\WINDOWS\system32\atiesrxx.exe[832] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                                                                                      00007ff89bef169a 4 bytes [EF, 9B, F8, 7F]
.text    C:\WINDOWS\system32\atiesrxx.exe[832] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                                                                                      00007ff89bef16a2 4 bytes [EF, 9B, F8, 7F]
.text    C:\WINDOWS\system32\atiesrxx.exe[832] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                                                                                        00007ff89bef181a 4 bytes [EF, 9B, F8, 7F]
.text    C:\WINDOWS\system32\atiesrxx.exe[832] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                                                                                        00007ff89bef1832 4 bytes [EF, 9B, F8, 7F]
.text    C:\WINDOWS\system32\atieclxx.exe[448] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                                                                                      00007ff89bef169a 4 bytes [EF, 9B, F8, 7F]
.text    C:\WINDOWS\system32\atieclxx.exe[448] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                                                                                      00007ff89bef16a2 4 bytes [EF, 9B, F8, 7F]
.text    C:\WINDOWS\system32\atieclxx.exe[448] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                                                                                        00007ff89bef181a 4 bytes [EF, 9B, F8, 7F]
.text    C:\WINDOWS\system32\atieclxx.exe[448] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                                                                                        00007ff89bef1832 4 bytes [EF, 9B, F8, 7F]
.text    C:\WINDOWS\Explorer.EXE[2508] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                                                                                              00007ff89bef169a 4 bytes [EF, 9B, F8, 7F]
.text    C:\WINDOWS\Explorer.EXE[2508] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                                                                                              00007ff89bef16a2 4 bytes [EF, 9B, F8, 7F]
.text    C:\WINDOWS\Explorer.EXE[2508] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                                                                                                00007ff89bef181a 4 bytes [EF, 9B, F8, 7F]
.text    C:\WINDOWS\Explorer.EXE[2508] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                                                                                                00007ff89bef1832 4 bytes [EF, 9B, F8, 7F]
.text    C:\Program Files\Logitech\SetPointP\SetPoint.exe[4220] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194                                                                                                                                                          00007ff894f91f6a 4 bytes [F9, 94, F8, 7F]
.text    C:\Program Files\Logitech\SetPointP\SetPoint.exe[4220] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218                                                                                                                                                          00007ff894f91f82 4 bytes [F9, 94, F8, 7F]
.text    C:\Program Files\Logitech\SetPointP\SetPoint.exe[4220] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                                                                    00007ff89bef169a 4 bytes [EF, 9B, F8, 7F]
.text    C:\Program Files\Logitech\SetPointP\SetPoint.exe[4220] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                                                                    00007ff89bef16a2 4 bytes [EF, 9B, F8, 7F]
.text    C:\Program Files\Logitech\SetPointP\SetPoint.exe[4220] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                                                                        00007ff89bef181a 4 bytes [EF, 9B, F8, 7F]
.text    C:\Program Files\Logitech\SetPointP\SetPoint.exe[4220] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                                                                        00007ff89bef1832 4 bytes [EF, 9B, F8, 7F]
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[5480] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506                                                                                                              00007ff89bef169a 4 bytes [EF, 9B, F8, 7F]
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[5480] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514                                                                                                              00007ff89bef16a2 4 bytes [EF, 9B, F8, 7F]
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[5480] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118                                                                                                                00007ff89bef181a 4 bytes [EF, 9B, F8, 7F]
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[5480] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142                                                                                                                00007ff89bef1832 4 bytes [EF, 9B, F8, 7F]
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[728] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506                                                                                                                  00007ff89bef169a 4 bytes [EF, 9B, F8, 7F]
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[728] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514                                                                                                                  00007ff89bef16a2 4 bytes [EF, 9B, F8, 7F]
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[728] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118                                                                                                                    00007ff89bef181a 4 bytes [EF, 9B, F8, 7F]
.text    c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe[728] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142                                                                                                                    00007ff89bef1832 4 bytes [EF, 9B, F8, 7F]

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [536:572]                                                                                                                                                                                                                          fffff960008f0b90
---- Processes - GMER 2.1 ----

Library  C:\Users\tkies_000\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (*** suspicious ***) @ C:\WINDOWS\Explorer.EXE [2508] (Mediencenter Shell Icon Overlay Handler/Deutsche Telekom AG)(2013-10-01 12:56:44)                    00007ff889a30000
Process  C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (*** suspicious ***) @ C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Dropbox.exe [5168] (FILE NOT FOUND)                                                                                              0000000000400000
Library  C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Dropbox.exe [5168] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:46)        0000000065060000
Library  C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Dropbox.exe [5168] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38)            0000000064d60000
Library  C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Dropbox.exe [5168] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38)          000000005c200000
Library  C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Dropbox.exe [5168](2014-10-22 00:22:50)                                                                                        0000000064c60000
Library  C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Dropbox.exe [5168] (ICU I18N DLL/The ICU Project)(2014-10-22 00:22:50)                                                          000000004a900000
Library  C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Dropbox.exe [5168] (ICU Common DLL/The ICU Project)(2014-10-22 00:22:50)                                                        0000000004340000
Library  C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Dropbox.exe [5168] (ICU Data DLL/The ICU Project)(2014-10-22 00:22:50)                                                          000000004ad00000
Library  c:\users\tkies_~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_f1tvh.dll (*** suspicious ***) @ C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Dropbox.exe [5168](2015-01-16 23:09:51)                                        0000000003f20000
Library  C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Dropbox.exe [5168] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38)        000000005df70000
Library  C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Dropbox.exe [5168] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40)        000000005cf80000
Library  C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Dropbox.exe [5168] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40)          000000005cd60000
Library  C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Dropbox.exe [5168] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40)            000000005cb00000
Library  C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Dropbox.exe [5168] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40)            0000000063900000
Library  C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Dropbox.exe [5168](2014-10-22 00:22:50)                                                                                          0000000064aa0000
Library  C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Dropbox.exe [5168] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:46)  00000000636d0000
Library  C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Dropbox.exe [5168] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38)        0000000063510000
Library  C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Dropbox.exe [5168] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38)  00000000634c0000
Library  C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Dropbox.exe [5168](2014-10-22 00:22:48)                                                                      000000005e610000
Library  C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Dropbox.exe [5168](2014-10-22 00:22:46)                                                                      000000005c950000
Library  C:\Users\tkies_000\AppData\Local\assembly\dl3\ZKLKGKA6.A72\JGGYRVRV.TBK\55b4d573\00bdb15a_cd85cd01\HPSeeker.DLL (*** suspicious ***) @ c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe [728] (FILE NOT FOUND)                000000001c640000
Library  C:\Users\tkies_000\AppData\Local\assembly\dl3\ZKLKGKA6.A72\JGGYRVRV.TBK\296ed851\00bdb15a_cd85cd01\HPSwitchBoard.DLL (*** suspicious ***) @ c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe [728] (FILE NOT FOUND)          000000001c660000
Library  C:\Users\tkies_000\AppData\Local\assembly\dl3\ZKLKGKA6.A72\JGGYRVRV.TBK\8ac0b4ec\0017145d_cd85cd01\HPItunesModule.DLL (*** suspicious ***) @ c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe [728] (FILE NOT FOUND)          000000001ca00000
Library  C:\Users\tkies_000\AppData\Local\assembly\dl3\ZKLKGKA6.A72\JGGYRVRV.TBK\6fe9af69\00eae25b_cd85cd01\HPWMCModule.DLL (*** suspicious ***) @ c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe [728] (FILE NOT FOUND)            000000001d1d0000
Library  C:\Users\tkies_000\AppData\Local\assembly\dl3\ZKLKGKA6.A72\JGGYRVRV.TBK\b594bbd7\00bdb15a_cd85cd01\HPWMPModule.DLL (*** suspicious ***) @ c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe [728] (FILE NOT FOUND)            000000001dc40000

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                                                                                                                                            unknown MBR code

---- EOF - GMER 2.1 ----

schrauber 17.01.2015 18:12
Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Search App by Ask

    Search Protect

    Softonic toolbar on IE and Chrome (HKLM-x32\...\Softonic) (Version: 1.8.21.14 - Softonic) <==== ATTENTION


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

mephatokles 17.01.2015 23:58
Habe ich erledigt.

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 17.01.2015 19:35:30, SYSTEM, BÃ?RO-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.1.14.1,
Update, 17.01.2015 19:35:30, SYSTEM, BÃ?RO-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1,
Update, 17.01.2015 19:35:37, SYSTEM, BÃ?RO-PC, Manual, Malware Database, 2014.11.20.6, 2015.1.17.4,

(end)
Code:
# AdwCleaner v4.108 - Bericht erstellt am 17/01/2015 um 22:40:18
# Aktualisiert 17/01/2015 von Xplode
# Database : 2015-01-13.2 [Live]
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : tkies_000 - BÜRO-PC
# Gestartet von : C:\Users\tkies_000\Downloads\AdwCleaner_4.108.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\NCH Software
Ordner Gelöscht : C:\WINDOWS\SysWOW64\SearchProtect
Ordner Gelöscht : C:\Users\TKIES_~1\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Users\Franziska\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\tkies_000\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\tkies_000\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\tkies_000\AppData\Roaming\NCH Software
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\tkies_000\AppData\Roaming\Mozilla\Firefox\Profiles\x94gsevh.default\user.js
Datei Gelöscht : C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage
Datei Gelöscht : C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage-journal
Datei Gelöscht : C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{019A123F-0480-4047-96A0-4D86BB939F1F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.softonic.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v


-\\ Google Chrome v

[C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=49&cc=&mi=9858467c00000000000078e3b5b56b2d
[C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}
[C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.uni-marburg.de/search?path=%2Funiversitaet&portal_type%3Alist=STListing&portal_type%3Alist=EventExt&portal_type%3Alist=LSFContentNG&portal_type%3Alist=Image&portal_type%3Alist=MrFaqFolder&portal_type%3Alist=ATPortalTypeCriterion&portal_type%3Alist=Alias&portal_type%3Alist=MrFaqEntry&portal_type%3Alist=MrFaqCategory&portal_type%3Alist=File&portal_type%3Alist=STInfo&portal_type%3Alist=Folder&portal_type%3Alist=Document&portal_type%3Alist=NewsItemExt&portal_type%3Alist=ATDynDocument&portal_type%3Alist=PortletImage&SearchableText={searchTerms}
[C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3319434&octid=EB_ORIGINAL_CTID&ISID=&SearchSource=58&CUI=&UM=5&UP=SP82D2770F-4B03-4798-B94F-93571658B2DE&q={searchTerms}&SSPV=
[C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3319434&octid=EB_ORIGINAL_CTID&ISID=&SearchSource=58&CUI=&UM=5&UP=SP82D2770F-4B03-4798-B94F-93571658B2DE&q={searchTerms}&SSPV=

*************************

AdwCleaner[R0].txt - [5815 octets] - [17/01/2015 22:37:14]
AdwCleaner[S0].txt - [5138 octets] - [17/01/2015 22:40:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5198 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 x64
Ran by tkies_000 on 17.01.2015 at 22:46:17,48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\tkies_000\appdata\local\{B43CBFBE-DA1B-4FC5-9508-FD1E1F69FD20}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.01.2015 at 22:48:28,42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2015 01
Ran by tkies_000 (administrator) on BÜRO-PC on 17-01-2015 22:53:28
Running from C:\Users\tkies_000\Downloads
Loaded Profiles: tkies_000 (Available profiles: tkies_000 & Franziska)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
() C:\Users\tkies_000\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Spotify Ltd) C:\Users\tkies_000\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\tkies_000\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Dropbox, Inc.) C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Users\tkies_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\tkies_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\tkies_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\tkies_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\tkies_000\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-11-14] (Hewlett-Packard )
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-14] (IDT, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [669520 2009-01-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-04-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2014-10-16] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Run: [Google Update] => C:\Users\tkies_000\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-01-09] (Google Inc.)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Run: [GoogleChromeAutoLaunch_B24FCD1D8919BB20DDE7FE1198BA23CC] => C:\Users\tkies_000\AppData\Local\Google\Chrome\Application\chrome.exe [856904 2015-01-09] (Google Inc.)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Run: [Epson Stylus Office BX310FN] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFHE.EXE [223232 2008-11-17] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Run: [Amazon Music] => C:\Users\tkies_000\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-11-19] ()
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Run: [Spotify] => C:\Users\tkies_000\AppData\Roaming\Spotify\Spotify.exe [6737976 2015-01-08] (Spotify Ltd)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Run: [Spotify Web Helper] => C:\Users\tkies_000\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-08] (Spotify Ltd)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\MountPoints2: {33b57798-03c4-11e4-824f-806e6f6e6963} - "E:\Keine_Bange.exe"
HKU\S-1-5-18\...\Run: [EPSON BX310FN Series] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIFHE.EXE [223232 2008-11-17] (SEIKO EPSON CORPORATION)
Startup: C:\Users\tkies_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\tkies_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk
ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Startup: C:\Users\tkies_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
SearchScopes: HKLM -> {CB9D9BCB-2E1B-4A0F-97A5-9D4D3A11F18C} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {CB9D9BCB-2E1B-4A0F-97A5-9D4D3A11F18C} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-596752582-1759811035-1413813987-1001 -> {CB9D9BCB-2E1B-4A0F-97A5-9D4D3A11F18C} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-596752582-1759811035-1413813987-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\tkies_000\AppData\Roaming\Mozilla\Firefox\Profiles\x94gsevh.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-596752582-1759811035-1413813987-1001: @tools.google.com/Google Update;version=3 -> C:\Users\tkies_000\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-596752582-1759811035-1413813987-1001: @tools.google.com/Google Update;version=9 -> C:\Users\tkies_000\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-03-13]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovigo.com/?gd=&ctid=CT3319434&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=4&UP=SP82D2770F-4B03-4798-B94F-93571658B2DE&SSPV=
CHR StartupUrls: Default -> "hxxp://www.google.de/", "hxxp://www.google.de/"
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Users\tkies_000\AppData\Local\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\tkies_000\AppData\Local\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\tkies_000\AppData\Local\Google\Chrome\Application\39.0.2171.99\pdf.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.0.0.72_0\npcoplgn.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\tkies_000\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2013-11-20]
CHR Extension: (Google Drive) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (Brushed) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg [2013-01-11]
CHR Extension: (YouTube) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-09]
CHR Extension: (Google-Suche) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-09]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-03-14]
CHR Extension: (Google Kalender) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-12-03]
CHR Extension: (Google Tabellen) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2013-11-20]
CHR Extension: (iCloud-Lesezeichen) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2013-12-04]
CHR Extension: (Avira Browserschutz) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-05]
CHR Extension: (ProxMate - Proxy on steroids!) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm [2013-02-19]
CHR Extension: (WEB.DE MailCheck) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2014-11-07]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-09]
CHR Extension: (Google Maps) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-01-10]
CHR Extension: (Google Wallet) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-09]
CHR HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-23] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2013-11-14] (IDT, Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-04] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-03] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43064 2014-10-16] (Avira Operations GmbH & Co. KG)
R3 cbfs3; C:\Windows\System32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 22:53 - 2015-01-17 22:53 - 00000000 ____D () C:\Users\tkies_000\Downloads\FRST-OlderVersion
2015-01-17 22:48 - 2015-01-17 22:48 - 00000878 _____ () C:\Users\tkies_000\Desktop\JRT.txt
2015-01-17 22:46 - 2015-01-17 22:46 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-17 22:45 - 2015-01-17 22:45 - 01707939 _____ (Thisisu) C:\Users\tkies_000\Downloads\JRT.exe
2015-01-17 22:45 - 2015-01-17 22:45 - 00005298 _____ () C:\Users\tkies_000\Desktop\AdwCleaner[S0].txt
2015-01-17 22:36 - 2015-01-17 22:40 - 00000000 ____D () C:\AdwCleaner
2015-01-17 22:35 - 2015-01-17 22:35 - 02186752 _____ () C:\Users\tkies_000\Downloads\AdwCleaner_4.108.exe
2015-01-17 20:05 - 2015-01-17 20:05 - 00000370 _____ () C:\Users\tkies_000\Desktop\mbam.txt
2015-01-17 19:35 - 2015-01-17 20:03 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-17 19:34 - 2015-01-17 19:34 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-17 19:34 - 2015-01-17 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-17 19:34 - 2015-01-17 19:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-17 19:34 - 2015-01-17 19:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-17 19:34 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-17 19:34 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-17 19:34 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-17 19:33 - 2015-01-17 19:34 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\tkies_000\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-17 19:01 - 2015-01-17 19:01 - 00001282 _____ () C:\Users\tkies_000\Desktop\Revo Uninstaller.lnk
2015-01-17 19:01 - 2015-01-17 19:01 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-17 19:00 - 2015-01-17 19:00 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\tkies_000\Downloads\revosetup95.exe
2015-01-17 00:33 - 2015-01-17 00:33 - 00017189 _____ () C:\Users\tkies_000\Downloads\Gmer.txt
2015-01-17 00:28 - 2015-01-17 00:28 - 00380416 _____ () C:\Users\tkies_000\Downloads\Gmer-19357.exe
2015-01-16 23:42 - 2015-01-16 23:43 - 00041481 _____ () C:\Users\tkies_000\Downloads\Addition.txt
2015-01-16 23:41 - 2015-01-17 22:53 - 00023908 _____ () C:\Users\tkies_000\Downloads\FRST.txt
2015-01-16 23:40 - 2015-01-17 22:53 - 02125824 _____ (Farbar) C:\Users\tkies_000\Downloads\FRST64.exe
2015-01-16 23:40 - 2015-01-17 22:53 - 00000000 ____D () C:\FRST
2015-01-16 23:39 - 2015-01-16 23:39 - 00000480 _____ () C:\Users\tkies_000\Downloads\defogger_disable.log
2015-01-16 23:39 - 2015-01-16 23:39 - 00000000 _____ () C:\Users\tkies_000\defogger_reenable
2015-01-16 22:43 - 2015-01-16 22:43 - 00000000 ____D () C:\Users\tkies_000\Documents\Pics4Presi
2015-01-16 22:43 - 2014-12-22 14:29 - 00014123 _____ () C:\Users\tkies_000\Documents\Weihnachtsplan.xlsx
2015-01-16 22:43 - 2014-12-03 09:14 - 00142751 _____ () C:\Users\tkies_000\Documents\Evaluation Parvex_new.xlsx
2015-01-16 22:26 - 2015-01-16 22:26 - 00050477 _____ () C:\Users\tkies_000\Downloads\Defogger.exe
2015-01-16 19:11 - 2014-11-05 15:36 - 29490708 _____ () C:\Users\tkies_000\Documents\I'm an Albatraoz - AronChupa.wav
2015-01-16 19:11 - 2014-08-25 17:01 - 00032256 _____ () C:\Users\tkies_000\Documents\Vorlesungsplan PT WS14 15.xls
2015-01-15 04:20 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-15 04:20 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-15 04:20 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-15 04:20 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-15 04:20 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-15 04:20 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-15 04:20 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-15 04:20 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-15 04:20 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-15 04:20 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-15 04:20 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-15 04:20 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-15 04:20 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-15 04:20 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-15 04:20 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-15 04:20 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-15 04:20 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-15 04:20 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-15 04:20 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-15 04:20 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-15 04:20 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-15 04:20 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-15 04:20 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-15 04:20 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-15 04:20 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-15 04:20 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-15 04:20 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-15 04:20 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-15 04:20 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-15 04:20 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-15 04:20 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-08 19:06 - 2015-01-17 22:51 - 00000000 ____D () C:\Users\tkies_000\AppData\Roaming\Spotify
2015-01-08 19:06 - 2015-01-17 14:21 - 00000000 ____D () C:\Users\tkies_000\AppData\Local\Spotify
2015-01-08 19:06 - 2015-01-08 19:06 - 00001860 _____ () C:\Users\tkies_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-12-27 12:55 - 2014-12-27 12:55 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 22:51 - 2014-01-01 14:34 - 00000000 ___RD () C:\Users\tkies_000\Dropbox
2015-01-17 22:51 - 2014-01-01 14:29 - 00000000 ____D () C:\Users\tkies_000\AppData\Roaming\Dropbox
2015-01-17 22:51 - 2013-11-20 21:38 - 00000000 ___RD () C:\Users\tkies_000\Google Drive
2015-01-17 22:50 - 2014-09-24 20:28 - 00000000 ___RD () C:\Users\tkies_000\iCloudDrive
2015-01-17 22:50 - 2014-07-05 14:00 - 00000000 __RDO () C:\Users\tkies_000\OneDrive
2015-01-17 22:50 - 2014-03-18 02:50 - 00042484 _____ () C:\WINDOWS\PFRO.log
2015-01-17 22:50 - 2013-08-22 15:46 - 00352429 _____ () C:\WINDOWS\setupact.log
2015-01-17 22:50 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-17 22:50 - 2013-05-20 11:15 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-17 22:49 - 2013-08-22 14:25 - 01048576 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-17 22:44 - 2014-07-05 15:58 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C2FB2F8C-40B7-493B-9256-49BC25AFFB33}
2015-01-17 22:35 - 2013-01-20 19:43 - 00000000 ____D () C:\Users\tkies_000\Software
2015-01-17 22:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-17 21:56 - 2014-07-04 23:09 - 01450932 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-17 21:33 - 2013-01-09 10:23 - 00001152 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-596752582-1759811035-1413813987-1001UA.job
2015-01-17 21:12 - 2013-05-20 11:15 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-17 20:00 - 2014-07-04 22:51 - 00000000 ____D () C:\Users\tkies_000
2015-01-17 19:52 - 2013-01-08 11:17 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-596752582-1759811035-1413813987-1001
2015-01-17 19:28 - 2012-12-18 08:06 - 00000000 ____D () C:\ProgramData\CyberLink
2015-01-17 19:28 - 2012-12-18 08:01 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-17 19:27 - 2012-12-18 08:07 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-01-17 19:14 - 2013-09-16 20:00 - 00000000 ____D () C:\ProgramData\Nero
2015-01-17 19:12 - 2013-09-13 10:13 - 00000000 ____D () C:\Users\tkies_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-01-17 19:12 - 2013-09-13 10:13 - 00000000 ____D () C:\Users\tkies_000\AppData\Roaming\Amazon
2015-01-17 19:03 - 2014-07-04 22:51 - 00000000 ____D () C:\Users\Franziska
2015-01-17 19:03 - 2013-02-10 17:34 - 01029632 ___SH () C:\Users\tkies_000\Desktop\Thumbs.db
2015-01-17 16:35 - 2013-04-23 15:54 - 01801216 ___SH () C:\Users\tkies_000\Downloads\Thumbs.db
2015-01-17 12:55 - 2013-08-15 09:53 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-17 12:45 - 2013-01-09 11:47 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-17 10:38 - 2013-11-08 13:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-17 08:33 - 2013-01-09 10:23 - 00001100 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-596752582-1759811035-1413813987-1001Core.job
2015-01-16 22:20 - 2013-04-14 15:48 - 00000000 ____D () C:\Users\tkies_000\AppData\Local\Apple
2015-01-16 18:05 - 2014-03-18 11:03 - 00006470 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-16 18:05 - 2014-03-18 10:25 - 01335018 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-16 18:05 - 2014-03-18 10:25 - 00344434 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-16 17:57 - 2013-01-10 09:53 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-01-16 17:56 - 2013-01-10 09:52 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-16 09:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-15 04:27 - 2013-01-24 09:53 - 00003186 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleFortkies_000
2015-01-15 04:27 - 2013-01-24 09:53 - 00000364 _____ () C:\WINDOWS\Tasks\HPCeeScheduleFortkies_000.job
2015-01-15 04:25 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-06 11:27 - 2014-07-04 22:45 - 00003281 _____ () C:\WINDOWS\LkmdfCoInst.log
2015-01-06 01:08 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-06 01:08 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-05 17:09 - 2014-07-04 22:45 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2014-12-27 12:58 - 2013-01-09 10:35 - 00000000 ____D () C:\Users\tkies_000\AppData\Local\Thunderbird
2014-12-21 17:08 - 2014-01-01 14:31 - 00000000 ____D () C:\Users\tkies_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-20 17:13 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports

==================== Files in the root of some directories =======
2013-11-16 11:31 - 2013-11-16 11:31 - 0001167 _____ () C:\Users\tkies_000\AppData\Roaming\trace_FilterInstaller.1.txt
2013-11-16 11:31 - 2013-11-16 11:46 - 0000905 _____ () C:\Users\tkies_000\AppData\Roaming\trace_FilterInstaller.txt
2013-11-16 11:31 - 2013-11-16 11:46 - 0000000 _____ () C:\Users\tkies_000\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2013-01-08 11:10 - 2013-01-08 11:10 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some content of TEMP:
====================
C:\Users\tkies_000\AppData\Local\Temp\APNSetup.exe
C:\Users\tkies_000\AppData\Local\Temp\avgnt.exe
C:\Users\tkies_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfnapik.dll
C:\Users\tkies_000\AppData\Local\Temp\Extract.exe
C:\Users\tkies_000\AppData\Local\Temp\iExplorer_Setup_3401.exe
C:\Users\tkies_000\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\tkies_000\AppData\Local\Temp\Quarantine.exe
C:\Users\tkies_000\AppData\Local\Temp\SP64760.exe
C:\Users\tkies_000\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-17 14:33

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 18.01.2015 14:54

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

mephatokles 18.01.2015 23:32
Soo, hier sind die neuen logs:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e626056300557141b8e6b1d94fe142ed
# engine=22025
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-18 08:52:34
# local_time=2015-01-18 09:52:34 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 12567 35032516 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 5504493 35522648 0 0
# scanned=298303
# found=8
# cleaned=0
# scan_time=6814
sh=3B577A8184C0A2368E6C9E32ACD995C87289B8F4 ft=1 fh=b95a9fccbec43cae vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-596752582-1759811035-1413813987-1001\$RPF053B.exe"
sh=183520B3D33EB491AD2E8346F2E5315FB886FAA3 ft=1 fh=74bc3bfeaedc5341 vn="Variante von Win32/InstallCore.OZ evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-596752582-1759811035-1413813987-1001\$RT3IUYF.exe"
sh=84955C3BF8642A2B5916009BEADD040C3C3F1532 ft=1 fh=6bd29db7688a861e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-596752582-1759811035-1413813987-1001\$RTL7TBA.exe"
sh=FB3F7E2BF56F5EA06763303CDAA0E962E975E063 ft=1 fh=c0dea5299389dc4e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\tkies_000\AppData\Local\Temp\DMR\dmr_72.exe"
sh=3D292BF611F3FFBE5DFEE840D189DBD02B880767 ft=1 fh=735a4d3bc1918b95 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\tkies_000\Software\ChemSketch - CHIP-Installer.exe"
sh=846D95D63EDE9508EFC7CEEE1D145D7CE62988C3 ft=1 fh=ec23a4ae3310ce50 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\tkies_000\Software\FreeYouTubeToMP3Converter.exe"
sh=03B90E25CCAABBA4227742B7DB2C6DBB68A99716 ft=1 fh=cc91c5a568129962 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\tkies_000\Software\Allgemein\FreeStudio55.exe"
sh=6E45431B698CDB7BE8F1A41266BE7B327F33AD38 ft=1 fh=e5f91a3476785862 vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="C:\Users\tkies_000\Software\Allgemein\Unlocker1.9.1.exe"

Code:
Results of screen317's Security Check version 0.99.93 
  x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop     
Windows Defender 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 71 
 Adobe Reader XI 
 Mozilla Thunderbird (31.4.0)
 Google Chrome (39.0.2171.95)
 Google Chrome (39.0.2171.99)
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015 02
Ran by tkies_000 (administrator) on BÜRO-PC on 18-01-2015 23:19:51
Running from C:\Users\tkies_000\Downloads
Loaded Profiles: tkies_000 &  (Available profiles: tkies_000 & Franziska)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
() C:\Users\tkies_000\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Spotify Ltd) C:\Users\tkies_000\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Users\tkies_000\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\tkies_000\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\tkies_000\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\tkies_000\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\tkies_000\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\tkies_000\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\tkies_000\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\tkies_000\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-11-14] (Hewlett-Packard )
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-14] (IDT, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [669520 2009-01-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-04-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2014-10-16] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EPSON BX310FN Series] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIFHE.EXE [223232 2008-11-17] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Run: [Google Update] => C:\Users\tkies_000\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-01-09] (Google Inc.)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Run: [GoogleChromeAutoLaunch_B24FCD1D8919BB20DDE7FE1198BA23CC] => C:\Users\tkies_000\AppData\Local\Google\Chrome\Application\chrome.exe [856904 2015-01-09] (Google Inc.)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Run: [Epson Stylus Office BX310FN] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFHE.EXE [223232 2008-11-17] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Run: [Amazon Music] => C:\Users\tkies_000\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-11-19] ()
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Run: [Spotify Web Helper] => C:\Users\tkies_000\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-08] (Spotify Ltd)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\MountPoints2: {33b57798-03c4-11e4-824f-806e6f6e6963} - "E:\Keine_Bange.exe"
HKU\S-1-5-21-596752582-1759811035-1413813987-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\tkies_000\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-01-09] (Google Inc.)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_B24FCD1D8919BB20DDE7FE1198BA23CC] => C:\Users\tkies_000\AppData\Local\Google\Chrome\Application\chrome.exe [856904 2015-01-09] (Google Inc.)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Epson Stylus Office BX310FN] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFHE.EXE [223232 2008-11-17] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Amazon Music] => C:\Users\tkies_000\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-11-19] ()
HKU\S-1-5-21-596752582-1759811035-1413813987-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\tkies_000\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-08] (Spotify Ltd)
HKU\S-1-5-21-596752582-1759811035-1413813987-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {33b57798-03c4-11e4-824f-806e6f6e6963} - "E:\Keine_Bange.exe"
HKU\S-1-5-21-596752582-1759811035-1413813987-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [EPSON BX310FN Series] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIFHE.EXE [223232 2008-11-17] (SEIKO EPSON CORPORATION)
Startup: C:\Users\tkies_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\tkies_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\tkies_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk
ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Startup: C:\Users\tkies_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKU\S-1-5-21-596752582-1759811035-1413813987-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKU\S-1-5-21-596752582-1759811035-1413813987-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKU\S-1-5-21-596752582-1759811035-1413813987-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-596752582-1759811035-1413813987-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
SearchScopes: HKLM -> {CB9D9BCB-2E1B-4A0F-97A5-9D4D3A11F18C} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {CB9D9BCB-2E1B-4A0F-97A5-9D4D3A11F18C} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-596752582-1759811035-1413813987-1001 -> {CB9D9BCB-2E1B-4A0F-97A5-9D4D3A11F18C} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-596752582-1759811035-1413813987-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-596752582-1759811035-1413813987-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {CB9D9BCB-2E1B-4A0F-97A5-9D4D3A11F18C} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-596752582-1759811035-1413813987-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-596752582-1759811035-1413813987-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-596752582-1759811035-1413813987-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-596752582-1759811035-1413813987-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {CB9D9BCB-2E1B-4A0F-97A5-9D4D3A11F18C} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-596752582-1759811035-1413813987-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\tkies_000\AppData\Roaming\Mozilla\Firefox\Profiles\x94gsevh.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-596752582-1759811035-1413813987-1001: @tools.google.com/Google Update;version=3 -> C:\Users\tkies_000\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-596752582-1759811035-1413813987-1001: @tools.google.com/Google Update;version=9 -> C:\Users\tkies_000\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-596752582-1759811035-1413813987-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\tkies_000\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-596752582-1759811035-1413813987-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\tkies_000\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-03-13]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovigo.com/?gd=&ctid=CT3319434&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=4&UP=SP82D2770F-4B03-4798-B94F-93571658B2DE&SSPV=
CHR StartupUrls: Default -> "hxxp://www.google.de/", "hxxp://www.google.de/"
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Users\tkies_000\AppData\Local\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\tkies_000\AppData\Local\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\tkies_000\AppData\Local\Google\Chrome\Application\39.0.2171.99\pdf.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.0.0.72_0\npcoplgn.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\tkies_000\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2013-11-20]
CHR Extension: (Google Drive) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (Brushed) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg [2013-01-11]
CHR Extension: (YouTube) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-09]
CHR Extension: (Google-Suche) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-09]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-03-14]
CHR Extension: (Google Kalender) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-12-03]
CHR Extension: (Google Tabellen) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2013-11-20]
CHR Extension: (iCloud-Lesezeichen) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2013-12-04]
CHR Extension: (Avira Browserschutz) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-05]
CHR Extension: (ProxMate - Proxy on steroids!) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm [2013-02-19]
CHR Extension: (WEB.DE MailCheck) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2014-11-07]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-09]
CHR Extension: (Google Maps) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-01-10]
CHR Extension: (Google Wallet) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\tkies_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-09]
CHR HKU\S-1-5-21-596752582-1759811035-1413813987-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKU\S-1-5-21-596752582-1759811035-1413813987-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-23] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2013-11-14] (IDT, Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-04] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-03] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43064 2014-10-16] (Avira Operations GmbH & Co. KG)
R3 cbfs3; C:\Windows\System32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-18 22:06 - 2015-01-18 22:06 - 00000733 _____ () C:\Users\tkies_000\Desktop\checkup.txt
2015-01-18 18:59 - 2015-01-18 18:59 - 02347384 _____ (ESET) C:\Users\tkies_000\Downloads\esetsmartinstaller_deu.exe
2015-01-17 22:53 - 2015-01-18 23:19 - 00000000 ____D () C:\Users\tkies_000\Downloads\FRST-OlderVersion
2015-01-17 22:46 - 2015-01-17 22:46 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-17 22:45 - 2015-01-17 22:45 - 01707939 _____ (Thisisu) C:\Users\tkies_000\Downloads\JRT.exe
2015-01-17 22:36 - 2015-01-17 22:40 - 00000000 ____D () C:\AdwCleaner
2015-01-17 22:35 - 2015-01-17 22:35 - 02186752 _____ () C:\Users\tkies_000\Downloads\AdwCleaner_4.108.exe
2015-01-17 19:35 - 2015-01-18 18:59 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-17 19:34 - 2015-01-17 19:34 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-17 19:34 - 2015-01-17 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-17 19:34 - 2015-01-17 19:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-17 19:34 - 2015-01-17 19:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-17 19:34 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-17 19:34 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-17 19:34 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-17 19:33 - 2015-01-17 19:34 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\tkies_000\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-17 19:01 - 2015-01-17 19:01 - 00001282 _____ () C:\Users\tkies_000\Desktop\Revo Uninstaller.lnk
2015-01-17 19:01 - 2015-01-17 19:01 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-17 19:00 - 2015-01-17 19:00 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\tkies_000\Downloads\revosetup95.exe
2015-01-17 00:33 - 2015-01-17 00:33 - 00017189 _____ () C:\Users\tkies_000\Downloads\Gmer.txt
2015-01-17 00:28 - 2015-01-17 00:28 - 00380416 _____ () C:\Users\tkies_000\Downloads\Gmer-19357.exe
2015-01-16 23:42 - 2015-01-16 23:43 - 00041481 _____ () C:\Users\tkies_000\Downloads\Addition.txt
2015-01-16 23:41 - 2015-01-18 23:19 - 00030129 _____ () C:\Users\tkies_000\Downloads\FRST.txt
2015-01-16 23:40 - 2015-01-18 23:19 - 02126848 _____ (Farbar) C:\Users\tkies_000\Downloads\FRST64.exe
2015-01-16 23:40 - 2015-01-18 23:19 - 00000000 ____D () C:\FRST
2015-01-16 23:39 - 2015-01-16 23:39 - 00000480 _____ () C:\Users\tkies_000\Downloads\defogger_disable.log
2015-01-16 23:39 - 2015-01-16 23:39 - 00000000 _____ () C:\Users\tkies_000\defogger_reenable
2015-01-16 22:43 - 2015-01-16 22:43 - 00000000 ____D () C:\Users\tkies_000\Documents\Pics4Presi
2015-01-16 22:43 - 2014-12-22 14:29 - 00014123 _____ () C:\Users\tkies_000\Documents\Weihnachtsplan.xlsx
2015-01-16 22:43 - 2014-12-03 09:14 - 00142751 _____ () C:\Users\tkies_000\Documents\Evaluation Parvex_new.xlsx
2015-01-16 22:26 - 2015-01-16 22:26 - 00050477 _____ () C:\Users\tkies_000\Downloads\Defogger.exe
2015-01-16 19:11 - 2014-11-05 15:36 - 29490708 _____ () C:\Users\tkies_000\Documents\I'm an Albatraoz - AronChupa.wav
2015-01-16 19:11 - 2014-08-25 17:01 - 00032256 _____ () C:\Users\tkies_000\Documents\Vorlesungsplan PT WS14 15.xls
2015-01-15 04:20 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-15 04:20 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-15 04:20 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-15 04:20 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-15 04:20 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-15 04:20 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-15 04:20 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-15 04:20 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-15 04:20 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-15 04:20 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-15 04:20 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-15 04:20 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-15 04:20 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-15 04:20 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-15 04:20 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-15 04:20 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-15 04:20 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-15 04:20 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-15 04:20 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-15 04:20 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-15 04:20 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-15 04:20 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-15 04:20 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-15 04:20 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-15 04:20 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-15 04:20 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-15 04:20 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-15 04:20 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-15 04:20 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-15 04:20 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-15 04:20 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-08 19:06 - 2015-01-18 17:42 - 00000000 ____D () C:\Users\tkies_000\AppData\Roaming\Spotify
2015-01-08 19:06 - 2015-01-18 02:07 - 00000000 ____D () C:\Users\tkies_000\AppData\Local\Spotify
2015-01-08 19:06 - 2015-01-08 19:06 - 00001860 _____ () C:\Users\tkies_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-12-27 12:55 - 2014-12-27 12:55 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-18 23:19 - 2013-04-14 15:48 - 00000000 ____D () C:\Users\tkies_000\AppData\Local\Apple
2015-01-18 23:12 - 2013-05-20 11:15 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-18 23:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-18 22:33 - 2013-01-09 10:23 - 00001152 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-596752582-1759811035-1413813987-1001UA.job
2015-01-18 21:19 - 2014-07-04 23:09 - 01876896 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-18 19:53 - 2014-07-05 15:58 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C2FB2F8C-40B7-493B-9256-49BC25AFFB33}
2015-01-18 19:16 - 2014-03-18 11:03 - 00006470 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-18 19:16 - 2014-03-18 10:25 - 01480438 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-18 19:16 - 2014-03-18 10:25 - 00389614 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-18 18:52 - 2014-01-01 14:34 - 00000000 ___RD () C:\Users\tkies_000\Dropbox
2015-01-18 18:52 - 2014-01-01 14:29 - 00000000 ____D () C:\Users\tkies_000\AppData\Roaming\Dropbox
2015-01-18 18:52 - 2013-11-20 21:38 - 00000000 ___RD () C:\Users\tkies_000\Google Drive
2015-01-18 18:51 - 2014-09-24 20:28 - 00000000 ___RD () C:\Users\tkies_000\iCloudDrive
2015-01-18 18:51 - 2014-07-05 14:00 - 00000000 ___DO () C:\Users\tkies_000\OneDrive
2015-01-18 18:51 - 2013-08-22 15:46 - 00354560 _____ () C:\WINDOWS\setupact.log
2015-01-18 18:51 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-18 18:51 - 2013-05-20 11:15 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-18 18:50 - 2013-08-22 14:25 - 01048576 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-18 13:22 - 2013-01-10 09:53 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-01-18 13:22 - 2013-01-10 09:52 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-18 01:40 - 2014-07-04 22:45 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2015-01-18 01:40 - 2014-07-04 22:45 - 00003725 _____ () C:\WINDOWS\LkmdfCoInst.log
2015-01-17 22:50 - 2014-03-18 02:50 - 00042484 _____ () C:\WINDOWS\PFRO.log
2015-01-17 22:35 - 2013-01-20 19:43 - 00000000 ____D () C:\Users\tkies_000\Software
2015-01-17 20:00 - 2014-07-04 22:51 - 00000000 ____D () C:\Users\tkies_000
2015-01-17 19:52 - 2013-01-08 11:17 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-596752582-1759811035-1413813987-1001
2015-01-17 19:28 - 2012-12-18 08:06 - 00000000 ____D () C:\ProgramData\CyberLink
2015-01-17 19:28 - 2012-12-18 08:01 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-17 19:27 - 2012-12-18 08:07 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-01-17 19:14 - 2013-09-16 20:00 - 00000000 ____D () C:\ProgramData\Nero
2015-01-17 19:12 - 2013-09-13 10:13 - 00000000 ____D () C:\Users\tkies_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-01-17 19:12 - 2013-09-13 10:13 - 00000000 ____D () C:\Users\tkies_000\AppData\Roaming\Amazon
2015-01-17 19:03 - 2014-07-04 22:51 - 00000000 ____D () C:\Users\Franziska
2015-01-17 19:03 - 2013-02-10 17:34 - 01029632 ___SH () C:\Users\tkies_000\Desktop\Thumbs.db
2015-01-17 16:35 - 2013-04-23 15:54 - 01801216 ___SH () C:\Users\tkies_000\Downloads\Thumbs.db
2015-01-17 12:55 - 2013-08-15 09:53 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-17 12:45 - 2013-01-09 11:47 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-17 10:38 - 2013-11-08 13:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-17 08:33 - 2013-01-09 10:23 - 00001100 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-596752582-1759811035-1413813987-1001Core.job
2015-01-16 09:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-15 04:27 - 2013-01-24 09:53 - 00003186 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleFortkies_000
2015-01-15 04:27 - 2013-01-24 09:53 - 00000364 _____ () C:\WINDOWS\Tasks\HPCeeScheduleFortkies_000.job
2015-01-15 04:25 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-06 01:08 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-06 01:08 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-27 12:58 - 2013-01-09 10:35 - 00000000 ____D () C:\Users\tkies_000\AppData\Local\Thunderbird
2014-12-21 17:08 - 2014-01-01 14:31 - 00000000 ____D () C:\Users\tkies_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-20 17:13 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports

==================== Files in the root of some directories =======
2013-11-16 11:31 - 2013-11-16 11:31 - 0001167 _____ () C:\Users\tkies_000\AppData\Roaming\trace_FilterInstaller.1.txt
2013-11-16 11:31 - 2013-11-16 11:46 - 0000905 _____ () C:\Users\tkies_000\AppData\Roaming\trace_FilterInstaller.txt
2013-11-16 11:31 - 2013-11-16 11:46 - 0000000 _____ () C:\Users\tkies_000\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2013-01-08 11:10 - 2013-01-08 11:10 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some content of TEMP:
====================
C:\Users\tkies_000\AppData\Local\Temp\APNSetup.exe
C:\Users\tkies_000\AppData\Local\Temp\avgnt.exe
C:\Users\tkies_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkfprsn.dll
C:\Users\tkies_000\AppData\Local\Temp\Extract.exe
C:\Users\tkies_000\AppData\Local\Temp\iExplorer_Setup_3401.exe
C:\Users\tkies_000\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\tkies_000\AppData\Local\Temp\Quarantine.exe
C:\Users\tkies_000\AppData\Local\Temp\SP64760.exe
C:\Users\tkies_000\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-18 19:04

==================== End Of Log ============================
--- --- ---

--- --- ---


Der Rechner läuft aktuell stabil. Was die "Nachtaktivität" betrifft werde ich wohl erst nach einer gewissen Beobachtungszeit sagen können ob sich da noch etwas tut.

Ansonsten werde ich bezüglich der "Einfrier-Problematik" jetzt mal ein paar Stresstests machen.

Was haben denn die Programme gefunden?

Beste Grüße,

mephatokles

schrauber 19.01.2015 15:19
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\$Recycle.Bin
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Wir haben ne Menge Adware entfernt. Dann teste jetzt mal ausgiebig :)

mephatokles 19.01.2015 22:58
Hier die Logfile:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by tkies_000 at 2015-01-19 22:47:49 Run:1
Running from C:\Users\tkies_000\Downloads\FRST-OlderVersion
Loaded Profiles: tkies_000 &  (Available profiles: tkies_000 & Franziska)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\$Recycle.Bin
Emptytemp:
*****************

C:\$Recycle.Bin => Moved successfully.
EmptyTemp: => Removed 2.7 GB temporary data.


The system needed a reboot.

==== End of Fixlog 22:49:08 ====
Bis her läuft alles rund und heute Nacht war seid langem mal wieder Ruhe. Ich habe noch nicht alle Anwendungen, bei denen ich sonst Probleme hatte getestet, aber der erste Eindruck ist wirklich gut!

Ich möchte mich an dieser Stelle schon mal bedanken für die schnelle Reaktion und die gute Hilfe.

Beste Grüße,

mephatokles

schrauber 20.01.2015 12:36
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

mephatokles 02.02.2015 22:29
Ich habe den Computer nun eine ganze Weile ohne Probleme benutzt und würde das Problem als gelöst ansehen.

Vielen Dank für die kompetente Unterstützung!

schrauber 03.02.2015 09:38
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:07 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131