Defender neuerdings deaktiviert und trotz Admin teilweise kein Zugriff

y.p. · 24.05.2015, 11:23

Hallo liebes Trojaner Board Team,

seit einigen Tagen (oder Wochen) läuft mein Laptop sehr langsam. Hatte ständig Popups, die ich durch deaktivieren des ads by yellow adblocker beheben konnte. Der Defender ist neuerdings deaktivieert und lässt sich auch nicht mehr aktivieren...pfad nicht gefunden.
Ich hatte selber schon versucht das Problem zu beseitigen. Mit Spybot Tiefenscan, Malwarebytes konnte ich nicht installieren...kein Zugriff!!!???
Habe mit GMER einen Rootkit Fund....fertig oder hat er nur gestoppt...habe das Fenster jetzt erstmal so gelassen

FRST habe ich auch durchlaufen lassen
Könnt ihr mir helfen?
Meine Tochter nutzt übrigens auch das Laptop hin und wieder

Viele Grüße
y.

schrauber · 24.05.2015, 11:36

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

y.p. · 24.05.2015, 21:38

FRST Logfile:
[CODE]Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-05-2015 01
Ran by Yvonne (administrator) on YVONNE-PC on 23-05-2015 22:39:28
Running from c:\Users\Yvonne\Downloads
Loaded Profiles: Yvonne (Available Profiles: Yvonne)
Platform: Microsoft® Windows Vista™ Home Premium (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\FitbitConnectService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(NETGEAR) C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Fujitsu Siemens Computers) C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files\Microtek\ScanWizard EZ\ScannerFinder.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\Fitbit Connect.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(NETGEAR Inc.) C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
() C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Apple Inc.) C:\Program Files\Safari\Safari.exe
(Apple Inc.) C:\Program Files\Safari\Apple Application Support\WebKit2WebProcess.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1006264 2007-10-22] (Microsoft Corporation)
HKLM-x32\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4669440 2007-07-06] (Realtek Semiconductor)
HKLM-x32\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [192512 2007-07-26] (Wistron)
HKLM-x32\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-08-17] (Synaptics, Inc.)
HKLM-x32\...\Run: [iRiver Updater] => C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe [204800 2004-03-10] (Moodlogic)
HKLM-x32\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-02] (Apple Inc.)
HKLM\...\Run: [CtrlVol] => C:\Program Files\Launch Manager\CtrlVol.exe
HKLM\...\Run: [LaunchAp] => C:\Program Files\Launch Manager\LaunchAp.exe
HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\WButton.exe
HKLM-x32\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-03-21] (Intel Corporation)
HKLM-x32\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [141848 2008-02-11] (Intel Corporation)
HKLM-x32\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [166424 2008-02-11] (Intel Corporation)
HKLM-x32\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [133656 2008-02-11] (Intel Corporation)
HKLM-x32\...\Run: [EZScannerFinder] => C:\Program Files\Microtek\ScanWizard EZ\ScannerFinder.exe [364544 2011-12-08] ()
HKLM-x32\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM\...\Run: [IR_SERVER] => C:\PROGRA~1\Realtek\REALTE~1\IR_SERVER.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4923832 2015-05-10] (Emsisoft Ltd)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1194378828-3497186720-2763471804-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125440 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-1194378828-3497186720-2763471804-1000\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
HKU\S-1-5-21-1194378828-3497186720-2763471804-1000\...\Run: [Mondvd] => C:\Users\Yvonne\AppData\Roaming\Crtreg\tordep.exe [0 2011-05-06] ()
HKU\S-1-5-21-1194378828-3497186720-2763471804-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Yvonne\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-1194378828-3497186720-2763471804-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-1194378828-3497186720-2763471804-1000\...\Run: [NETGEARGenie] => C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2013-11-14] (NETGEAR Inc.)
HKU\S-1-5-21-1194378828-3497186720-2763471804-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [201728 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-1194378828-3497186720-2763471804-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-1194378828-3497186720-2763471804-1000\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKU\S-1-5-21-1194378828-3497186720-2763471804-1000\...\RunOnce: [Shockwave Updater] => C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1100465.exe [447928 2008-08-06] (Adobe Systems, Inc.)
HKU\S-1-5-21-1194378828-3497186720-2763471804-1000\...\MountPoints2: {4db4d370-4153-11dd-af81-0016d38cbbf3} - F:\InstallTomTomHOME.exe
HKU\S-1-5-21-1194378828-3497186720-2763471804-1000\...\MountPoints2: {ae0b658e-b2b9-11df-9954-0016d38cbbf3} - F:\USBAutoRun.exe
HKU\S-1-5-21-1194378828-3497186720-2763471804-1000\...\MountPoints2: {c98f9f70-e31b-11e1-b13c-0016d38cbbf3} - F:\Password.exe
HKU\S-1-5-21-1194378828-3497186720-2763471804-1000\...\MountPoints2: {ea356b6d-51a8-11e1-91b0-0016d38cbbf3} - F:\USBAutoRun.exe
HKU\S-1-5-21-1194378828-3497186720-2763471804-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\MAGENT~1.SCR
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2014-06-22]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Password .lnk [2012-08-10]
ShortcutTarget: Password .lnk -> C:\Windows\Temp\Password .exe (No File)
Startup: C:\Users\Yvonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\recovery-clockwork-touch-6.0.2.8-golden.tar.md5.lnk [2015-03-10]
ShortcutTarget: recovery-clockwork-touch-6.0.2.8-golden.tar.md5.lnk -> C:\ProgramData\{b40bae65-56c6-1006-b40b-bae6556cb995}\recovery-clockwork-touch-6.0.2.8-golden.tar.md5.exe (No File)
BootExecute: autocheck autochk /p \??\F:autocheck autochk * sdnclean.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1194378828-3497186720-2763471804-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1194378828-3497186720-2763471804-1000 -> {CD10120B-C165-4f8d-8C74-639629E238FF} URL = hxxp://mystart.magentic.com/english/?search={searchTerms}&loc=search_box
Toolbar: HKU\S-1-5-21-1194378828-3497186720-2763471804-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-08] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2008-08-06] (Adobe Systems, Inc.)
FF Plugin: @bittorrent.com/BitTorrentDNA -> C:\Program Files\DNA\plugins\npbtdna.dll [2008-10-19] (BitTorrent, Inc.)
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-08] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> D:\VLC\npvlc.dll [2013-06-07] (VideoLAN)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-17]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager DEV) - C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-23]
CHR Extension: (Google Wallet) - C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-23]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [5164328 2015-05-10] (Emsisoft Ltd)
R2 AdobeActiveFileMonitor9.0; C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-30] (Adobe Systems Incorporated)
R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.)
R2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195840 2013-11-14] (NETGEAR)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 TestHandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [204800 2006-12-08] (Fujitsu Siemens Computers) []
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [355584 2008-07-16] (TuneUp Software GmbH)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [265912 2007-10-22] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118784 2006-11-17] (Wistron Corp.) []
S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation) []
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]
S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [385072 2008-03-18] (Symantec Corporation)
R1 epp32; C:\Windows\System32\DRIVERS\epp32.sys [111368 2015-03-24] (Emsisoft GmbH)
R1 Hotkey; C:\Windows\system32\Drivers\Hotkey.sys [9867 2003-04-28] () []
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51056 2003-05-14] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2003-05-14] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21488 2003-05-14] (HP)
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [48256 2007-06-13] (JMicron Technology Corp.)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35088 2014-04-10] (CACE Technologies, Inc.)
S3 RTL2832UBDA; C:\Windows\System32\drivers\RTL2832UBDA.sys [188520 2011-05-17] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\System32\Drivers\RTL2832UUSB.sys [32872 2011-05-17] (REALTEK SEMICONDUCTOR Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
S4 viamraid; C:\Windows\system32\drivers\viamraid.sys [102912 2006-11-08] (VIA Technologies inc,.ltd)
S2 ASPI32; No ImagePath
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
S0 IFP800; system32\drivers\ifp800.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-23 22:35 - 2015-05-23 22:35 - 00050477 _____ () C:\Users\Yvonne\Downloads\Defogger-1.exe
2015-05-23 21:59 - 2015-05-23 21:59 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-05-23 21:32 - 2015-05-23 21:32 - 00000854 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-05-23 21:32 - 2015-05-23 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-05-23 21:31 - 2015-03-24 00:17 - 00111368 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp32.sys
2015-05-23 21:30 - 2015-05-23 22:30 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2015-05-23 21:25 - 2015-05-23 21:29 - 163617512 _____ (Emsisoft Ltd. ) C:\Users\Yvonne\Downloads\EmsisoftAntiMalwareSetup_10.0.0.5366.exe
2015-05-23 21:17 - 2015-05-23 12:29 - 02720636 _____ (Thisisu) C:\Users\Yvonne\Desktop\JRT_NEW.exe
2015-05-23 21:16 - 2015-05-23 21:16 - 02720009 _____ (Thisisu) C:\Users\Yvonne\Downloads\JRT-6.7.6.exe
2015-05-23 20:50 - 2015-05-23 20:50 - 00000388 _____ () C:\Windows\PFRO.log
2015-05-23 19:43 - 2015-04-17 17:16 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Yvonne\Downloads\mbam-setup-majorgeeks-2.1.6.1022.exe
2015-05-23 19:25 - 2015-05-23 19:25 - 00000000 ____D () C:\Users\Yvonne\Downloads\FRST-OlderVersion
2015-05-23 18:54 - 2015-05-23 19:13 - 00000000 ___DC () C:\AdwCleaner
2015-05-23 18:51 - 2015-05-21 19:26 - 02209792 _____ () C:\Users\Yvonne\Downloads\adwcleaner_4.205.exe
2015-05-22 09:27 - 2015-05-22 09:27 - 00000000 ____D () C:\Users\Yvonne\Documents\Simply Super Software
2015-05-22 00:19 - 2015-05-22 00:19 - 00380416 _____ () C:\Users\Yvonne\Downloads\Gmer-19357 (2).exe
2015-05-22 00:19 - 2015-05-22 00:19 - 00380416 _____ () C:\Users\Yvonne\Downloads\Gmer-19357 (1).exe
2015-05-22 00:17 - 2015-05-22 00:17 - 00380416 _____ () C:\Users\Yvonne\Downloads\Gmer-19357.exe
2015-05-21 16:07 - 2015-05-21 16:20 - 00050467 _____ () C:\Users\Yvonne\Downloads\Addition.txt
2015-05-21 16:03 - 2015-05-23 22:39 - 00018071 _____ () C:\Users\Yvonne\Downloads\FRST.txt
2015-05-21 16:02 - 2015-05-23 22:39 - 00000000 ___DC () C:\FRST
2015-05-21 16:02 - 2015-05-23 19:25 - 01147392 ____C (Farbar) C:\Users\Yvonne\Downloads\FRST.exe
2015-05-21 15:59 - 2015-05-21 15:59 - 00050477 _____ () C:\Users\Yvonne\Downloads\Defogger (1).exe
2015-05-21 15:58 - 2015-05-23 22:38 - 00000246 _____ () C:\Users\Yvonne\Downloads\defogger_enable.log
2015-05-21 15:57 - 2015-05-23 22:37 - 00000448 _____ () C:\Users\Yvonne\Downloads\defogger_disable.log
2015-05-21 15:55 - 2015-05-21 15:55 - 00050477 _____ () C:\Users\Yvonne\Downloads\Defogger.exe
2015-05-21 15:04 - 2015-05-21 15:05 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Yvonne\Downloads\mbam-setup-2.1.6.1022 (1).exe
2015-05-21 14:58 - 2015-05-21 14:59 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Yvonne\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-21 14:17 - 2015-05-21 14:18 - 32535832 _____ (Microsoft Corporation) C:\Users\Yvonne\Downloads\mpas-fe (2).exe
2015-05-21 14:10 - 2015-05-21 14:10 - 32535832 _____ (Microsoft Corporation) C:\Users\Yvonne\Downloads\mpas-fe (1).exe
2015-05-21 14:05 - 2015-05-21 14:05 - 32535832 _____ (Microsoft Corporation) C:\Users\Yvonne\Downloads\mpas-fe.exe
2015-05-21 11:45 - 2015-05-21 11:46 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Yvonne\Downloads\spybot-2.4.exe
2015-05-21 10:33 - 2015-05-23 18:36 - 00000024 _____ () C:\Users\Yvonne\AppData\Roaming\appdataFr25.bin
2015-05-19 11:52 - 2015-05-21 13:25 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-19 11:52 - 2015-05-19 11:52 - 00000000 ____D () C:\ProgramData\Licenses
2015-05-19 11:50 - 2015-05-22 09:24 - 00000000 ____D () C:\Program Files\Trojan Remover
2015-05-19 11:48 - 2015-05-19 11:49 - 35218576 _____ (Simply Super Software ) C:\Users\Yvonne\Downloads\trjsetup692.exe
2015-05-08 15:01 - 2015-05-23 22:00 - 00000000 ____D () C:\Program Files\sound on click
2015-05-08 13:44 - 2015-05-23 22:00 - 00000000 ____D () C:\Program Files\OGame Debris Fields Finder Extension
2015-05-08 12:59 - 2015-05-21 20:32 - 00001929 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-08 12:59 - 2015-05-08 12:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-08 12:55 - 2015-05-23 22:11 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-08 12:55 - 2015-05-23 21:44 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-23 22:38 - 2008-04-16 17:53 - 00000000 ____D () C:\Users\Yvonne
2015-05-23 22:05 - 2011-11-26 12:09 - 01425958 _____ () C:\Windows\WindowsUpdate.log
2015-05-23 22:00 - 2015-03-10 11:04 - 00000000 ____D () C:\Program Files\Cool Clock
2015-05-23 22:00 - 2008-07-16 17:04 - 00000502 _____ () C:\Windows\Tasks\1-Klick-Wartung.job
2015-05-23 21:57 - 2012-04-22 17:39 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-23 21:44 - 2013-04-02 16:22 - 00000620 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-05-23 21:43 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-23 21:43 - 2006-11-02 14:47 - 00003072 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-23 21:43 - 2006-11-02 14:47 - 00003072 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-23 21:42 - 2006-11-02 15:01 - 00032638 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-23 20:56 - 2014-03-02 23:17 - 00000000 ____D () C:\Program Files\Wondershare
2015-05-23 19:52 - 2011-06-21 11:15 - 00000000 ____D () C:\Windows\Minidump
2015-05-23 19:39 - 2015-03-09 19:37 - 00000000 ____D () C:\Program Files\Kingo ROOT
2015-05-23 19:13 - 2009-12-06 14:04 - 00000000 ____D () C:\ProgramData\ICQ
2015-05-19 10:44 - 2013-08-14 09:06 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-19 10:20 - 2012-03-09 14:57 - 01522352 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-19 10:20 - 2006-11-02 12:24 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-05-19 10:12 - 2012-06-19 09:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-17 12:33 - 2007-10-22 05:07 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-17 12:22 - 2012-06-19 09:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-14 11:08 - 2010-08-10 22:26 - 00000000 ____D () C:\ProgramData\Skype
2015-05-08 15:27 - 2014-07-24 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-05-08 15:27 - 2013-11-20 12:23 - 00000000 ____D () C:\ProgramData\Oracle
2015-05-08 15:27 - 2013-11-20 12:14 - 00000000 ____D () C:\Program Files\Java
2015-05-08 13:03 - 2010-08-05 13:32 - 00000000 ____D () C:\Users\Yvonne\AppData\Local\Google
2015-05-08 12:59 - 2012-04-22 17:39 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-08 12:59 - 2011-07-31 11:25 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-08 12:58 - 2010-08-05 13:32 - 00000000 ____D () C:\Program Files\Google
2015-05-08 12:52 - 2012-01-10 14:09 - 00000680 _____ () C:\Users\Yvonne\AppData\Local\d3d9caps.dat

==================== Files in the root of some directories =======

2007-03-12 18:59 - 2007-03-12 18:59 - 0299008 _____ () C:\Program Files\navigram_register.exe
2011-09-07 11:59 - 2011-12-22 15:15 - 0000065 _____ () C:\Users\Yvonne\AppData\Roaming\AcroIEHelpe.txt
2015-05-21 10:33 - 2015-05-23 18:36 - 0000024 _____ () C:\Users\Yvonne\AppData\Roaming\appdataFr25.bin
2015-03-04 22:35 - 2015-03-04 22:35 - 0000182 _____ () C:\Users\Yvonne\AppData\Roaming\Safer-Networking.log
2011-09-07 11:59 - 2011-09-09 17:01 - 0000136 _____ () C:\Users\Yvonne\AppData\Roaming\srvblck2.tmp
2008-08-14 13:14 - 2015-03-04 23:20 - 0002562 _____ () C:\Users\Yvonne\AppData\Roaming\wklnhst.dat
2012-01-10 14:09 - 2015-05-08 12:52 - 0000680 _____ () C:\Users\Yvonne\AppData\Local\d3d9caps.dat
2008-04-23 14:47 - 2014-12-28 20:40 - 0011264 _____ () C:\Users\Yvonne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-14 21:40 - 2012-05-15 09:22 - 0000000 _____ () C:\ProgramData\-Z2raQ8AxBGUAWU
2012-05-14 21:40 - 2012-05-15 09:22 - 0000176 _____ () C:\ProgramData\-Z2raQ8AxBGUAWUr
2008-04-21 10:02 - 2008-04-21 10:09 - 0000254 _____ () C:\ProgramData\hpzinstall.log
2012-05-14 21:12 - 2012-05-15 09:22 - 0000256 _____ () C:\ProgramData\Z2raQ8AxBGUAWU

Some files in TEMP:
====================
C:\Users\Yvonne\AppData\Local\Temp\Quarantine.exe
C:\Users\Yvonne\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-23 22:00

==================== End of log ============================

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-05-2015
Ran by Yvonne at 2015-05-21 16:15:35
Running from C:\Users\Yvonne\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1194378828-3497186720-2763471804-500 - Administrator - Disabled)
Gast (S-1-5-21-1194378828-3497186720-2763471804-501 - Limited - Disabled)
Yvonne (S-1-5-21-1194378828-3497186720-2763471804-1000 - Administrator - Enabled) => C:\Users\Yvonne

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (HKLM\...\Adobe Photoshop Elements 9) (Version: 9.0.3.0 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)
AlLSaveorr (HKLM\...\{F5853CDF-2C63-6D1D-B286-CBB1CD5DFD62}) (Version:  - "") <==== ATTENTION
Apple Application Support (HKLM\...\{343666E2-A059-48AC-AD67-230BF74E2DB2}) (Version: 2.1.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BlockIt Ad remover (HKLM\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - BlockIt Ad remover) <==== ATTENTION
BrickFixer (HKLM\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{bff42538}) (Version:  - BrickFixer) <==== ATTENTION
Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC) (Version: 8.9.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional (HKLM\...\Digital Photo Professional) (Version: 3.12.10.2 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM\...\ImageBrowser EX) (Version: 1.4.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Cool Clock (HKLM\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version:  - ) <==== ATTENTION
DigiCOOupon (HKLM\...\{CE94DD89-7404-B4B9-E713-E55CC0AB6C3B}) (Version:  - "") <==== ATTENTION
DiscouNtExteNSi (HKLM\...\{B138259A-351E-33FA-2726-8D71704F1DA9}) (Version:  - "") <==== ATTENTION
Elements 9 Organizer (Version: 9.0 - Ihr Firmenname) Hidden
Elements STI Installer (Version: 1.0 - Adobe Systems Incorporated) Hidden
ExstraSavinngS (HKLM\...\{C637A71C-A4B2-4B47-1B2A-1042A8D525A3}) (Version:  - "") <==== ATTENTION
FirstSteps Diagnostics (HKLM\...\{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}) (Version: 1.00 - Fujitsu Siemens Computers)
Fitbit Connect (HKLM\...\{01DBAE58-A927-49E3-8816-A72FF36D620A}) (Version: 2.0.0.6512 - Fitbit Inc.)
Free WMA to MP3 Converter 1.16 (HKLM\...\Free WMA to MP3 Converter_is1) (Version:  - Jodix Technologies Ltd.)
Free YouTube to MP3 Converter version 3.11.35.1031 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.35.1031 - DVDVideoSoft Ltd.)
FUen2Save (HKLM\...\{9D9BEFAE-9499-F52B-6CC4-94818CCC2AB5}) (Version:  - "") <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Haappy2oSaVVe (HKLM\...\{E957849A-94AC-6F46-4623-C31474E3C170}) (Version:  - "") <==== ATTENTION
Infineon USB driver 1.0.0.6 (HKLM\...\Infineon USB driver_is1) (Version:  - Infineon)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.650 - Oracle)
Kingo ROOT version 1.3.4.2252 (HKLM\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.3.4.2252 - Kingosoft Technology Ltd.)
K-Lite Mega Codec Pack 10.0.0 (HKLM\...\KLiteCodecPack_is1) (Version: 10.0.0 - )
Launch Manager V1.4.9 (HKLM\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.4.9 - Wistron Corp.)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-1194378828-3497186720-2763471804-1000\...\MyFreeCodec) (Version:  - )
NETGEAR Genie (HKLM\...\NETGEAR Genie) (Version: 2.3.1.13 - NETGEAR Inc.)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PDF24 Creator 6.9.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Popup Blocker Pro (HKLM\...\{35E13884-BAC3-5F4A-799B-05F882E0BD9F}) (Version:  - "") <==== ATTENTION
RaanDomPriceo (HKLM\...\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}) (Version:  - "") <==== ATTENTION
REALTEK DTV USB DEVICE (HKLM\...\{DDBB7C89-1A09-441E-AA0F-6AA465755C17}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
ScanWizard EZ (HKLM\...\{30413CCE-D4FD-4314-A8F8-FB6D962CBD3F}) (Version:  - )
Skype™ 5.10 (HKLM\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
sound on click (HKLM\...\{F6A71DC7-28F4-C6C7-8FA9-8A56C80FC96A}) (Version:  - "") <==== ATTENTION
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
SupervisionCam (HKLM\...\SupervisionCam) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.12.0 - Synaptics)
TomTom HOME (HKLM\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Trojan Remover 6.9.2 (HKLM\...\Trojan Remover_is1) (Version: 6.9.2 - Simply Super Software)
UniDeailasa (HKLM\...\{11F6D5AB-263F-388E-74DE-E3DECD390E3F}) (Version:  - ) <==== ATTENTION
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
USB Flash Port Driver (HKLM\...\{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}) (Version: 1.00.0000 - Infineon Technologies)
VistawinExit 3 Freeware (HKLM\...\ST6UNST #1) (Version:  - )
VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Windows Live Anmelde-Assistent (HKLM\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live installer (HKLM\...\{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}) (Version: 12.0.1471.1025 - Microsoft Corporation)
Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB  (04/16/2009 1.0.0.6) (HKLM\...\7D6D030B3D73FCCA3D4E45319380F315DFBE7A54) (Version: 04/16/2009 1.0.0.6 - Infineon Technologies)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
WinZip 11.1 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}) (Version: 11.1.7466g - WinZip Computing, S.L. )
Wondershare PDF Converter Pro (Build 4.0.1) (HKLM\...\{67CC8351-9D8B-4EDF-AAEE-B8CB17E5F3AC}_is1) (Version: 4.0.1 - Wondershare Software)
XRECODE (HKLM\...\XRECODE_is1) (Version:  - )
youtubeadblocker (HKLM\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version:  - ) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1194378828-3497186720-2763471804-1000_Classes\CLSID\{00021401-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1194378828-3497186720-2763471804-1000_Classes\CLSID\{4955DD33-B159-11D0-8FCF-00AA006BCC59}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1194378828-3497186720-2763471804-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1194378828-3497186720-2763471804-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Yvonne\AppData\Local\Temp\v31h0hx6.tmp\recovery.tar.exe ()

==================== Restore Points  =========================

09-03-2015 11:30:08 Windows Update
09-03-2015 11:44:34 Windows Update
09-03-2015 15:28:56 Removed Samsung Kies
10-03-2015 10:04:06 Windows Update
10-03-2015 14:04:55 Windows Update
11-03-2015 13:33:30 Windows Update
13-03-2015 09:36:49 Windows Update
13-03-2015 10:08:54 Windows Update
27-04-2015 10:18:23 Windows Update
08-05-2015 12:43:10 Windows Update
08-05-2015 12:57:44 Windows Update
14-05-2015 11:04:49 Windows Update
14-05-2015 11:49:37 Windows Update
17-05-2015 12:18:15 Windows Update
17-05-2015 12:36:38 Windows Update
19-05-2015 10:17:15 Windows Update
21-05-2015 09:56:12 Windows Update
21-05-2015 10:04:32 Windows Update
21-05-2015 14:19:04 Windows Update
21-05-2015 14:24:17 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2013-08-30 11:53 - 00447144 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.10sek.com
127.0.0.1	10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	www.123fporn.info
127.0.0.1	123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03E441CC-DBE2-450F-BE59-1CBF34E87FD9} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {2CF0E0D1-10F7-4028-800F-F69484208299} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {2D733EA0-F444-4157-87F9-C464764A749A} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Yvonne => C:\Program Files\Windows Calendar\wincal.exe [2007-10-22] (Microsoft Corporation)
Task: {3817F515-3503-4F39-A633-AB5A04E8D17A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-05-08] (Google Inc.)
Task: {3FB860D5-1153-4FC4-BD1A-37F66ECD8832} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-05-08] (Google Inc.)
Task: {48E02734-E58E-4ADB-AE31-D07192FBCF64} - System32\Tasks\{5BF1DE7D-B96D-486E-9DFB-38C21B070915} => pcalua.exe -a "C:\vcl down\vlc-0.8.6f-win32.exe" -d "C:\vcl down"
Task: {4DE3127E-93A5-4FE2-BCAF-9A106660FC18} - System32\Tasks\{82435202-AAA8-4EAB-B902-60FFC2BB5852} => C:\Program Files\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {619FE428-732C-4F4F-A8A6-0D1B33A207D4} - System32\Tasks\Microsoft\Windows\RestartManager\{C226862D-28C5-448b-AD28-506C7ECF6178} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {6D110C12-D247-44DB-95B1-855A5FEC9A61} - System32\Tasks\Microsoft\Windows\RestartManager\{45D9FF56-2126-4e95-8315-3DBC89A365BB} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {6FC814B3-ED1E-4A63-AD7A-C373E2C24CC3} - System32\Tasks\AdobeAAMUpdater-1.0-Yvonne-PC-Yvonne => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
Task: {720FFD4A-BC2A-4A86-9746-FB15EC04302D} - System32\Tasks\{718F4862-9233-489F-9B87-AD4E7D01309B} => pcalua.exe -a "C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KH5T14WB\wmp11-windowsxp-x86-DE-DE[1].exe" -d C:\Users\Yvonne\Desktop
Task: {8300D28B-B29C-4C9A-BBB6-B0BE8C9FEE04} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2012-11-13] (Safer-Networking Ltd.)
Task: {93B5C587-5E67-418D-B6DE-B8F5D951D548} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-11-13] (Safer-Networking Ltd.)
Task: {AF14FAE1-27B3-4CD8-BA1A-DE01BDF7DBFE} - System32\Tasks\1-Klick-Wartung => C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
Task: {B0E8EFB3-99B1-4A57-BE65-871A71BF73A7} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2012-11-13] (Safer-Networking Ltd.)
Task: {D6AAFBA0-3641-4DB9-AA0D-66F6EF83F797} - System32\Tasks\{C0BB6F0B-7930-4A4A-A7BD-946AF33C0C3B} => pcalua.exe -a E:\AUTORUN.EXE -d E:\
Task: {D937B84D-BFF8-4F10-94B8-C0BEE5DC3217} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-08] (Adobe Systems Incorporated)
Task: {E0A92D6F-A2E7-4749-AC54-54C381BCA0C9} - System32\Tasks\{D0FBEDF5-4270-4B6C-A05D-B4EDD3A7D864} => pcalua.exe -a "C:\Program Files\IncrediMail\Bin\ImSetup.exe" -c /uninstallProduct /addon:incredimail
Task: {F3F68DB1-4BF8-44DF-8DD1-A89F34A0EE18} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FFE1CE8D-CFFD-4A13-AEB8-DCE79D7B929C} - System32\Tasks\{6DAB5AF4-31CF-4C9B-8358-37BED12BDCC1} => pcalua.exe -a "C:\Program Files\Safari\Safari.exe" -d "C:\Program Files\Safari\"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\1-Klick-Wartung.job => C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (Whitelisted) ==============

2015-03-11 15:55 - 2015-03-11 15:55 - 01644032 _____ () c:\Program Files\UpgradeLeader\UpgradeLeader.dll
2013-04-02 16:21 - 2012-11-13 14:06 - 00108960 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-04-02 16:21 - 2012-11-13 14:06 - 00416160 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2013-04-02 16:21 - 2012-11-13 14:06 - 00158624 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-04-02 16:21 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2013-04-02 16:21 - 2012-11-13 14:06 - 00528288 _____ () C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2013-04-02 16:21 - 2012-11-13 14:06 - 00554400 _____ () C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2012-11-25 17:32 - 2011-12-08 10:45 - 00364544 _____ () C:\Program Files\Microtek\ScanWizard EZ\ScannerFinder.exe
2012-11-25 17:32 - 2011-05-04 11:55 - 00262144 _____ () C:\Program Files\Microtek\ScanWizard EZ\SFRes.dll
2014-10-28 13:22 - 2014-10-28 13:22 - 40622592 ____R () C:\Program Files\Fitbit Connect\libcef.dll
2013-09-29 03:14 - 2013-09-29 03:14 - 03369922 _____ () C:\Program Files\NETGEAR Genie\bin\icuin51.dll
2013-09-29 03:13 - 2013-09-29 03:13 - 00544817 _____ () C:\Program Files\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-09-29 03:13 - 2013-09-29 03:13 - 00989805 _____ () C:\Program Files\NETGEAR Genie\bin\libstdc++-6.dll
2013-09-29 03:14 - 2013-09-29 03:14 - 01978690 _____ () C:\Program Files\NETGEAR Genie\bin\icuuc51.dll
2013-09-29 03:14 - 2013-09-29 03:14 - 22378434 _____ () C:\Program Files\NETGEAR Genie\bin\icudt51.dll
2013-09-29 03:14 - 2013-09-29 03:14 - 01233408 _____ () C:\Program Files\NETGEAR Genie\bin\platforms\qwindows.dll
2013-11-13 12:22 - 2013-11-13 12:22 - 00467456 _____ () C:\Program Files\NETGEAR Genie\bin\Genie.dll
2013-11-11 03:57 - 2013-11-11 03:57 - 01547776 _____ () C:\Program Files\NETGEAR Genie\bin\SvtNetworkTool.dll
2013-11-11 03:59 - 2013-11-11 03:59 - 00192512 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2013-11-11 04:01 - 2013-11-11 04:01 - 00632320 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2013-11-14 05:53 - 2013-11-14 05:53 - 04956160 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Map.dll
2013-11-13 11:05 - 2013-11-13 11:05 - 00427520 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2013-11-11 03:58 - 2013-11-11 03:58 - 00144896 _____ () C:\Program Files\NETGEAR Genie\bin\DragonNetTool.dll
2013-11-11 04:09 - 2013-11-11 04:09 - 01174528 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2013-11-11 04:13 - 2013-11-11 04:13 - 08557056 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2013-11-13 12:17 - 2013-11-13 12:17 - 01269248 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2013-11-11 03:59 - 2013-11-11 03:59 - 00068608 _____ () C:\Program Files\NETGEAR Genie\bin\QRCode.dll
2013-11-11 04:17 - 2013-11-11 04:17 - 00198656 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2013-11-12 10:07 - 2013-11-12 10:07 - 00884736 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2013-11-11 04:21 - 2013-11-11 04:21 - 00427520 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-09-29 03:13 - 2013-09-29 03:13 - 00051200 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qgif.dll
2013-09-29 03:13 - 2013-09-29 03:13 - 00052224 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qico.dll
2013-09-29 03:13 - 2013-09-29 03:13 - 00261120 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qjpeg.dll
2013-09-29 03:13 - 2013-09-29 03:13 - 00046080 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qsvg.dll
2013-11-11 03:58 - 2013-11-11 03:58 - 00078848 _____ () C:\Program Files\NETGEAR Genie\bin\DiagnosePlugin.dll
2013-11-11 03:56 - 2013-11-11 03:56 - 00140288 _____ () C:\Program Files\NETGEAR Genie\bin\DiagnoseDll.dll
2012-11-29 11:56 - 2012-11-29 11:56 - 03332720 _____ () C:\Program Files\NETGEAR Genie\bin\drivers\libntgr_api.dll
2013-11-11 03:56 - 2013-11-11 03:56 - 00072192 _____ () C:\Program Files\NETGEAR Genie\bin\SVTUtils.dll
2013-11-11 03:56 - 2013-11-11 03:56 - 00074752 _____ () C:\Program Files\NETGEAR Genie\bin\NetcardApi.dll
2013-11-11 03:56 - 2013-11-11 03:56 - 00136704 _____ () C:\Program Files\NETGEAR Genie\bin\airprintdll.dll
2013-11-11 04:18 - 2013-11-11 04:18 - 00641536 _____ () C:\Program Files\NETGEAR Genie\bin\InnerPlugin_Update.dll
2013-11-11 04:24 - 2013-11-11 04:24 - 00458752 _____ () C:\Program Files\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2013-11-11 04:23 - 2013-11-11 04:23 - 00046080 _____ () C:\Program Files\NETGEAR Genie\bin\WSetupApiPlugin.dll
2013-11-11 03:56 - 2013-11-11 03:56 - 00066560 _____ () C:\Program Files\NETGEAR Genie\bin\WSetupDll.dll
2013-09-29 03:13 - 2013-09-29 03:13 - 00040960 _____ () C:\Program Files\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
2014-06-22 12:23 - 2013-10-03 10:42 - 00069120 _____ () C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
2012-02-06 11:07 - 2013-10-03 10:42 - 00321024 _____ () C:\Program Files\Canon\ImageBrowser EX\ServerCommon.dll
2014-06-22 12:23 - 2013-10-03 10:42 - 00112128 _____ () C:\Program Files\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
2012-02-06 11:02 - 2013-10-03 10:42 - 01216512 _____ () C:\Program Files\Canon\ImageBrowser EX\ServerCommon.XmlSerializers.dll
2014-03-10 10:55 - 2014-03-10 10:55 - 01042944 _____ () C:\ProgramData\{b40bae65-56c6-1006-b40b-bae6556cb995}\recovery-clockwork-touch-6.0.2.8-golden.tar.md5.exe
2014-11-22 02:03 - 2014-11-22 02:03 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2013-11-14 15:12 - 2013-11-14 15:12 - 00105216 _____ () C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
2015-05-19 10:40 - 2015-05-05 06:06 - 14982472 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.152\PepperFlash\pepflashplayer.dll
2015-05-14 11:12 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-05-14 11:12 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2015-05-21 15:59 - 2015-05-21 15:59 - 00050477 _____ () C:\Users\Yvonne\Downloads\Defogger (1).exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7812 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1194378828-3497186720-2763471804-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{5D3D1CE8-96C5-4F49-8AC4-C50EA3235C3F}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{DC051D49-A884-4432-B492-C0ED902ABF2F}] => (Allow) svchost.exe
FirewallRules: [{D8888ACD-D275-45E5-B487-D757667ACABF}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [TCP Query User{C2E6C3C3-9AFC-49E0-83AB-5CB5921A3C32}C:\program files\icq6\icq.exe] => (Block) C:\program files\icq6\icq.exe
FirewallRules: [UDP Query User{9D6CF78B-DB09-410E-8D41-613318F1A044}C:\program files\icq6\icq.exe] => (Block) C:\program files\icq6\icq.exe
FirewallRules: [{D7FFC522-06D4-49A3-872B-2EE88643FB7C}] => (Allow) C:\Program Files\DNA\btdna.exe
FirewallRules: [{C470E268-097E-4ADA-B613-87C2B72588FA}] => (Allow) C:\Program Files\DNA\btdna.exe
FirewallRules: [TCP Query User{2467CCE0-1377-4103-9C7C-711C92F522E1}C:\program files\bittorrent\bittorrent.exe] => (Allow) C:\program files\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{595ED8BF-E2C3-491B-9B9E-40E5205D16A6}C:\program files\bittorrent\bittorrent.exe] => (Allow) C:\program files\bittorrent\bittorrent.exe
FirewallRules: [TCP Query User{C2092352-4B5D-44E1-A586-C0F2CDAEF01D}C:\users\yvonne\program files\dna\btdna.exe] => (Block) C:\users\yvonne\program files\dna\btdna.exe
FirewallRules: [UDP Query User{023F1979-ACAA-44D4-A075-610A124E7092}C:\users\yvonne\program files\dna\btdna.exe] => (Block) C:\users\yvonne\program files\dna\btdna.exe
FirewallRules: [TCP Query User{5AF22EA3-60B1-40CE-AE2D-D1F5460C401B}C:\program files\bittorrent\bittorrent.exe] => (Block) C:\program files\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{8173F7D0-E1DA-4812-91F9-6FF788E4A500}C:\program files\bittorrent\bittorrent.exe] => (Block) C:\program files\bittorrent\bittorrent.exe
FirewallRules: [TCP Query User{AF0E217F-3D2F-42D1-A20A-7A579FABAAA0}C:\users\yvonne\program files\dna\btdna.exe] => (Block) C:\users\yvonne\program files\dna\btdna.exe
FirewallRules: [UDP Query User{EC29A964-912E-4277-B821-F12340E0344C}C:\users\yvonne\program files\dna\btdna.exe] => (Block) C:\users\yvonne\program files\dna\btdna.exe
FirewallRules: [{84883CC2-4C86-41D2-889F-76D6C6810CF4}] => (Allow) C:\Program Files\Magentic\bin\MgImp.exe
FirewallRules: [{6C70C10B-3FDE-47D2-8492-E10B8F5D135D}] => (Allow) C:\Program Files\Magentic\bin\MgImp.exe
FirewallRules: [{78AC3A58-74AF-4FB3-8993-B439CC904D29}] => (Allow) C:\Program Files\Magentic\bin\MgApp.exe
FirewallRules: [{95CB6037-F1C6-47D6-A421-31F5102E9C99}] => (Allow) C:\Program Files\Magentic\bin\MgApp.exe
FirewallRules: [{2241450F-2879-4B62-BD82-2ADC255BC592}] => (Allow) C:\Program Files\Magentic\bin\Magentic.exe
FirewallRules: [{BC2EF359-4248-4092-AE08-16EAAF20C366}] => (Allow) C:\Program Files\Magentic\bin\Magentic.exe
FirewallRules: [TCP Query User{4ACAE94A-DCBE-4213-81B8-FB8087F95753}C:\program files\sony ericsson\update service\update service.exe] => (Allow) C:\program files\sony ericsson\update service\update service.exe
FirewallRules: [UDP Query User{20EC9F72-2C73-4E04-B34E-5FA9D082D6A7}C:\program files\sony ericsson\update service\update service.exe] => (Allow) C:\program files\sony ericsson\update service\update service.exe
FirewallRules: [TCP Query User{2F091356-643E-4DAC-B01E-C6A8D0DFA415}C:\program files\sony ericsson\update service\update service.exe] => (Allow) C:\program files\sony ericsson\update service\update service.exe
FirewallRules: [UDP Query User{3E5CD6DF-2454-4636-8AC2-D6B8CC60C076}C:\program files\sony ericsson\update service\update service.exe] => (Allow) C:\program files\sony ericsson\update service\update service.exe
FirewallRules: [TCP Query User{7519B2B9-5E8F-49C5-94BE-3A9851C99645}C:\program files\icq6.5\icq.exe] => (Allow) C:\program files\icq6.5\icq.exe
FirewallRules: [UDP Query User{8B7673AD-23DA-427C-AFD9-9631B8887A13}C:\program files\icq6.5\icq.exe] => (Allow) C:\program files\icq6.5\icq.exe
FirewallRules: [{4AE823E2-F226-4EA6-BF93-CA476FE863E0}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{36B38544-400F-4DE7-8086-5DC057E22744}C:\users\yvonne\appdata\local\temp\rar$ex27.493\scrabble.exe] => (Allow) C:\users\yvonne\appdata\local\temp\rar$ex27.493\scrabble.exe
FirewallRules: [UDP Query User{159702DB-B56E-4DB0-AC2D-61BBB2CFE16C}C:\users\yvonne\appdata\local\temp\rar$ex27.493\scrabble.exe] => (Allow) C:\users\yvonne\appdata\local\temp\rar$ex27.493\scrabble.exe
FirewallRules: [TCP Query User{4F1E1F6D-FD22-4D17-BD62-50D20D1E14E7}C:\users\yvonne\appdata\local\temp\rar$ex00.904\scrabble.exe] => (Block) C:\users\yvonne\appdata\local\temp\rar$ex00.904\scrabble.exe
FirewallRules: [UDP Query User{2906A294-7B35-4A44-B853-CCB5F479DD3B}C:\users\yvonne\appdata\local\temp\rar$ex00.904\scrabble.exe] => (Block) C:\users\yvonne\appdata\local\temp\rar$ex00.904\scrabble.exe
FirewallRules: [TCP Query User{A4B85060-C746-4598-8F03-B9FAD01BD63F}C:\program files\omg inside v4\omg.exe] => (Allow) C:\program files\omg inside v4\omg.exe
FirewallRules: [UDP Query User{4B5E5DC1-6662-4E6A-BCB9-8B4788F3F991}C:\program files\omg inside v4\omg.exe] => (Allow) C:\program files\omg inside v4\omg.exe
FirewallRules: [{2183F078-BC0E-400D-B0F2-B133477121A5}] => (Allow) C:\Program Files\Skype\Plugin Manager\skypePM.exe
FirewallRules: [{FE3F14F1-4F15-4E08-AD15-A6225334820F}] => (Allow) LPort=49376
FirewallRules: [{47BE6E89-C87A-4910-8424-61BBDC3B33CA}] => (Allow) LPort=5000
FirewallRules: [{BA31F029-9405-4135-BF7C-5659679B36EA}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{95874C53-2FC0-4A40-A65D-CAF44D84073B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B5DF322E-63C3-4729-A6B2-3E44B977D454}] => (Allow) C:\Users\Yvonne\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [{BD8D4B09-E0E5-4DAB-8A95-49AC2C0CF8AE}] => (Allow) C:\Users\Yvonne\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [{307B119A-A853-4256-AD30-CE23FF1ED1F2}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{E48AF06B-1754-40CD-95D6-6B70FF75BDA6}] => (Allow) C:\Windows\System32\taskeng.exe
FirewallRules: [{8335D4D4-AB62-49C1-BF77-57E61C2F133E}] => (Allow) C:\Windows\System32\taskeng.exe
FirewallRules: [{4699CFEF-5BCC-47D4-AD91-B06F0CFBC703}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{58A89459-ADDD-4849-A5BE-4F84A9B27CA8}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{2F5014D2-149C-4222-A730-F6025475184E}] => (Allow) C:\Program Files\IncrediMail\bin\IncMail.exe
FirewallRules: [{9E3515B6-B970-472B-B3EE-6EA96494D134}] => (Allow) C:\Program Files\IncrediMail\bin\IncMail.exe
FirewallRules: [TCP Query User{4C54490F-3094-417F-8838-FB0849EF89D3}C:\program files\libreoffice 4\program\soffice.bin] => (Allow) C:\program files\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{E909DBC9-74EA-4872-B494-C6EFE6882C35}C:\program files\libreoffice 4\program\soffice.bin] => (Allow) C:\program files\libreoffice 4\program\soffice.bin
FirewallRules: [{8542610A-06F9-43E1-AEBF-C2563D007EE4}] => (Allow) C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{491B23B7-CB3E-4A64-B2D1-621A23ED6DFC}] => (Allow) C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{112391BE-87D5-473C-B587-019BA90F284C}] => (Allow) LPort=1542
FirewallRules: [{A5D343EE-8B52-4258-A0E2-CE90D30E7FDC}] => (Allow) LPort=1542
FirewallRules: [{9D52D4C4-7E49-494B-92B3-813DD25D3177}] => (Allow) LPort=53
FirewallRules: [{73A4743A-C661-4CE2-97CD-B99DC2B685ED}] => (Allow) C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RTLDHCP.exe
FirewallRules: [{C1693381-DD23-471D-9E72-E97FA43798D5}] => (Allow) C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RTLDHCP.exe
FirewallRules: [TCP Query User{9BF1A05D-1A4E-4812-B2AC-30F72D5BF990}C:\program files\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{3EF09DEC-6A2C-426B-93EC-F718DB15B773}C:\program files\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files\netgear genie\bin\netgeargenie.exe
FirewallRules: [{5AF73249-B594-4293-AFFF-7F14CB62C368}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{B50F8635-DDC2-4804-A35C-23EB84DD19E6}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{0BDE615B-F6AC-42E3-B0C7-61DE415CB611}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\BitTorrent\bittorrent.exe] => Enabled:BitTorrent
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: 1200dpi Scanner
Description: 1200dpi Scanner
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microtek
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/21/2015 03:19:13 PM) (Source: System Restore) (EventID: 8199) (User: )
Description: Fehler beim Initiieren der Systemwiederherstellung (Windows Update).

Error: (05/21/2015 03:18:36 PM) (Source: System Restore) (EventID: 8199) (User: )
Description: Fehler beim Initiieren der Systemwiederherstellung (Windows Update).

Error: (05/21/2015 02:51:44 PM) (Source: WerSvc) (EventID: 5007) (User: )
Description: Die Zieldatei für die Windows-Feedbackplattform (eine DLL-Datei, die eine Liste der auf diesem Computer aufgetretenen Probleme enthält, für deren Diagnose das Sammeln zusätzlicher Daten erforderlich ist) konnte nicht analysiert werden. Fehlercode 8014FFF9.

Error: (05/21/2015 02:29:13 PM) (Source: MsiInstaller) (EventID: 11321) (User: NT-AUTORITÄT)
Description: Produkt: Skype™ 6.11 -- Fehler 1321. Sie besitzen keine ausreichenden Berechtigungen, um diese Datei zu ändern: C:\ProgramData\Skype\Apps\login\index.html.

Error: (05/21/2015 02:28:35 PM) (Source: MsiInstaller) (EventID: 11321) (User: NT-AUTORITÄT)
Description: Produkt: Skype™ 5.10 -- Fehler 1321. Sie besitzen keine ausreichenden Berechtigungen, um diese Datei zu ändern: C:\ProgramData\Skype\Apps\login\index.html.

Error: (05/21/2015 02:21:36 PM) (Source: MsiInstaller) (EventID: 11321) (User: NT-AUTORITÄT)
Description: Produkt: Skype™ 6.11 -- Fehler 1321. Sie besitzen keine ausreichenden Berechtigungen, um diese Datei zu ändern: C:\ProgramData\Skype\Apps\login\index.html.

Error: (05/21/2015 02:20:53 PM) (Source: MsiInstaller) (EventID: 11321) (User: NT-AUTORITÄT)
Description: Produkt: Skype™ 5.10 -- Fehler 1321. Sie besitzen keine ausreichenden Berechtigungen, um diese Datei zu ändern: C:\ProgramData\Skype\Apps\login\index.html.

Error: (05/21/2015 11:45:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung WebKit2WebProcess.exe, Version 7534.57.2.4, Zeitstempel 0x4f97642d, fehlerhaftes Modul JavaScriptCore.dll, Version 7534.57.3.3, Zeitstempel 0x4f973ed0, Ausnahmecode 0xc0000005, Fehleroffset 0x00089357,
Prozess-ID 0x1680, Anwendungsstartzeit WebKit2WebProcess.exe0.

Error: (05/21/2015 11:43:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung WebKit2WebProcess.exe, Version 7534.57.2.4, Zeitstempel 0x4f97642d, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode 0x80000003, Fehleroffset 0x00042ea8,
Prozess-ID 0xd48, Anwendungsstartzeit WebKit2WebProcess.exe0.

Error: (05/21/2015 11:42:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung WebKit2WebProcess.exe, Version 7534.57.2.4, Zeitstempel 0x4f97642d, fehlerhaftes Modul JavaScriptCore.dll, Version 7534.57.3.3, Zeitstempel 0x4f973ed0, Ausnahmecode 0xc0000005, Fehleroffset 0x00089357,
Prozess-ID 0xb0, Anwendungsstartzeit WebKit2WebProcess.exe0.


System errors:
=============
Error: (05/21/2015 03:20:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Windows-Defender%%2147942403

Error: (05/21/2015 03:20:47 PM) (Source: WinDefend) (EventID: 2004) (User: )
Description: Beim Laden der Signaturen wurde von %%%82627 ein Fehler festgestellt. Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.

	Versuchte Signaturen: %%%82625

	Fehlercode: 0x80070003

	Fehlerbeschreibung: Das System kann den angegebenen Pfad nicht finden. 

	Ladende Signaturen: %%826

	Ladene Signaturversion: 

	Ladende Modulversion: %%%826270

Error: (05/21/2015 03:20:47 PM) (Source: WinDefend) (EventID: 2004) (User: )
Description: Beim Laden der Signaturen wurde von %%%82527 ein Fehler festgestellt. Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.

	Versuchte Signaturen: %%%82524

	Fehlercode: 0x80092003

	Fehlerbeschreibung: Beim Lesen oder Schreiben einer Datei ist ein Fehler aufgetreten. 

	Ladende Signaturen: %%825

	Ladene Signaturversion: 

	Ladende Modulversion: %%%825270

Error: (05/21/2015 03:20:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Windows-Defender%%2147942403

Error: (05/21/2015 03:20:20 PM) (Source: WinDefend) (EventID: 2004) (User: )
Description: Beim Laden der Signaturen wurde von %%%82627 ein Fehler festgestellt. Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.

	Versuchte Signaturen: %%%82625

	Fehlercode: 0x80070003

	Fehlerbeschreibung: Das System kann den angegebenen Pfad nicht finden. 

	Ladende Signaturen: %%826

	Ladene Signaturversion: 

	Ladende Modulversion: %%%826270

Error: (05/21/2015 03:20:20 PM) (Source: WinDefend) (EventID: 2004) (User: )
Description: Beim Laden der Signaturen wurde von %%%82527 ein Fehler festgestellt. Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.

	Versuchte Signaturen: %%%82524

	Fehlercode: 0x80092003

	Fehlerbeschreibung: Beim Lesen oder Schreiben einer Datei ist ein Fehler aufgetreten. 

	Ladende Signaturen: %%825

	Ladene Signaturversion: 

	Ladende Modulversion: %%%825270

Error: (05/21/2015 02:50:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Windows-Defender%%2147942403

Error: (05/21/2015 02:50:27 PM) (Source: WinDefend) (EventID: 2004) (User: )
Description: Beim Laden der Signaturen wurde von %%%82627 ein Fehler festgestellt. Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.

	Versuchte Signaturen: %%%82625

	Fehlercode: 0x80070003

	Fehlerbeschreibung: Das System kann den angegebenen Pfad nicht finden. 

	Ladende Signaturen: %%826

	Ladene Signaturversion: 

	Ladende Modulversion: %%%826270

Error: (05/21/2015 02:50:27 PM) (Source: WinDefend) (EventID: 2004) (User: )
Description: Beim Laden der Signaturen wurde von %%%82527 ein Fehler festgestellt. Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.

	Versuchte Signaturen: %%%82524

	Fehlercode: 0x80092003

	Fehlerbeschreibung: Beim Lesen oder Schreiben einer Datei ist ein Fehler aufgetreten. 

	Ladende Signaturen: %%825

	Ladene Signaturversion: 

	Ladende Modulversion: %%%825270

Error: (05/21/2015 02:46:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Windows-Defender%%2147942403


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-03-30 14:39:12.125
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\BROWSE~1\261125~1.80\{C16C1~1\BROWSE~1.DLL" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-17 13:49:00.136
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-17 13:48:59.912
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-17 13:48:59.610
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-17 13:48:59.387
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-17 13:48:59.163
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-17 13:48:58.940
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-17 13:48:58.545
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-17 13:48:58.322
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-17 13:48:58.029
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz
Percentage of memory in use: 90%
Total physical RAM: 2037.81 MB
Available physical RAM: 198 MB
Total Pagefile: 4291.43 MB
Available Pagefile: 1730.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.8 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:92.21 GB) (Free:0.08 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:45.12 GB) (Free:44.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 7B663C66)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=27)
Partition 2: (Active) - (Size=92.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=45.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

--- --- ---

schrauber · 25.05.2015, 16:10

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

AlLSaveorr

BlockIt Ad remover

BrickFixer

Cool Clock

DigiCOOupon

DiscouNtExteNSi

ExstraSavinngS

FUen2Save

Haappy2oSaVVe

Popup Blocker Pro

RaanDomPriceo

sound on click

UniDeailasa

youtubeadblocker
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

y.p. · 25.05.2015, 19:52

Hallo nochmal,

finde bei Revo Uninstaller nur eines der aufgelisteten Programme...SoundonClick. Dieses habe ich versucht zu deinstallieren. Allerdings erhielt ich die Meldung, dass ich dazu die Rechte nicht hätte...weg ist es trotzdem aus dem Revo Verzeichnis.
Freundliche und dankbare Grüße
Y.

Code:

ATTFilter

ComboFix 15-05-25.01 - Yvonne 25.05.2015  19:59:02.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.49.1031.18.2038.1185 [GMT 2:00]
ausgeführt von:: c:\users\Yvonne\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Password .lnk
c:\users\Yvonne\AppData\Roaming\AcroIEHelpe.txt
c:\users\Yvonne\AppData\Roaming\Microsoft\Windows\Recent\Dr. Odenthal.docx
c:\users\Yvonne\AppData\Roaming\srvblck2.tmp
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-04-25 bis 2015-05-25  ))))))))))))))))))))))))))))))
.
.
2015-05-25 18:13 . 2015-05-25 18:19	--------	d-----w-	c:\users\Yvonne\AppData\Local\temp
2015-05-25 18:13 . 2015-05-25 18:13	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-05-23 19:59 . 2015-05-23 19:59	--------	d-----w-	c:\programdata\Emsisoft
2015-05-23 19:31 . 2015-03-23 22:17	111368	----a-w-	c:\windows\system32\drivers\epp32.sys
2015-05-23 19:30 . 2015-05-25 18:18	--------	d-----w-	c:\program files\Emsisoft Anti-Malware
2015-05-23 16:54 . 2015-05-23 17:13	--------	dc----w-	C:\AdwCleaner
2015-05-21 14:02 . 2015-05-24 20:24	--------	dc----w-	C:\FRST
2015-05-21 08:33 . 2015-05-25 17:26	24	----a-w-	c:\users\Yvonne\AppData\Roaming\appdataFr25.bin
2015-05-19 09:52 . 2015-05-19 09:52	--------	d-----w-	c:\programdata\Licenses
2015-05-19 09:50 . 2015-05-22 07:24	--------	d-----w-	c:\program files\Trojan Remover
2015-05-08 13:01 . 2015-05-23 20:00	--------	d-----w-	c:\program files\sound on click
2015-05-08 11:44 . 2015-05-23 20:00	--------	d-----w-	c:\program files\OGame Debris Fields Finder Extension
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-08 10:59 . 2012-04-22 15:39	778416	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-05-08 10:59 . 2011-07-31 09:25	142512	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2007-03-12 16:59 . 2007-03-12 16:59	299008	----a-w-	c:\program files\navigram_register.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2014-06-05 248176]
"Mondvd"="c:\users\Yvonne\AppData\Roaming\Crtreg\tordep.exe" [2011-05-06 0]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
"NETGEARGenie"="c:\program files\NETGEAR Genie\bin\NETGEARGenie.exe" [2013-11-14 602880]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-11-21 5282584]
"Fitbit Connect"="c:\program files\Fitbit Connect\Fitbit Connect.exe" [2014-11-07 4369952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-07-26 192512]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400]
"iRiver Updater"="c:\program files\iRiver\iRiver Manager\Updater\Updater.exe" [2004-03-10 204800]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-28 497648]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"EZScannerFinder"="c:\program files\Microtek\ScanWizard EZ\ScannerFinder.exe" [2011-12-08 364544]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
"Fitbit Connect"="c:\program files\Fitbit Connect\Fitbit Connect.exe" [2014-11-07 4369952]
"emsisoft anti-malware"="c:\program files\emsisoft anti-malware\a2guard.exe" [2015-05-10 4923832]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ImageBrowser EX Agent.lnk - c:\program files\Canon\ImageBrowser EX\MFManager.exe [2014-6-22 69120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk /p \??\f:\0autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 a2AntiMalware;Emsisoft Protection Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2015-05-10 5164328]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-21 18:12	986440	----a-w-	c:\program files\Google\Chrome\Application\43.0.2357.65\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 10:59]
.
2015-05-25 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-04-02 12:08]
.
2015-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-05-08 10:55]
.
2015-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-05-08 10:55]
.
2015-03-10 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-04-02 12:07]
.
2013-04-03 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-04-02 12:07]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: Free YouTube to MP3 Converter - c:\users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Akamai NetSession Interface - c:\users\Yvonne\AppData\Local\Akamai\netsession_win.exe
HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
HKLM-Run-LaunchAp - c:\program files\Launch Manager\LaunchAp.exe
HKLM-Run-Wbutton - c:\program files\Launch Manager\WButton.exe
HKLM-Run-IR_SERVER - c:\progra~1\Realtek\REALTE~1\IR_SERVER.exe
c:\users\Yvonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\recovery-clockwork-touch-6.0.2.8-golden.tar.md5.lnk - c:\programdata\{b40bae65-56c6-1006-b40b-bae6556cb995}\recovery-clockwork-touch-6.0.2.8-golden.tar.md5.exe --startup=1
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\SAMSUNG\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\SAMSUNG\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2015-05-25 20:18
Windows 6.0.6000  NTFS
.
detected NTDLL code modification:
ZwOpenFile
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?????H???????????X2????4w????????x???0???<???????|?????.w?p2w????3 4w!?4w??????????????????F?L???~z?v????????????????+?A?????????J?A?bS?g??????????F?$l@?`???????????? A????g????J?A?[?@??????v@?????JS?g??@???????? 
  LaunchAp = c:\program files\Launch Manager\LaunchAp.exe????H???????????X2????4w????????x???0???<???????|?????.w?p2w????3 4w!?4w??????????????????F?L???~z?v????????????????+?A?????????J?A?bS?g??????????F?$l@?`???????????? A????g????J?A?[?@??????v@?????JS?g??@???????? 
  Wbutton = c:\program files\Launch Manager\WButton.exe?????H???????????X2????4w????????x???0???<???????|?????.w?p2w????3 4w!?4w??????????????????F?L???~z?v????????????????+?A?????????J?A?bS?g??????????F?$l@?`???????????? A????g????J?A?[?@??????v@?????JS?g??@???????? 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Fitbit Connect\FitbitConnectService.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe
c:\program files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
c:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
c:\program files\TomTom HOME 2\TomTomHOMEService.exe
c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe
c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Launch Manager\WisLMSvc.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\NETGEAR Genie\bin\genie2_tray.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-05-25  20:29:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-05-25 18:28
.
Vor Suchlauf: 5.818.904.576 Bytes frei
Nach Suchlauf: 5.501.214.720 Bytes frei
.
- - End Of File - - 41D51ACC77A8B5CAB8B628373E82B028
5C616939100B85E558DA92B899A0FC36

schrauber · 26.05.2015, 17:36

Versuch den Rest normal über Windows zu deinstallieren.

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

y.p. · 27.05.2015, 11:34

Hallo,

leider finde ich die oben angegebenen Programme auch bei Windows nicht.
Malwarebytes kann ich weiterhin nicht downloaden...immer noch die Angabe Fehler 5: Zugriff verweigert! Obwoh
Soll ich mit dem Rest weitermachen?

Viele Grüße
y.

schrauber · 27.05.2015, 19:29

Ja

y.p. · 27.05.2015, 21:32

Code:

ATTFilter

# AdwCleaner v4.204 - Bericht erstellt 27/05/2015 um 22:03:09
# Aktualisiert 12/05/2015 von Xplode
# Datenbank : 2015-05-25.3 [Server]
# Betriebssystem : Windows Vista (TM) Home Premium  (x86)
# Benutzername : Yvonne - YVONNE-PC
# Gestarted von : C:\Users\Yvonne\Downloads\adwcleaner_4.205.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
Datei Gelöscht : C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v8.0.6001.18904


-\\ Google Chrome v43.0.2357.81


*************************

AdwCleaner[R0].txt - [20044 Bytes] - [23/05/2015 18:54:13]
AdwCleaner[R1].txt - [20126 Bytes] - [23/05/2015 19:06:43]
AdwCleaner[R2].txt - [1250 Bytes] - [27/05/2015 21:58:06]
AdwCleaner[S0].txt - [19215 Bytes] - [23/05/2015 19:13:32]
AdwCleaner[S1].txt - [1170 Bytes] - [27/05/2015 22:03:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1229  Bytes] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.1 (05.27.2015:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Yvonne on 27.05.2015 at 22:14:32,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CD10120B-C165-4f8d-8C74-639629E238FF}



~~~ Files

Successfully deleted: [File] C:\Windows\wininit.ini
Successfully deleted: [File] C:\Users\Yvonne\AppData\Roaming\appdataFr25.bin



~~~ Folders

Successfully deleted: [Folder] C:\Program Files\myfree codec



~~~ Chrome


[C:\Users\Yvonne\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Yvonne\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Yvonne\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Yvonne\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.05.2015 at 22:22:53,37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-05-2015 01
Ran by Yvonne (administrator) on YVONNE-PC on 27-05-2015 22:27:55
Running from c:\Users\Yvonne\Downloads
Loaded Profiles: Yvonne (Available Profiles: Yvonne & Gast)
Platform: Microsoft® Windows Vista™ Home Premium  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\FitbitConnectService.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4669440 2007-07-06] (Realtek Semiconductor)
HKLM-x32\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [192512 2007-07-26] (Wistron)
HKLM-x32\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-08-17] (Synaptics, Inc.)
HKLM-x32\...\Run: [iRiver Updater] => C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe [204800 2004-03-10] (Moodlogic)
HKLM-x32\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-03-21] (Intel Corporation)
HKLM-x32\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [141848 2008-02-11] (Intel Corporation)
HKLM-x32\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [166424 2008-02-11] (Intel Corporation)
HKLM-x32\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [133656 2008-02-11] (Intel Corporation)
HKLM-x32\...\Run: [EZScannerFinder] => C:\Program Files\Microtek\ScanWizard EZ\ScannerFinder.exe [364544 2011-12-08] ()
HKLM-x32\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4923832 2015-05-26] (Emsisoft Ltd)
HKU\S-1-5-21-1194378828-3497186720-2763471804-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125440 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-1194378828-3497186720-2763471804-1000\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
HKU\S-1-5-21-1194378828-3497186720-2763471804-1000\...\Run: [Mondvd] => C:\Users\Yvonne\AppData\Roaming\Crtreg\tordep.exe [0 2011-05-06] ()
HKU\S-1-5-21-1194378828-3497186720-2763471804-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-1194378828-3497186720-2763471804-1000\...\Run: [NETGEARGenie] => C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2013-11-14] (NETGEAR Inc.)
HKU\S-1-5-21-1194378828-3497186720-2763471804-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-1194378828-3497186720-2763471804-1000\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKU\S-1-5-21-1194378828-3497186720-2763471804-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [201728 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-1194378828-3497186720-2763471804-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\MAGENT~1.SCR
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2014-06-22]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files\Canon\ImageBrowser EX\MFManager.exe ()
BootExecute: autocheck autochk /p \??\F:autocheck autochk * sdnclean.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1194378828-3497186720-2763471804-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1194378828-3497186720-2763471804-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1194378828-3497186720-2763471804-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
Toolbar: HKU\S-1-5-21-1194378828-3497186720-2763471804-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-08] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2008-08-06] (Adobe Systems, Inc.)
FF Plugin: @bittorrent.com/BitTorrentDNA -> C:\Program Files\DNA\plugins\npbtdna.dll [2008-10-19] (BitTorrent, Inc.)
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-08] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> D:\VLC\npvlc.dll [2013-06-07] (VideoLAN)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-17]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager DEV) - C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-27]
CHR Extension: (Google Wallet) - C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-23]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [5155576 2015-05-26] (Emsisoft Ltd)
R2 AdobeActiveFileMonitor9.0; C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-30] (Adobe Systems Incorporated)
R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.)
S2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195840 2013-11-14] (NETGEAR)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S2 TestHandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [204800 2006-12-08] (Fujitsu Siemens Computers) []
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [355584 2008-07-16] (TuneUp Software GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [265912 2007-10-22] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118784 2006-11-17] (Wistron Corp.) []
S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation) []
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]
S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [385072 2008-03-18] (Symantec Corporation)
R1 epp32; C:\Windows\System32\DRIVERS\epp32.sys [111368 2015-03-24] (Emsisoft GmbH)
R1 Hotkey; C:\Windows\system32\Drivers\Hotkey.sys [9867 2003-04-28] () []
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51056 2003-05-14] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2003-05-14] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21488 2003-05-14] (HP)
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [48256 2007-06-13] (JMicron Technology Corp.)
S3 RTL2832UBDA; C:\Windows\System32\drivers\RTL2832UBDA.sys [188520 2011-05-17] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\System32\Drivers\RTL2832UUSB.sys [32872 2011-05-17] (REALTEK SEMICONDUCTOR Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
S4 viamraid; C:\Windows\system32\drivers\viamraid.sys [102912 2006-11-08] (VIA Technologies inc,.ltd)
U5 AppMgmt; C:\Windows\system32\svchost.exe [22016 2006-11-02] (Microsoft Corporation)
S2 ASPI32; No ImagePath
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
S0 IFP800; system32\drivers\ifp800.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-27 22:23 - 2015-05-27 22:24 - 00000024 _____ () C:\Users\Yvonne\AppData\Roaming\appdataFr25.bin
2015-05-27 22:22 - 2015-05-27 22:22 - 00001416 _____ () C:\Users\Yvonne\Desktop\JRT.txt
2015-05-27 22:14 - 2015-05-27 22:14 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-YVONNE-PC-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
2015-05-27 22:14 - 2015-05-27 22:14 - 00000000 ___DC () C:\RegBackup
2015-05-27 22:12 - 2015-05-27 22:12 - 02946603 _____ (Thisisu) C:\Users\Yvonne\Downloads\JRT.exe
2015-05-27 12:27 - 2015-05-27 12:28 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Yvonne\Downloads\mbam-setup-2.1.6.1022 (2).exe
2015-05-25 23:18 - 2015-05-25 23:18 - 00084088 _____ () C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-25 23:18 - 2015-05-25 23:18 - 00000915 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-25 23:18 - 2015-05-25 23:18 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Apple Computer
2015-05-25 23:18 - 2015-05-25 23:18 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2015-05-25 23:18 - 2015-05-25 23:18 - 00000000 ____D () C:\Users\Gast\AppData\Local\Adobe
2015-05-25 23:17 - 2015-05-25 23:17 - 00000910 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-05-25 23:17 - 2015-05-25 23:17 - 00000881 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2015-05-25 23:17 - 2015-05-25 23:17 - 00000020 ___SH () C:\Users\Gast\ntuser.ini
2015-05-25 23:17 - 2015-05-25 23:17 - 00000000 _SHDL () C:\Users\Gast\Startmenü
2015-05-25 23:17 - 2015-05-25 23:17 - 00000000 _SHDL () C:\Users\Gast\Netzwerkumgebung
2015-05-25 23:17 - 2015-05-25 23:17 - 00000000 _SHDL () C:\Users\Gast\Druckumgebung
2015-05-25 23:17 - 2015-05-25 23:17 - 00000000 _SHDL () C:\Users\Gast\Documents\Eigene Musik
2015-05-25 23:17 - 2015-05-25 23:17 - 00000000 _SHDL () C:\Users\Gast\Documents\Eigene Bilder
2015-05-25 23:17 - 2015-05-25 23:17 - 00000000 _SHDL () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-05-25 23:17 - 2015-05-25 23:17 - 00000000 _SHDL () C:\Users\Gast\AppData\Local\Verlauf
2015-05-25 23:17 - 2015-05-25 23:17 - 00000000 ____D () C:\Users\Gast\AppData\Local\VirtualStore
2015-05-25 23:17 - 2015-05-25 23:17 - 00000000 ____D () C:\Users\Gast
2015-05-25 23:17 - 2011-03-21 13:32 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Macromedia
2015-05-25 23:17 - 2008-06-11 14:18 - 00000000 ____D () C:\Users\Gast\AppData\Local\Microsoft Help
2015-05-25 23:17 - 2008-04-18 07:57 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-25 23:17 - 2008-04-18 07:57 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-25 20:41 - 2015-05-25 20:41 - 00012666 ____C () C:\combo.txt
2015-05-25 20:36 - 2015-05-25 20:36 - 00000000 __SDC () C:\ComboFix
2015-05-25 20:35 - 2015-05-25 20:36 - 00000000 __SDC () C:\32788R22FWJFW
2015-05-25 20:29 - 2015-05-25 20:29 - 00012666 ____C () C:\ComboFix.txt
2015-05-25 19:55 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-25 19:55 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-25 19:55 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-25 19:55 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-25 19:55 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-25 19:55 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2015-05-25 19:55 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-25 19:55 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-25 19:55 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-25 19:54 - 2015-05-25 20:36 - 00000000 ___DC () C:\Qoobox
2015-05-25 19:54 - 2015-05-25 20:24 - 00000000 ____D () C:\Windows\erdnt
2015-05-25 19:47 - 2015-05-25 19:48 - 05628291 ____R (Swearware) C:\Users\Yvonne\Downloads\ComboFix.exe
2015-05-25 19:24 - 2015-05-25 19:24 - 00001023 _____ () C:\Users\Yvonne\Desktop\Revo Uninstaller.lnk
2015-05-25 19:23 - 2015-05-25 19:23 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Yvonne\Downloads\revosetup95.exe
2015-05-24 17:55 - 2015-05-24 17:55 - 00143335 _____ () C:\Users\Yvonne\Downloads\GMER resultat.log
2015-05-24 12:14 - 2015-05-24 12:15 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Yvonne\Downloads\mbam-setup-majorgeeks-2.1.6.1022 (1).exe
2015-05-23 23:12 - 2015-05-23 23:12 - 00016896 _____ () C:\Users\Yvonne\Documents\trojaner.wps
2015-05-23 22:41 - 2015-05-23 22:42 - 00380416 _____ () C:\Users\Yvonne\Downloads\Gmer-19357-1.exe
2015-05-23 22:35 - 2015-05-23 22:35 - 00050477 _____ () C:\Users\Yvonne\Downloads\Defogger-1.exe
2015-05-23 21:59 - 2015-05-23 21:59 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-05-23 21:32 - 2015-05-23 21:32 - 00000854 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-05-23 21:32 - 2015-05-23 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-05-23 21:31 - 2015-03-24 00:17 - 00111368 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp32.sys
2015-05-23 21:30 - 2015-05-27 22:16 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2015-05-23 21:25 - 2015-05-23 21:29 - 163617512 _____ (Emsisoft Ltd. ) C:\Users\Yvonne\Downloads\EmsisoftAntiMalwareSetup_10.0.0.5366.exe
2015-05-23 21:16 - 2015-05-23 21:16 - 02720009 _____ (Thisisu) C:\Users\Yvonne\Downloads\JRT-6.7.6.exe
2015-05-23 20:50 - 2015-05-25 20:16 - 00001402 _____ () C:\Windows\PFRO.log
2015-05-23 19:25 - 2015-05-23 19:25 - 00000000 ____D () C:\Users\Yvonne\Downloads\FRST-OlderVersion
2015-05-23 18:54 - 2015-05-27 22:03 - 00000000 ___DC () C:\AdwCleaner
2015-05-23 18:51 - 2015-05-21 19:26 - 02209792 _____ () C:\Users\Yvonne\Downloads\adwcleaner_4.205.exe
2015-05-22 09:27 - 2015-05-22 09:27 - 00000000 ____D () C:\Users\Yvonne\Documents\Simply Super Software
2015-05-22 00:19 - 2015-05-22 00:19 - 00380416 _____ () C:\Users\Yvonne\Downloads\Gmer-19357 (2).exe
2015-05-22 00:19 - 2015-05-22 00:19 - 00380416 _____ () C:\Users\Yvonne\Downloads\Gmer-19357 (1).exe
2015-05-22 00:17 - 2015-05-22 00:17 - 00380416 _____ () C:\Users\Yvonne\Downloads\Gmer-19357.exe
2015-05-21 16:07 - 2015-05-21 16:20 - 00050467 _____ () C:\Users\Yvonne\Downloads\Addition.txt
2015-05-21 16:03 - 2015-05-27 22:27 - 00014408 _____ () C:\Users\Yvonne\Downloads\FRST.txt
2015-05-21 16:02 - 2015-05-27 22:27 - 00000000 ___DC () C:\FRST
2015-05-21 16:02 - 2015-05-23 19:25 - 01147392 ____C (Farbar) C:\Users\Yvonne\Downloads\FRST.exe
2015-05-21 15:59 - 2015-05-21 15:59 - 00050477 _____ () C:\Users\Yvonne\Downloads\Defogger (1).exe
2015-05-21 15:58 - 2015-05-24 15:55 - 00000246 _____ () C:\Users\Yvonne\Downloads\defogger_enable.log
2015-05-21 15:57 - 2015-05-24 15:55 - 00000474 _____ () C:\Users\Yvonne\Downloads\defogger_disable.log
2015-05-21 15:55 - 2015-05-21 15:55 - 00050477 _____ () C:\Users\Yvonne\Downloads\Defogger.exe
2015-05-21 15:04 - 2015-05-21 15:05 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Yvonne\Downloads\mbam-setup-2.1.6.1022 (1).exe
2015-05-21 14:17 - 2015-05-21 14:18 - 32535832 _____ (Microsoft Corporation) C:\Users\Yvonne\Downloads\mpas-fe (2).exe
2015-05-21 14:10 - 2015-05-21 14:10 - 32535832 _____ (Microsoft Corporation) C:\Users\Yvonne\Downloads\mpas-fe (1).exe
2015-05-21 14:05 - 2015-05-21 14:05 - 32535832 _____ (Microsoft Corporation) C:\Users\Yvonne\Downloads\mpas-fe.exe
2015-05-21 11:45 - 2015-05-21 11:46 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Yvonne\Downloads\spybot-2.4.exe
2015-05-19 11:52 - 2015-05-25 20:07 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-19 11:52 - 2015-05-19 11:52 - 00000000 ____D () C:\ProgramData\Licenses
2015-05-19 11:50 - 2015-05-22 09:24 - 00000000 ____D () C:\Program Files\Trojan Remover
2015-05-19 11:48 - 2015-05-19 11:49 - 35218576 _____ (Simply Super Software ) C:\Users\Yvonne\Downloads\trjsetup692.exe
2015-05-08 15:01 - 2015-05-23 22:00 - 00000000 ____D () C:\Program Files\sound on click
2015-05-08 13:44 - 2015-05-23 22:00 - 00000000 ____D () C:\Program Files\OGame Debris Fields Finder Extension
2015-05-08 12:59 - 2015-05-26 13:57 - 00001929 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-08 12:59 - 2015-05-08 12:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-08 12:55 - 2015-05-27 22:15 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-08 12:55 - 2015-05-27 22:11 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-27 22:17 - 2006-11-02 14:47 - 00003072 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-27 22:17 - 2006-11-02 14:47 - 00003072 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-27 22:16 - 2011-11-26 12:09 - 01650660 _____ () C:\Windows\WindowsUpdate.log
2015-05-27 22:15 - 2013-04-02 16:22 - 00000620 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-05-27 22:04 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-27 22:03 - 2006-11-02 15:01 - 00032638 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-27 21:57 - 2012-04-22 17:39 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-26 12:21 - 2012-03-09 14:57 - 01522352 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-25 20:29 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Default
2015-05-25 20:29 - 2006-11-02 13:18 - 00000000 ____D () C:\Users\Public
2015-05-25 20:18 - 2006-11-02 12:23 - 00000215 ____C () C:\Windows\system.ini
2015-05-25 20:15 - 2006-11-02 12:22 - 40894464 _____ () C:\Windows\system32\config\software.bak
2015-05-25 20:15 - 2006-11-02 12:22 - 24903680 _____ () C:\Windows\system32\config\COMPON~3.bak
2015-05-25 20:15 - 2006-11-02 12:22 - 18350080 _____ () C:\Windows\system32\config\system.bak
2015-05-25 20:15 - 2006-11-02 12:22 - 04980736 _____ () C:\Windows\system32\config\default.bak
2015-05-25 20:15 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-05-25 20:15 - 2006-11-02 12:22 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-05-25 19:24 - 2013-02-10 18:17 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-05-24 15:55 - 2008-04-16 17:53 - 00000000 ____D () C:\Users\Yvonne
2015-05-23 23:12 - 2008-08-14 13:14 - 00002650 _____ () C:\Users\Yvonne\AppData\Roaming\wklnhst.dat
2015-05-23 22:00 - 2015-03-10 11:04 - 00000000 ____D () C:\Program Files\Cool Clock
2015-05-23 20:56 - 2014-03-02 23:17 - 00000000 ____D () C:\Program Files\Wondershare
2015-05-23 19:52 - 2011-06-21 11:15 - 00000000 ____D () C:\Windows\Minidump
2015-05-23 19:39 - 2015-03-09 19:37 - 00000000 ____D () C:\Program Files\Kingo ROOT
2015-05-23 19:13 - 2009-12-06 14:04 - 00000000 ____D () C:\ProgramData\ICQ
2015-05-19 10:44 - 2013-08-14 09:06 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-19 10:20 - 2006-11-02 12:24 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-05-19 10:12 - 2012-06-19 09:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-17 12:33 - 2007-10-22 05:07 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-17 12:22 - 2012-06-19 09:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-14 11:08 - 2010-08-10 22:26 - 00000000 ____D () C:\ProgramData\Skype
2015-05-08 15:27 - 2014-07-24 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-05-08 15:27 - 2013-11-20 12:23 - 00000000 ____D () C:\ProgramData\Oracle
2015-05-08 15:27 - 2013-11-20 12:14 - 00000000 ____D () C:\Program Files\Java
2015-05-08 13:03 - 2010-08-05 13:32 - 00000000 ____D () C:\Users\Yvonne\AppData\Local\Google
2015-05-08 12:59 - 2012-04-22 17:39 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-08 12:59 - 2011-07-31 11:25 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-08 12:58 - 2010-08-05 13:32 - 00000000 ____D () C:\Program Files\Google
2015-05-08 12:52 - 2012-01-10 14:09 - 00000680 _____ () C:\Users\Yvonne\AppData\Local\d3d9caps.dat

==================== Files in the root of some directories =======

2007-03-12 18:59 - 2007-03-12 18:59 - 0299008 _____ () C:\Program Files\navigram_register.exe
2015-05-27 22:23 - 2015-05-27 22:24 - 0000024 _____ () C:\Users\Yvonne\AppData\Roaming\appdataFr25.bin
2015-03-04 22:35 - 2015-03-04 22:35 - 0000182 _____ () C:\Users\Yvonne\AppData\Roaming\Safer-Networking.log
2008-08-14 13:14 - 2015-05-23 23:12 - 0002650 _____ () C:\Users\Yvonne\AppData\Roaming\wklnhst.dat
2012-01-10 14:09 - 2015-05-08 12:52 - 0000680 _____ () C:\Users\Yvonne\AppData\Local\d3d9caps.dat
2008-04-23 14:47 - 2014-12-28 20:40 - 0011264 _____ () C:\Users\Yvonne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-14 21:40 - 2012-05-15 09:22 - 0000000 _____ () C:\ProgramData\-Z2raQ8AxBGUAWU
2012-05-14 21:40 - 2012-05-15 09:22 - 0000176 _____ () C:\ProgramData\-Z2raQ8AxBGUAWUr
2008-04-21 10:02 - 2008-04-21 10:09 - 0000254 _____ () C:\ProgramData\hpzinstall.log
2012-05-14 21:12 - 2012-05-15 09:22 - 0000256 _____ () C:\ProgramData\Z2raQ8AxBGUAWU

Some files in TEMP:
====================
C:\Users\Yvonne\AppData\Local\temp\Quarantine.exe
C:\Users\Yvonne\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-27 22:11

==================== End of log ============================

schrauber · 28.05.2015, 19:50

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

y.p. · 03.06.2015, 20:08

Hallo nochmal,

ich habe alles nach Anweisung durchgeführt...den Logordner für Eset habe ich nirgendwo mehr finden können.
Alles andere wie beschrieben, leider immer noch diverse Störungen. Alles wie gehabt
Das Laptop ist alt und wird rein privat benutzt. Ich werde Bilder, Dokumente und Musik kopieren und alles neu aufsetzen.

Ganz lieben Dank für Deine Hilfe!
Y.

schrauber · 04.06.2015, 11:12

ok

27.05.2015, 19:29	#8
schrauber /// the machine /// TB-Ausbilder	Defender neuerdings deaktiviert und trotz Admin teilweise kein Zugriff Ja __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

04.06.2015, 11:12	#12
schrauber /// the machine /// TB-Ausbilder	Defender neuerdings deaktiviert und trotz Admin teilweise kein Zugriff ok __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Defender neuerdings deaktiviert und trotz Admin teilweise kein Zugriff

Plagegeister aller Art und deren Bekämpfung: Defender neuerdings deaktiviert und trotz Admin teilweise kein Zugriff