Windows Vista, InstallCore.Gen7, LavasoftWeCompanion

Pablo82 · 05.07.2015, 21:20

Hallo
Ich habe eine Software (PDF-XChange Viewer) von Chip.de downloadet und installiert. Leider bei der Installation wurde auch bösartige Software mit installiert. Das war vor drei Wochen.
Nach der Infektion habe ich folgende Aktionen vorgenommen.
Full System- Scan mit Avira, Programmen aufgeräumt.
System wurde auf alten Wiederherstellung Punkt zurückgesetzt.
Installation mbam und Systemscan. AdwCleaner durchgeführt. ESET Scan online. Malvarebytes gescant.
Der Rechner wurde von meienem Arbeitsgeber für Restwert abgekauft, jetzt ist meine Eigentum. Ich bitte um hilfe. Hier die Logs.

1. Deffoger:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:46 on 05/07/2015 (CIBAPC45678523)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

2. FRST

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2015
Ran by CIBAPC45678523 (administrator) on CIBAPC456785-PC on 05-07-2015 21:45:04
Running from C:\Users\Home\Desktop\virus\pierwsze kroki
Loaded Profiles: CIBAPC45678523 & Home (Available Profiles: CIBAPC45678523 & Home)
Platform: Microsoft® Windows Vista™ Business  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(MSI Technology GmbH ) C:\Program Files\MSI\US54EX\Installer\Win2k\MSI US54EX Wireless Client Utility.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [picon] => C:\Program Files\Common Files\Intel\Privacy Icon\PIconStartup.exe [111640 2010-05-21] ()
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [730416 2015-05-27] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1310720 2009-03-05] (Analog Devices, Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\Launcher\Avira.Systray.exe [130864 2015-05-21] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [217088 2009-04-11] (Microsoft Corporation)
HKU\S-1-5-21-2772773862-112770573-1896515911-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2772773862-112770573-1896515911-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2772773862-112770573-1896515911-1002\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2772773862-112770573-1896515911-1002\...\MountPoints2: {5c198a9e-f1ac-11e4-bf7e-00219b24e865} - F:\Password.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MSI US54EX Wireless Client Utility.lnk [2014-07-30]
ShortcutTarget: MSI US54EX Wireless Client Utility.lnk -> C:\Program Files\MSI\US54EX\Installer\Win2k\MSI US54EX Wireless Client Utility.exe (MSI Technology GmbH )

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2772773862-112770573-1896515911-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8E2823B8-B72E-4E2E-82EC-D6DABB81E282}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{ECF39586-4AFC-48CA-825D-8C4A7A9CDC9C}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F97A5B23-8CFB-4A41-B7D2-886921D2545A}: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\CIBAPC45678523\AppData\Roaming\Mozilla\Firefox\Profiles\gqw00mbi.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll [2013-07-07] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2571 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2006-10-07] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2006-10-07] (RealNetworks, Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-06-04]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [825136 2015-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [450808 2015-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [450808 2015-05-27] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1187336 2015-05-27] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [208632 2015-05-21] (Avira Operations GmbH & Co. KG)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2071064 2010-05-21] (Intel Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [20747 2014-07-30] (Meetinghouse Data Communications) [File not signed]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108448 2015-05-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136728 2015-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-06-01] (Avira Operations GmbH & Co. KG)
R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k6032.sys [202408 2010-04-06] (Intel Corporation)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-16] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-05-27] (Avira Operations GmbH & Co. KG)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-05 21:29 - 2015-07-05 21:29 - 00004672 _____ C:\Users\CIBAPC45678523\Documents\Gmer.txt
2015-07-05 21:15 - 2015-07-05 21:15 - 208344037 _____ C:\Windows\MEMORY.DMP
2015-07-05 21:15 - 2015-07-05 21:15 - 00147528 _____ C:\Windows\Minidump\Mini070515-01.dmp
2015-07-05 21:15 - 2015-07-05 21:15 - 00000000 ____D C:\Windows\Minidump
2015-07-05 20:48 - 2015-07-05 21:45 - 00000000 ____D C:\FRST
2015-07-05 20:44 - 2015-07-05 20:44 - 00000000 _____ C:\Users\CIBAPC45678523\defogger_reenable
2015-07-05 08:37 - 2015-07-05 21:30 - 00000000 ____D C:\Users\Home\Desktop\virus
2015-06-16 23:56 - 2015-06-16 23:56 - 00000726 _____ C:\Users\CIBAPC45678523\Documents\eset.txt
2015-06-16 22:26 - 2015-06-16 22:27 - 02870984 _____ (ESET) C:\Users\Home\Downloads\esetsmartinstaller_deu.exe
2015-06-16 22:11 - 2015-06-16 22:16 - 00000000 ____D C:\AdwCleaner
2015-06-16 21:36 - 2015-06-16 22:20 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-16 21:35 - 2015-06-16 21:35 - 00000899 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-16 21:35 - 2015-06-16 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-16 21:35 - 2015-06-16 21:35 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 
2015-06-16 21:35 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-16 21:35 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-16 21:30 - 2015-06-16 21:35 - 00000000 ____D C:\Users\CIBAPC45678523\AppData\Roaming\Malwarebytes
2015-06-16 21:30 - 2015-06-16 21:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-16 21:30 - 2015-06-16 21:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2015-06-16 21:30 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-13 10:18 - 2015-06-13 10:18 - 04683232 _____ (Avira Operations GmbH & Co. KG) C:\Users\Home\Downloads\avira_en_av_557be6d0a90d5__ws.exe
2015-06-07 11:25 - 2015-06-07 11:25 - 00001243 _____ C:\Users\Home\Desktop\Disc D - Verknüpfung.lnk
2015-06-07 11:24 - 2015-06-16 21:29 - 00000000 ____D C:\Disc D
2015-06-07 06:23 - 2015-06-07 06:24 - 00000000 ____D C:\Users\Home\AppData\Roaming\elsterformular
2015-06-07 06:15 - 2015-06-07 06:15 - 00000949 _____ C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-05 21:43 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-05 21:43 - 2006-11-02 15:00 - 00474456 _____ C:\Windows\PFRO.log
2015-07-05 21:43 - 2006-11-02 14:47 - 00004880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-05 21:43 - 2006-11-02 14:47 - 00004880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-05 21:42 - 2013-03-26 11:36 - 01770803 _____ C:\Windows\WindowsUpdate.log
2015-07-05 21:42 - 2006-11-02 15:01 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-05 20:44 - 2013-03-26 11:43 - 00000000 ____D C:\Users\CIBAPC45678523
2015-07-05 20:44 - 2006-11-02 12:33 - 01472522 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-05 08:39 - 2015-02-08 17:10 - 00015872 _____ C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-05 08:38 - 2015-02-02 23:33 - 00000000 ____D C:\Users\Home
2015-06-16 22:21 - 2013-03-26 11:44 - 00053144 _____ C:\Users\CIBAPC45678523\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-16 21:57 - 2015-02-02 23:33 - 00053144 _____ C:\Users\Home\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-16 21:55 - 2006-11-02 14:47 - 00245400 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-16 21:28 - 2006-11-02 14:52 - 00032522 _____ C:\Windows\setupact.log
2015-06-16 21:23 - 2015-01-30 21:43 - 00000000 ____D C:\Program Files\Microsoft.NET
2015-06-16 21:23 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\ShellNew
2015-06-16 21:23 - 2006-11-02 13:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-06-13 10:25 - 2013-04-26 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-13 10:25 - 2013-04-26 21:16 - 00000000 ____D C:\ProgramData\Avira
2015-06-13 10:19 - 2015-02-02 23:33 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-13 10:19 - 2013-04-26 21:16 - 00000000 ____D C:\Program Files\Avira
2015-06-13 10:06 - 2013-01-09 13:23 - 00000000 ____D C:\Users\CIBA PC8
2015-06-13 10:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\Msdtc
2015-06-13 10:06 - 2006-11-02 12:22 - 36175872 _____ C:\Windows\system32\config\components_previous
2015-06-13 10:06 - 2006-11-02 12:22 - 29884416 _____ C:\Windows\system32\config\software_previous
2015-06-13 10:06 - 2006-11-02 12:22 - 15466496 _____ C:\Windows\system32\config\system_previous
2015-06-13 10:06 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2015-06-13 10:06 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2015-06-13 10:06 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\default_previous
2015-06-13 10:05 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\spool
2015-06-13 10:05 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\registration
2015-06-10 21:26 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2013-04-22 20:42 - 2013-04-22 20:42 - 0000552 _____ () C:\Users\CIBAPC45678523\AppData\Local\d3d8caps.dat
2013-03-26 11:44 - 2015-06-04 12:54 - 0000680 _____ () C:\Users\CIBAPC45678523\AppData\Local\d3d9caps.dat
2013-04-26 21:20 - 2014-03-15 23:23 - 0016384 _____ () C:\Users\CIBAPC45678523\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Users\CIBAPC45678523\AppData\Local\Temp\AskSLib.dll
C:\Users\CIBAPC45678523\AppData\Local\Temp\avgnt.exe
C:\Users\CIBAPC45678523\AppData\Local\Temp\Quarantine.exe
C:\Users\CIBAPC45678523\AppData\Local\Temp\sqlite3.dll
C:\Users\Home\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-05 21:21

==================== End of log ============================

3. Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-07-2015
Ran by CIBAPC45678523 at 2015-07-05 21:45:45
Running from C:\Users\Home\Desktop\virus\pierwsze kroki
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2772773862-112770573-1896515911-500 - Administrator - Disabled)
CIBAPC45678523 (S-1-5-21-2772773862-112770573-1896515911-1001 - Administrator - Enabled) => C:\Users\CIBAPC45678523
Gast (S-1-5-21-2772773862-112770573-1896515911-501 - Limited - Disabled)
Home (S-1-5-21-2772773862-112770573-1896515911-1002 - Limited - Enabled) => C:\Users\Home

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Avira (HKLM\...\{0696cc37-db90-4000-be99-4a173ca7c8af}) (Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.11.574 - Avira Operations GmbH & Co. KG)
BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden
Dell Security Device Driver Pack (HKLM\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.02.35 - Dell Inc.)
Dell System Detect (HKU\S-1-5-21-2772773862-112770573-1896515911-1001\...\73f463568823ebbe) (Version: 5.13.0.1 - Dell)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 16.1.20150424 - Landesfinanzdirektion Thüringen)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 15.2 - Intel)
Intel® Active-Management-Technologie (HKLM\...\MESOL) (Version:  - Intel Corporation)
K-Lite Mega Codec Pack 2.2.5 (HKLM\...\KLiteCodecPack_is1) (Version: 2.25 - )
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software-Treiberpaket (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSI US54EX Wireless Client Utility (HKLM\...\{FFAA01ED-BEEC-4578-87D5-90E1C7A6D230}) (Version: 1.00.00 - Pacific)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.311.0 - Tracker Software Products Ltd)
Skype™ 7.4 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.5853 - Analog Devices)
SubEdit - Vista WMP Patch (HKLM\...\SubEdit - Vista WMP Patch_is1) (Version: 1 - Artur Sikora)
SubEdit-Player (HKLM\...\SubEdit-Player_is1) (Version: 4072 - Artur Sikora)
UPEK TouchChip Fingerprint Reader (Version: 1.0.0 - Dell Inc.) Hidden
Windows-Treiberpaket - Dell Inc. PBADRV System  (01/07/2008 1.0.1.5) (HKLM\...\9D57DE505B6D8C710EF3B74BE638DBB936EED8A3) (Version: 01/07/2008 1.0.1.5 - Dell Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

04-06-2015 11:50:16 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
04-06-2015 12:32:39 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
04-06-2015 13:06:02 Windows Update
04-06-2015 17:07:32 Windows Update
07-06-2015 13:12:59 Geplanter Prüfpunkt
10-06-2015 21:09:03 Geplanter Prüfpunkt
13-06-2015 00:02:13 LavasoftWeCompanion
13-06-2015 01:08:38 LavasoftWeCompanion
13-06-2015 10:02:43 Wiederherstellungsvorgang
16-06-2015 21:20:18 Removed Microsoft Office Professional Edition 2003

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {DEE198FD-2862-49A5-ABEB-434C9AA41060} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (Whitelisted) ==============

2009-10-14 13:36 - 2009-10-14 13:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-10-14 13:34 - 2009-10-14 13:34 - 00560472 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2772773862-112770573-1896515911-1001\...\dell.com -> dell.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2772773862-112770573-1896515911-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\Wallpaper\img24.jpg
HKU\S-1-5-21-2772773862-112770573-1896515911-1002\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SLSVC-In-TCP] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [SLSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{82639F05-199A-464D-A445-2DB78999E0C2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AB9D98F0-05CA-42E6-A6E5-0E71AB29B3F8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C4458AD6-35A2-4EE0-A030-F2702D70CAD7}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{45A02A4E-F567-4ED5-AE11-4D1DC5345568}] => (Allow) LPort=80
FirewallRules: [{B4FD2363-4DFA-475C-92C5-08B90DEB73D0}] => (Allow) LPort=80
FirewallRules: [{CC60B561-7227-4C51-B619-D20AA1555B30}] => (Allow) LPort=80

==================== Faulty Device Manager Devices =============

Name: Videocontroller
Description: Videocontroller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/05/2015 09:26:18 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (07/05/2015 09:17:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\HOME\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\0724UIH8.DEFAULT\SAFEBROWSING-TO_DELETE> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (1928) GaviDB_0: Versuch, Datei "C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db" für den Lesezugriff zu öffnen, ist mit Systemfehler 3 (0x00000003): "Das System kann den angegebenen Pfad nicht finden. " fehlgeschlagen. Fehler -1023 (0xfffffc01) beim Öffnen von Dateien.

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (1928) GaviDB_0: Versuch, Datei "C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db" für den Lesezugriff zu öffnen, ist mit Systemfehler 3 (0x00000003): "Das System kann den angegebenen Pfad nicht finden. " fehlgeschlagen. Fehler -1023 (0xfffffc01) beim Öffnen von Dateien.

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (1928) GaviDB_0: Versuch, Datei "C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db" für den Lesezugriff zu öffnen, ist mit Systemfehler 3 (0x00000003): "Das System kann den angegebenen Pfad nicht finden. " fehlgeschlagen. Fehler -1023 (0xfffffc01) beim Öffnen von Dateien.

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (1928) GaviDB_0: Versuch, Datei "C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db" für den Lesezugriff zu öffnen, ist mit Systemfehler 3 (0x00000003): "Das System kann den angegebenen Pfad nicht finden. " fehlgeschlagen. Fehler -1023 (0xfffffc01) beim Öffnen von Dateien.

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (1928) GaviDB_0: Versuch, Datei "C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db" für den Lesezugriff zu öffnen, ist mit Systemfehler 3 (0x00000003): "Das System kann den angegebenen Pfad nicht finden. " fehlgeschlagen. Fehler -1023 (0xfffffc01) beim Öffnen von Dateien.

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (1928) GaviDB_0: Versuch, Datei "C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db" für den Lesezugriff zu öffnen, ist mit Systemfehler 3 (0x00000003): "Das System kann den angegebenen Pfad nicht finden. " fehlgeschlagen. Fehler -1023 (0xfffffc01) beim Öffnen von Dateien.

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (1928) GaviDB_0: Versuch, Datei "C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db" für den Lesezugriff zu öffnen, ist mit Systemfehler 3 (0x00000003): "Das System kann den angegebenen Pfad nicht finden. " fehlgeschlagen. Fehler -1023 (0xfffffc01) beim Öffnen von Dateien.

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (1928) GaviDB_0: Versuch, Datei "C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db" für den Lesezugriff zu öffnen, ist mit Systemfehler 3 (0x00000003): "Das System kann den angegebenen Pfad nicht finden. " fehlgeschlagen. Fehler -1023 (0xfffffc01) beim Öffnen von Dateien.


System errors:
=============
Error: (07/05/2015 09:16:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Avira Service Host

Error: (07/05/2015 09:15:08 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 05.07.2015 um 21:14:03 unerwartet heruntergefahren.

Error: (07/05/2015 08:38:47 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}

Error: (06/16/2015 10:16:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Presentation Foundation Font Cache 4.0.0.0201Neustart des Diensts

Error: (06/16/2015 10:16:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Intel(R) Management and Security Application User Notification Service1

Error: (06/16/2015 10:16:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Presentation Foundation Font Cache 4.0.0.0101Neustart des Diensts

Error: (06/16/2015 10:16:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Media Player-Netzwerkfreigabedienst1300001Neustart des Diensts

Error: (06/16/2015 10:16:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Avira Service Host1100001Neustart des Diensts

Error: (06/16/2015 10:16:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search1300001Neustart des Diensts

Error: (06/16/2015 10:16:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: MBAMService1


Microsoft Office:
=========================
Error: (07/05/2015 09:26:18 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (07/05/2015 09:17:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\HOME\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\0724UIH8.DEFAULT\SAFEBROWSING-TO_DELETE

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard1928GaviDB_0: C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)Das System kann den angegebenen Pfad nicht finden.

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard1928GaviDB_0: C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)Das System kann den angegebenen Pfad nicht finden.

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard1928GaviDB_0: C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)Das System kann den angegebenen Pfad nicht finden.

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard1928GaviDB_0: C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)Das System kann den angegebenen Pfad nicht finden.

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard1928GaviDB_0: C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)Das System kann den angegebenen Pfad nicht finden.

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard1928GaviDB_0: C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)Das System kann den angegebenen Pfad nicht finden.

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard1928GaviDB_0: C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)Das System kann den angegebenen Pfad nicht finden.

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard1928GaviDB_0: C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)Das System kann den angegebenen Pfad nicht finden.


CodeIntegrity Errors:
===================================
  Date: 2015-07-05 21:45:41.449
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-05 21:45:41.387
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-05 21:45:41.293
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-05 21:45:41.231
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-05 21:45:41.028
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-05 21:45:40.934
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-05 21:45:40.841
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-05 21:45:40.747
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-05 21:45:14.711
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-05 21:45:14.633
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 46%
Total physical RAM: 1978.88 MB
Available physical RAM: 1055.73 MB
Total Virtual: 4210.8 MB
Available Virtual: 3100.03 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.01 GB) (Free:106.49 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: AC8AE961)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of log ============================

4. Gmer

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-07-05 21:29:16
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST3160815AS rev.4.ADA 149,01GB
Running: Gmer-19357.exe; Driver: C:\Users\CIBAPC~2\AppData\Local\Temp\fwtyyaow.sys


---- System - GMER 2.1 ----

SSDT   883B032E                                                                                 ZwCreateSection
SSDT   883B0306                                                                                 ZwCreateSymbolicLinkObject
SSDT   883B030B                                                                                 ZwLoadDriver
SSDT   883B0301                                                                                 ZwOpenSection
SSDT   883B0338                                                                                 ZwRequestWaitReplyPort
SSDT   883B0333                                                                                 ZwSetContextThread
SSDT   883B033D                                                                                 ZwSetSecurityObject
SSDT   883B0310                                                                                 ZwSetSystemInformation
SSDT   883B0342                                                                                 ZwSystemDebugControl
SSDT   883B02CF                                                                                 ZwTerminateProcess
SSDT   883B02CA                                                                                 ZwWriteVirtualMemory

---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!KeSetEvent + 215                                                            81CFD7D8 4 Bytes  [2E, 03, 3B, 88]
.text  ntkrnlpa.exe!KeSetEvent + 21D                                                            81CFD7E0 4 Bytes  [06, 03, 3B, 88]
.text  ntkrnlpa.exe!KeSetEvent + 37D                                                            81CFD940 4 Bytes  [0B, 03, 3B, 88]
.text  ntkrnlpa.exe!KeSetEvent + 3FD                                                            81CFD9C0 4 Bytes  [01, 03, 3B, 88]
.text  ntkrnlpa.exe!KeSetEvent + 539                                                            81CFDAFC 4 Bytes  [38, 03, 3B, 88]
.text  ...                                                                                      

---- User code sections - GMER 2.1 ----

.text  C:\Program Files\Mozilla Firefox\firefox.exe[1184] ntdll.dll!LdrLoadDll                  777C9318 5 Bytes  JMP 62621F42 C:\Program Files\Mozilla Firefox\mozglue.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[1184] ntdll.dll!NtCreateFile                778040D0 5 Bytes  JMP 57959AE0 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[1184] ntdll.dll!NtFlushBuffersFile          778045D0 5 Bytes  JMP 5793C434 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[1184] ntdll.dll!NtQueryFullAttributesFile   77804B00 5 Bytes  JMP 5793C150 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[1184] ntdll.dll!NtReadFile                  77804D30 5 Bytes  JMP 5793C330 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[1184] ntdll.dll!NtReadFileScatter           77804D40 5 Bytes  JMP 5835F60F C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[1184] ntdll.dll!NtWriteFile                 77805340 5 Bytes  JMP 5795A9F0 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[1184] ntdll.dll!NtWriteFileGather           77805350 5 Bytes  JMP 5835F5BE C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[1184] kernel32.dll!HeapSetInformation + 26  7631A9B8 7 Bytes  JMP 579563D0 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[1184] kernel32.dll!LockResource + C         76336BD3 7 Bytes  JMP 58284AA0 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[1184] kernel32.dll!VirtualAllocEx + 54      7633B030 7 Bytes  JMP 58284AC3 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[1184] USER32.dll!GetWindowInfo              778F428E 5 Bytes  JMP 5817B991 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[1184] GDI32.dll!SetStretchBltMode + 256     779A745C 7 Bytes  JMP 58284A21 C:\Program Files\Mozilla Firefox\xul.dll

---- EOF - GMER 2.1 ----

5. Logs VIrusenscan/ MBAM

5.1 Avira

Code:

ATTFilter

Exported events:

13.06.2015 07:11 [System Scanner] Malware found
      The file 'C:\Users\Home\AppData\Local\Temp\UJT81Xy2.exe.part'
      contained a virus or unwanted program 'PUA/InstallCore.U.1' [riskware]
      Action(s) taken:
      An error has occurred and the file was not deleted. ErrorID: 26004.
      The source file could not be found.
      The file is scheduled for deleting after reboot.
      It is recommended to restart your computer in order to finish the repair.

13.06.2015 07:10 [System Scanner] Malware found
      The file 'C:\Users\Home\AppData\Local\Temp\UJT81Xy2.exe.part'
      contained a virus or unwanted program 'PUA/InstallCore.U.1' [riskware]
      Action(s) taken:
      The file was moved to the quarantine directory under the name '51241a6c.qua'!

13.06.2015 00:02 [Real-Time Protection] Malware found
      Virus or unwanted program 'PUA/InstallMonetizer.Gen [riskware]'
      detected in file 
      'C:\Users\CIBAPC45678523\AppData\Local\Temp\nsiF69F.tmp\nsCBHTML5.dll.
      Action performed: Deny access

13.06.2015 00:02 [Real-Time Protection] Malware found
      Virus or unwanted program 'PUA/InstallMonetizer.Gen [riskware]'
      detected in file 
      'C:\Users\CIBAPC45678523\AppData\Local\Temp\nsiF69F.tmp\nsCBHTML5.dll.
      Action performed: Deny access

13.06.2015 00:01 [Real-Time Protection] Malware found
      Virus or unwanted program 'PUA/InstallMonetizer.Gen [riskware]'
      detected in file 
      'C:\Users\CIBAPC45678523\AppData\Local\Temp\nsiF69F.tmp\nsCBHTML5.dll.
      Action performed: Transfer to Scanner

13.06.2015 00:01 [Real-Time Protection] Malware found
      Virus or unwanted program 'PUA/InstallMonetizer.Gen [riskware]'
      detected in file 
      'C:\Users\CIBAPC45678523\AppData\Local\Temp\nsiF69F.tmp\nsCBHTML5.dll.
      Action performed: Deny access

5.2 MBAM

Code:

ATTFilter

<mbam-log><header><date>2015/06/16 21:38:52 +0200</date><logfile>mbam-log-2015-06-16 (21-38-48).xml</logfile><isadmin>yes</isadmin></header><engine><version>2.01.6.1022</version><malware-database>v2015.06.16.05</malware-database><rootkit-database>v2015.06.15.01</rootkit-database><license>trial</license><file-protection>enabled</file-protection><web-protection>enabled</web-protection><self-protection>disabled</self-protection></engine><system><osversion>Windows Vista Service Pack 2</osversion><arch>x86</arch><username>CIBAPC45678523</username><filesys>NTFS</filesys></system><summary><type>threat</type><result>completed</result><objects>391026</objects><time>860</time><processes>0</processes><modules>0</modules><keys>0</keys><values>1</values><datas>0</datas><folders>0</folders><files>0</files><sectors>0</sectors></summary><options><memory>enabled</memory><startup>enabled</startup><filesystem>enabled</filesystem><archives>enabled</archives><rootkits>disabled</rootkits><deeprootkit>disabled</deeprootkit><heuristics>enabled</heuristics><pup>warn</pup><pum>enabled</pum></options><items><value><path>HKU\S-1-5-21-2772773862-112770573-1896515911-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>DellSystemDetect</valuename><vendor>PUP.Vulnerable.DellSystemDetect</vendor><action>success</action><valuedata>C:\Users\CIBAPC45678523\AppData\Local\Apps\2.0\AC039J3Z.W8Y\MT2B0REH.WX1\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe</valuedata><hash>95d02c8f4f3b5cdaabf763915ca7a65a</hash></value></items></mbam-log>

5.3 ESET

Code:

ATTFilter

C:\Users\CIBAPC45678523\AppData\Local\Temp\DMR\dmr_72.exe	Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung	Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\CIBAPC45678523\Downloads\PDF XChange Viewer - CHIP-Installer.exe	Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung	Gesäubert durch Löschen - in Quarantäne kopiert

5.4 ADWcleanerR0

Code:

ATTFilter

# AdwCleaner v4.206 - Bericht erstellt 16/06/2015 um 22:14:37
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-06-16.1 [Server]
# Betriebssystem : Windows Vista (TM) Business Service Pack 2 (x86)
# Benutzername : CIBAPC45678523 - CIBAPC456785-PC
# Gestarted von : C:\Disc D\instalki\AdwCleaner_4.206.exe
# Option : Suchlauf

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\OCS

***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16633


-\\ Mozilla Firefox v35.0.1 (x86 de)


*************************

AdwCleaner[R0].txt - [712 Bytes] - [16/06/2015 22:14:37]

########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [770 Bytes] ##########

5.4 ADWcleanerS0

Code:

ATTFilter

# AdwCleaner v4.206 - Bericht erstellt 16/06/2015 um 22:16:14
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-06-16.1 [Server]
# Betriebssystem : Windows Vista (TM) Business Service Pack 2 (x86)
# Benutzername : CIBAPC45678523 - CIBAPC456785-PC
# Gestarted von : C:\Disc D\instalki\AdwCleaner_4.206.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16633


-\\ Mozilla Firefox v35.0.1 (x86 de)


*************************

AdwCleaner[R0].txt - [846 Bytes] - [16/06/2015 22:14:37]
AdwCleaner[S0].txt - [769 Bytes] - [16/06/2015 22:16:14]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [827  Bytes] ##########

schrauber · 06.07.2015, 05:14

Hi,

sind die FRST logs frisch, also nach all den Tools? Was besteht aktuell noch an Problemen?

Pablo82 · 06.07.2015, 11:12

Hallo,

Nein, gestern wurden nur empfohlene Scans (05.07.2015) durchgeführt (Abs. 1 -4 ). Die Antivirus Logs (Abs.5) und ADWcleaner sind zwei Wochen alt.
Bis auf gestern hatte ich Probleme mit firefox bzw. wenn ich einen Link mit rechter Maustaste z.B. im neuen Fenster aufmachen will dann erscheint das Auswahlmenü über den ganzen Monitor- Die Auswahlfunktionen wiederholen sich von oben bis nach unten hinaus. Die Links lassen sich nicht in einem neuen Tab/ Fenster aufmachen.

schrauber · 06.07.2015, 15:06

AdwCleaner neu laden, nochmal scannen und löschen lassen, dann bitte ein frisches FRST Log mit Haken gesetzt bei Addition

Pablo82 · 06.07.2015, 21:55

Hallo,

AdwCleaner neu geleladen -nix gefunden:

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v4.207 - Bericht erstellt 06/07/2015 um 22:24:46
# Aktualisiert 21/06/2015 von Xplode
# Datenbank : 2015-07-05.2 [Server]
# Betriebssystem : Windows Vista (TM) Business Service Pack 2 (x86)
# Benutzername : CIBAPC45678523 - CIBAPC456785-PC
# Gestarted von : C:\Users\Home\Desktop\AdwCleaner_4.207.exe
# Option : Suchlauf

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16633


-\\ Mozilla Firefox v35.0.1 (x86 de)


*************************

AdwCleaner[R0].txt - [846 Bytes] - [16/06/2015 22:14:37]
AdwCleaner[R1].txt - [733 Bytes] - [06/07/2015 22:24:46]
AdwCleaner[S0].txt - [904 Bytes] - [16/06/2015 22:16:14]

########## EOF - \AdwCleaner\AdwCleaner[R1].txt - [849 Bytes] ##########

--- --- ---

und

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v4.207 - Bericht erstellt 06/07/2015 um 22:28:52
# Aktualisiert 21/06/2015 von Xplode
# Datenbank : 2015-07-05.2 [Server]
# Betriebssystem : Windows Vista (TM) Business Service Pack 2 (x86)
# Benutzername : CIBAPC45678523 - CIBAPC456785-PC
# Gestarted von : C:\Users\Home\Desktop\AdwCleaner_4.207.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16633


-\\ Mozilla Firefox v35.0.1 (x86 de)


*************************

AdwCleaner[R0].txt - [846 Bytes] - [16/06/2015 22:14:37]
AdwCleaner[R1].txt - [925 Bytes] - [06/07/2015 22:24:46]
AdwCleaner[S0].txt - [904 Bytes] - [16/06/2015 22:16:14]
AdwCleaner[S1].txt - [848 Bytes] - [06/07/2015 22:28:52]

########## EOF - \AdwCleaner\AdwCleaner[S1].txt - [906  Bytes] ##########

--- --- ---

und hier noch FRST- Log

FRST:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2015
Ran by CIBAPC45678523 (administrator) on CIBAPC456785-PC on 06-07-2015 22:34:04
Running from C:\Users\Home\Desktop
Loaded Profiles: CIBAPC45678523 & Home (Available Profiles: CIBAPC45678523 & Home)
Platform: Microsoft® Windows Vista™ Business  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(MSI Technology GmbH ) C:\Program Files\MSI\US54EX\Installer\Win2k\MSI US54EX Wireless Client Utility.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
() C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [picon] => C:\Program Files\Common Files\Intel\Privacy Icon\PIconStartup.exe [111640 2010-05-21] ()
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [730416 2015-05-27] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1310720 2009-03-05] (Analog Devices, Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\Launcher\Avira.Systray.exe [130864 2015-05-21] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [217088 2009-04-11] (Microsoft Corporation)
HKU\S-1-5-21-2772773862-112770573-1896515911-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2772773862-112770573-1896515911-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2772773862-112770573-1896515911-1001\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S1].txt [983 2015-07-06] ()
HKU\S-1-5-21-2772773862-112770573-1896515911-1002\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2772773862-112770573-1896515911-1002\...\MountPoints2: {5c198a9e-f1ac-11e4-bf7e-00219b24e865} - F:\Password.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MSI US54EX Wireless Client Utility.lnk [2014-07-30]
ShortcutTarget: MSI US54EX Wireless Client Utility.lnk -> C:\Program Files\MSI\US54EX\Installer\Win2k\MSI US54EX Wireless Client Utility.exe (MSI Technology GmbH )

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2772773862-112770573-1896515911-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8E2823B8-B72E-4E2E-82EC-D6DABB81E282}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{ECF39586-4AFC-48CA-825D-8C4A7A9CDC9C}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F97A5B23-8CFB-4A41-B7D2-886921D2545A}: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\CIBAPC45678523\AppData\Roaming\Mozilla\Firefox\Profiles\gqw00mbi.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll [2013-07-07] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2571 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2006-10-07] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2006-10-07] (RealNetworks, Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-06-04]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [825136 2015-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [450808 2015-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [450808 2015-05-27] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1187336 2015-05-27] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [208632 2015-05-21] (Avira Operations GmbH & Co. KG)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2071064 2010-05-21] (Intel Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [20747 2014-07-30] (Meetinghouse Data Communications) [File not signed]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108448 2015-05-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136728 2015-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-06-01] (Avira Operations GmbH & Co. KG)
R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k6032.sys [202408 2010-04-06] (Intel Corporation)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-16] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-05-27] (Avira Operations GmbH & Co. KG)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-06 22:34 - 2015-07-06 22:34 - 00010229 _____ C:\Users\Home\Desktop\FRST.txt
2015-07-06 22:33 - 2015-07-05 00:20 - 01636352 _____ (Farbar) C:\Users\Home\Desktop\FRST.exe
2015-07-06 22:19 - 2015-07-06 21:58 - 02244096 _____ C:\Users\Home\Desktop\AdwCleaner_4.207.exe
2015-07-05 21:29 - 2015-07-05 21:29 - 00004672 _____ C:\Users\CIBAPC45678523\Documents\Gmer.txt
2015-07-05 21:15 - 2015-07-05 21:15 - 208344037 _____ C:\Windows\MEMORY.DMP
2015-07-05 21:15 - 2015-07-05 21:15 - 00147528 _____ C:\Windows\Minidump\Mini070515-01.dmp
2015-07-05 21:15 - 2015-07-05 21:15 - 00000000 ____D C:\Windows\Minidump
2015-07-05 20:48 - 2015-07-06 22:34 - 00000000 ____D C:\FRST
2015-07-05 20:44 - 2015-07-05 20:44 - 00000000 _____ C:\Users\CIBAPC45678523\defogger_reenable
2015-07-05 08:37 - 2015-07-06 22:21 - 00000000 ____D C:\Users\Home\Desktop\virus
2015-06-16 23:56 - 2015-06-16 23:56 - 00000726 _____ C:\Users\CIBAPC45678523\Documents\eset.txt
2015-06-16 22:26 - 2015-06-16 22:27 - 02870984 _____ (ESET) C:\Users\Home\Downloads\esetsmartinstaller_deu.exe
2015-06-16 22:11 - 2015-07-06 22:32 - 00000000 ____D C:\AdwCleaner
2015-06-16 21:36 - 2015-06-16 22:20 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-16 21:35 - 2015-06-16 21:35 - 00000899 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-16 21:35 - 2015-06-16 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-16 21:35 - 2015-06-16 21:35 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 
2015-06-16 21:35 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-16 21:35 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-16 21:30 - 2015-06-16 21:35 - 00000000 ____D C:\Users\CIBAPC45678523\AppData\Roaming\Malwarebytes
2015-06-16 21:30 - 2015-06-16 21:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-16 21:30 - 2015-06-16 21:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2015-06-16 21:30 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-13 10:18 - 2015-06-13 10:18 - 04683232 _____ (Avira Operations GmbH & Co. KG) C:\Users\Home\Downloads\avira_en_av_557be6d0a90d5__ws.exe
2015-06-07 11:25 - 2015-06-07 11:25 - 00001243 _____ C:\Users\Home\Desktop\Disc D - Verknüpfung.lnk
2015-06-07 11:24 - 2015-06-16 21:29 - 00000000 ____D C:\Disc D
2015-06-07 06:23 - 2015-06-07 06:24 - 00000000 ____D C:\Users\Home\AppData\Roaming\elsterformular
2015-06-07 06:15 - 2015-06-07 06:15 - 00000949 _____ C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-06 22:33 - 2013-03-26 11:36 - 01797749 _____ C:\Windows\WindowsUpdate.log
2015-07-06 22:30 - 2006-11-02 14:47 - 00004880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-06 22:30 - 2006-11-02 14:47 - 00004880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-06 22:29 - 2006-11-02 15:01 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-06 22:29 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-06 22:29 - 2006-11-02 15:00 - 00475044 _____ C:\Windows\PFRO.log
2015-07-05 20:44 - 2013-03-26 11:43 - 00000000 ____D C:\Users\CIBAPC45678523
2015-07-05 20:44 - 2006-11-02 12:33 - 01472522 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-05 08:39 - 2015-02-08 17:10 - 00015872 _____ C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-05 08:38 - 2015-02-02 23:33 - 00000000 ____D C:\Users\Home
2015-06-16 22:21 - 2013-03-26 11:44 - 00053144 _____ C:\Users\CIBAPC45678523\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-16 21:57 - 2015-02-02 23:33 - 00053144 _____ C:\Users\Home\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-16 21:55 - 2006-11-02 14:47 - 00245400 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-16 21:28 - 2006-11-02 14:52 - 00032522 _____ C:\Windows\setupact.log
2015-06-16 21:23 - 2015-01-30 21:43 - 00000000 ____D C:\Program Files\Microsoft.NET
2015-06-16 21:23 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\ShellNew
2015-06-16 21:23 - 2006-11-02 13:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-06-13 10:25 - 2013-04-26 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-13 10:25 - 2013-04-26 21:16 - 00000000 ____D C:\ProgramData\Avira
2015-06-13 10:19 - 2015-02-02 23:33 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-13 10:19 - 2013-04-26 21:16 - 00000000 ____D C:\Program Files\Avira
2015-06-13 10:06 - 2013-01-09 13:23 - 00000000 ____D C:\Users\CIBA PC8
2015-06-13 10:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\Msdtc
2015-06-13 10:06 - 2006-11-02 12:22 - 36175872 _____ C:\Windows\system32\config\components_previous
2015-06-13 10:06 - 2006-11-02 12:22 - 29884416 _____ C:\Windows\system32\config\software_previous
2015-06-13 10:06 - 2006-11-02 12:22 - 15466496 _____ C:\Windows\system32\config\system_previous
2015-06-13 10:06 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2015-06-13 10:06 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2015-06-13 10:06 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\default_previous
2015-06-13 10:05 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\spool
2015-06-13 10:05 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\registration
2015-06-10 21:26 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2013-04-22 20:42 - 2013-04-22 20:42 - 0000552 _____ () C:\Users\CIBAPC45678523\AppData\Local\d3d8caps.dat
2013-03-26 11:44 - 2015-06-04 12:54 - 0000680 _____ () C:\Users\CIBAPC45678523\AppData\Local\d3d9caps.dat
2013-04-26 21:20 - 2014-03-15 23:23 - 0016384 _____ () C:\Users\CIBAPC45678523\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Users\CIBAPC45678523\AppData\Local\Temp\AskSLib.dll
C:\Users\CIBAPC45678523\AppData\Local\Temp\avgnt.exe
C:\Users\Home\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-06 22:28

==================== End of log ============================

--- --- ---

Addition:
[CODE]
Additional
FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x86) Version: 04-07-2015
Ran by CIBAPC45678523 at 2015-07-06 22:34:59
Running from C:\Users\Home\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2772773862-112770573-1896515911-500 - Administrator - Disabled)
CIBAPC45678523 (S-1-5-21-2772773862-112770573-1896515911-1001 - Administrator - Enabled) => C:\Users\CIBAPC45678523
Gast (S-1-5-21-2772773862-112770573-1896515911-501 - Limited - Disabled)
Home (S-1-5-21-2772773862-112770573-1896515911-1002 - Limited - Enabled) => C:\Users\Home

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Avira (HKLM\...\{0696cc37-db90-4000-be99-4a173ca7c8af}) (Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.11.574 - Avira Operations GmbH & Co. KG)
BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden
Dell Security Device Driver Pack (HKLM\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.02.35 - Dell Inc.)
Dell System Detect (HKU\S-1-5-21-2772773862-112770573-1896515911-1001\...\73f463568823ebbe) (Version: 5.13.0.1 - Dell)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 16.1.20150424 - Landesfinanzdirektion Thüringen)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 15.2 - Intel)
Intel® Active-Management-Technologie (HKLM\...\MESOL) (Version:  - Intel Corporation)
K-Lite Mega Codec Pack 2.2.5 (HKLM\...\KLiteCodecPack_is1) (Version: 2.25 - )
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software-Treiberpaket (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSI US54EX Wireless Client Utility (HKLM\...\{FFAA01ED-BEEC-4578-87D5-90E1C7A6D230}) (Version: 1.00.00 - Pacific)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.311.0 - Tracker Software Products Ltd)
Skype™ 7.4 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.5853 - Analog Devices)
SubEdit - Vista WMP Patch (HKLM\...\SubEdit - Vista WMP Patch_is1) (Version: 1 - Artur Sikora)
SubEdit-Player (HKLM\...\SubEdit-Player_is1) (Version: 4072 - Artur Sikora)
UPEK TouchChip Fingerprint Reader (Version: 1.0.0 - Dell Inc.) Hidden
Windows-Treiberpaket - Dell Inc. PBADRV System  (01/07/2008 1.0.1.5) (HKLM\...\9D57DE505B6D8C710EF3B74BE638DBB936EED8A3) (Version: 01/07/2008 1.0.1.5 - Dell Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

04-06-2015 11:50:16 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
04-06-2015 12:32:39 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
04-06-2015 13:06:02 Windows Update
04-06-2015 17:07:32 Windows Update
07-06-2015 13:12:59 Geplanter Prüfpunkt
10-06-2015 21:09:03 Geplanter Prüfpunkt
13-06-2015 00:02:13 LavasoftWeCompanion
13-06-2015 01:08:38 LavasoftWeCompanion
13-06-2015 10:02:43 Wiederherstellungsvorgang
16-06-2015 21:20:18 Removed Microsoft Office Professional Edition 2003

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {DEE198FD-2862-49A5-ABEB-434C9AA41060} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (Whitelisted) ==============

2009-10-14 13:36 - 2009-10-14 13:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-10-14 13:34 - 2009-10-14 13:34 - 00560472 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
2013-01-09 13:33 - 2010-05-21 14:14 - 00077824 _____ () C:\Program Files\Common Files\Intel\Privacy Icon\UNS\DTMessageLib.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2772773862-112770573-1896515911-1001\...\dell.com -> dell.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2772773862-112770573-1896515911-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\Wallpaper\img24.jpg
HKU\S-1-5-21-2772773862-112770573-1896515911-1002\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SLSVC-In-TCP] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [SLSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{82639F05-199A-464D-A445-2DB78999E0C2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AB9D98F0-05CA-42E6-A6E5-0E71AB29B3F8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C4458AD6-35A2-4EE0-A030-F2702D70CAD7}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{45A02A4E-F567-4ED5-AE11-4D1DC5345568}] => (Allow) LPort=80
FirewallRules: [{B4FD2363-4DFA-475C-92C5-08B90DEB73D0}] => (Allow) LPort=80
FirewallRules: [{CC60B561-7227-4C51-B619-D20AA1555B30}] => (Allow) LPort=80

==================== Faulty Device Manager Devices =============

Name: Videocontroller
Description: Videocontroller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/05/2015 09:26:18 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (07/05/2015 09:17:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\HOME\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\0724UIH8.DEFAULT\SAFEBROWSING-TO_DELETE> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (1928) GaviDB_0: Versuch, Datei "C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db" für den Lesezugriff zu öffnen, ist mit Systemfehler 3 (0x00000003): "Das System kann den angegebenen Pfad nicht finden. " fehlgeschlagen. Fehler -1023 (0xfffffc01) beim Öffnen von Dateien.

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (1928) GaviDB_0: Versuch, Datei "C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db" für den Lesezugriff zu öffnen, ist mit Systemfehler 3 (0x00000003): "Das System kann den angegebenen Pfad nicht finden. " fehlgeschlagen. Fehler -1023 (0xfffffc01) beim Öffnen von Dateien.

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (1928) GaviDB_0: Versuch, Datei "C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db" für den Lesezugriff zu öffnen, ist mit Systemfehler 3 (0x00000003): "Das System kann den angegebenen Pfad nicht finden. " fehlgeschlagen. Fehler -1023 (0xfffffc01) beim Öffnen von Dateien.

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (1928) GaviDB_0: Versuch, Datei "C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db" für den Lesezugriff zu öffnen, ist mit Systemfehler 3 (0x00000003): "Das System kann den angegebenen Pfad nicht finden. " fehlgeschlagen. Fehler -1023 (0xfffffc01) beim Öffnen von Dateien.

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (1928) GaviDB_0: Versuch, Datei "C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db" für den Lesezugriff zu öffnen, ist mit Systemfehler 3 (0x00000003): "Das System kann den angegebenen Pfad nicht finden. " fehlgeschlagen. Fehler -1023 (0xfffffc01) beim Öffnen von Dateien.

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (1928) GaviDB_0: Versuch, Datei "C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db" für den Lesezugriff zu öffnen, ist mit Systemfehler 3 (0x00000003): "Das System kann den angegebenen Pfad nicht finden. " fehlgeschlagen. Fehler -1023 (0xfffffc01) beim Öffnen von Dateien.

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (1928) GaviDB_0: Versuch, Datei "C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db" für den Lesezugriff zu öffnen, ist mit Systemfehler 3 (0x00000003): "Das System kann den angegebenen Pfad nicht finden. " fehlgeschlagen. Fehler -1023 (0xfffffc01) beim Öffnen von Dateien.

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (1928) GaviDB_0: Versuch, Datei "C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db" für den Lesezugriff zu öffnen, ist mit Systemfehler 3 (0x00000003): "Das System kann den angegebenen Pfad nicht finden. " fehlgeschlagen. Fehler -1023 (0xfffffc01) beim Öffnen von Dateien.


System errors:
=============
Error: (07/06/2015 10:28:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Presentation Foundation Font Cache 4.0.0.0201Neustart des Diensts

Error: (07/06/2015 10:28:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Modules Installer11200001Neustart des Diensts

Error: (07/06/2015 10:28:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Intel(R) Management and Security Application User Notification Service1

Error: (07/06/2015 10:28:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Presentation Foundation Font Cache 4.0.0.0101Neustart des Diensts

Error: (07/06/2015 10:28:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Media Player-Netzwerkfreigabedienst1300001Neustart des Diensts

Error: (07/06/2015 10:28:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Avira Service Host1100001Neustart des Diensts

Error: (07/06/2015 10:28:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search1300001Neustart des Diensts

Error: (07/06/2015 10:28:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: MBAMScheduler1

Error: (07/06/2015 10:28:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Process Monitor1

Error: (07/06/2015 10:28:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Druckwarteschlange1600001Neustart des Diensts


Microsoft Office:
=========================
Error: (07/05/2015 09:26:18 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (07/05/2015 09:17:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\HOME\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\0724UIH8.DEFAULT\SAFEBROWSING-TO_DELETE

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard1928GaviDB_0: C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)Das System kann den angegebenen Pfad nicht finden.

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard1928GaviDB_0: C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)Das System kann den angegebenen Pfad nicht finden.

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard1928GaviDB_0: C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)Das System kann den angegebenen Pfad nicht finden.

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard1928GaviDB_0: C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)Das System kann den angegebenen Pfad nicht finden.

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard1928GaviDB_0: C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)Das System kann den angegebenen Pfad nicht finden.

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard1928GaviDB_0: C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)Das System kann den angegebenen Pfad nicht finden.

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard1928GaviDB_0: C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)Das System kann den angegebenen Pfad nicht finden.

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard1928GaviDB_0: C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)Das System kann den angegebenen Pfad nicht finden.


CodeIntegrity Errors:
===================================
  Date: 2015-07-06 22:34:54.942
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-06 22:34:54.848
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-06 22:34:54.754
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-06 22:34:54.661
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-06 22:34:54.458
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-06 22:34:54.380
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-06 22:34:54.318
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-06 22:34:54.271
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-06 22:34:31.791
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-06 22:34:31.698
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 62%
Total physical RAM: 1978.88 MB
Available physical RAM: 744.91 MB
Total Virtual: 4210.8 MB
Available Virtual: 2630.37 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.01 GB) (Free:106.5 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (Removable) (Total:3.72 GB) (Free:2.97 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: AC8AE961)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 76CF0668)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)

==================== End of log ============================

--- --- ---

Ich habe noch printscreen vom Fehler gemacht. Falls benötig kann ich ale Anhang schicken.
- Es lässt sich immer nicht mit LInk im neuen Fenster / TAb aufzumachen. DA stimmt was nicht.

Grüße
Pablo

schrauber · 07.07.2015, 06:27

Ja bitte mal anhängen.

Pablo82 · 07.07.2015, 07:09

Hallo Schrauber,

anbei die Datei (printscreen)

schrauber · 07.07.2015, 12:11

Das Kontextmenü ist nur im Browser so gefüllt? Oder überall?

Pablo82 · 07.07.2015, 21:29

Hallo ich habe gerade vollständig geprüft.
Das Menüe ist nur im Browser zu sehen.

Hier noch liste wo ich geprüft habe.
Desktop - i.O
Windows explorer - i.O
Firefox Symbolleiste - i.O

Links im Browser:
Google - fehlerhaft
Bing - fehlerhaft
Trojaner-Board -fehlerhaft.

Gr.Pablo

schrauber · 08.07.2015, 06:43

Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen

Pablo82 · 08.07.2015, 22:14

yeap.
es funktioniert. Ich habe alles gemacht wie empfohlen. Kein Fehler im Browser ist zu sehen. Jetzt kann ich meinen Steuer fertigstellen.
Herzlichen Dank für die Hilfe. Ich habe was gelernt. Demnächst will ich image meinen System erstellen (für die Zukunft).

hier noch LOGS nach neu- installation
FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2015
Ran by Home (ATTENTION: The logged in user is not administrator) on CIBAPC456785-PC on 08-07-2015 23:05:10
Running from C:\Users\Home\Desktop
Loaded Profiles: CIBAPC45678523 & Home (Available Profiles: CIBAPC45678523 & Home)
Platform: Microsoft® Windows Vista™ Business  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> winlogon.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> SLsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> sched.exe
Failed to access process -> svchost.exe
Failed to access process -> avguard.exe
Failed to access process -> LVPrcSrv.exe
Failed to access process -> mbamscheduler.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> Avira.ServiceHost.exe
Failed to access process -> taskeng.exe
Failed to access process -> avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(MSI Technology GmbH ) C:\Program Files\MSI\US54EX\Installer\Win2k\MSI US54EX Wireless Client Utility.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
Failed to access process -> wmpnetwk.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
Failed to access process -> WPFFontCache_v0400.exe
Failed to access process -> svchost.exe
() C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
Failed to access process -> LMS.exe
Failed to access process -> UNS.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
Failed to access process -> TrustedInstaller.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
Failed to access process -> SearchProtocolHost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> SearchFilterHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [picon] => C:\Program Files\Common Files\Intel\Privacy Icon\PIconStartup.exe [111640 2010-05-21] ()
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [730416 2015-05-27] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1310720 2009-03-05] (Analog Devices, Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [217088 2009-04-11] (Microsoft Corporation)
HKU\S-1-5-21-2772773862-112770573-1896515911-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2772773862-112770573-1896515911-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2772773862-112770573-1896515911-1002\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2772773862-112770573-1896515911-1002\...\MountPoints2: {5c198a9e-f1ac-11e4-bf7e-00219b24e865} - F:\Password.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MSI US54EX Wireless Client Utility.lnk [2014-07-30]
ShortcutTarget: MSI US54EX Wireless Client Utility.lnk -> C:\Program Files\MSI\US54EX\Installer\Win2k\MSI US54EX Wireless Client Utility.exe (MSI Technology GmbH )

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-2772773862-112770573-1896515911-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
URLSearchHook: [S-1-5-21-2772773862-112770573-1896515911-1001] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2772773862-112770573-1896515911-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8E2823B8-B72E-4E2E-82EC-D6DABB81E282}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{ECF39586-4AFC-48CA-825D-8C4A7A9CDC9C}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F97A5B23-8CFB-4A41-B7D2-886921D2545A}: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ov0gcp8n.default-1436389326208
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll [2013-07-07] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2571 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2006-10-07] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2006-10-07] (RealNetworks, Inc.)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [825136 2015-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [450808 2015-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [450808 2015-05-27] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1187336 2015-05-27] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 iphlpsvc; C:\Windows\System32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2071064 2010-05-21] (Intel Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [20747 2014-07-30] (Meetinghouse Data Communications) [File not signed]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108448 2015-05-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136728 2015-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-06-01] (Avira Operations GmbH & Co. KG)
R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k6032.sys [202408 2010-04-06] (Intel Corporation)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-07-06] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-05-27] (Avira Operations GmbH & Co. KG)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-08 23:04 - 2015-07-08 23:05 - 00011117 _____ C:\Users\Home\Desktop\FRST.txt
2015-07-08 22:59 - 2015-07-08 22:59 - 00000858 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-08 22:59 - 2015-07-08 22:59 - 00000846 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-08 22:59 - 2015-07-08 22:59 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-07-08 22:58 - 2015-07-08 22:59 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-07-08 22:57 - 2015-07-08 22:57 - 00242928 _____ C:\Users\Home\Downloads\Firefox Setup Stub 39.0.exe
2015-07-08 22:44 - 2015-07-08 22:44 - 00001057 _____ C:\Users\CIBAPC45678523\Desktop\Revo Uninstaller.lnk
2015-07-08 22:44 - 2015-07-08 22:44 - 00000072 _____ C:\Users\Home\Desktop\fox.txt
2015-07-08 22:44 - 2015-07-08 22:44 - 00000000 ____D C:\Program Files\VS Revo Group
2015-07-08 22:42 - 2015-07-08 22:42 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Home\Desktop\revosetup95.exe
2015-07-06 22:33 - 2015-07-05 00:20 - 01636352 _____ (Farbar) C:\Users\Home\Desktop\FRST.exe
2015-07-06 22:19 - 2015-07-06 21:58 - 02244096 _____ C:\Users\Home\Desktop\AdwCleaner_4.207.exe
2015-07-05 21:15 - 2015-07-05 21:15 - 208344037 _____ C:\Windows\MEMORY.DMP
2015-07-05 21:15 - 2015-07-05 21:15 - 00000000 ____D C:\Windows\Minidump
2015-07-05 20:48 - 2015-07-08 23:05 - 00000000 ____D C:\FRST
2015-07-05 20:44 - 2015-07-05 20:44 - 00000000 _____ C:\Users\CIBAPC45678523\defogger_reenable
2015-07-05 08:37 - 2015-07-06 22:21 - 00000000 ____D C:\Users\Home\Desktop\virus
2015-06-16 22:26 - 2015-06-16 22:27 - 02870984 _____ (ESET) C:\Users\Home\Downloads\esetsmartinstaller_deu.exe
2015-06-16 22:11 - 2015-07-06 22:32 - 00000000 ____D C:\AdwCleaner
2015-06-16 21:36 - 2015-07-06 23:01 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-16 21:35 - 2015-07-06 23:00 - 00000899 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-16 21:35 - 2015-07-06 23:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-16 21:35 - 2015-07-06 23:00 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 
2015-06-16 21:35 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-16 21:35 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-16 21:30 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-16 21:30 - 2015-06-16 21:35 - 00000000 ____D C:\Users\CIBAPC45678523\AppData\Roaming\Malwarebytes
2015-06-16 21:30 - 2015-06-16 21:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-16 21:30 - 2015-06-16 21:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2015-06-13 10:18 - 2015-06-13 10:18 - 04683232 _____ (Avira Operations GmbH & Co. KG) C:\Users\Home\Downloads\avira_en_av_557be6d0a90d5__ws.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-08 23:00 - 2013-03-26 11:36 - 01857443 _____ C:\Windows\WindowsUpdate.log
2015-07-08 22:52 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-08 22:52 - 2006-11-02 15:00 - 00476158 _____ C:\Windows\PFRO.log
2015-07-08 22:52 - 2006-11-02 14:47 - 00004880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-08 22:52 - 2006-11-02 14:47 - 00004880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-08 22:51 - 2006-11-02 15:01 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-07 22:19 - 2013-04-26 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-07 22:13 - 2015-02-02 23:33 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-07 22:13 - 2013-04-26 21:16 - 00000000 ____D C:\Program Files\Avira
2015-07-05 20:44 - 2013-03-26 11:43 - 00000000 ____D C:\Users\CIBAPC45678523
2015-07-05 20:44 - 2006-11-02 12:33 - 01472522 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-05 08:39 - 2015-02-08 17:10 - 00015872 _____ C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-05 08:38 - 2015-02-02 23:33 - 00000000 ____D C:\Users\Home
2015-06-16 22:21 - 2013-03-26 11:44 - 00053144 _____ C:\Users\CIBAPC45678523\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-16 21:57 - 2015-02-02 23:33 - 00053144 _____ C:\Users\Home\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-16 21:55 - 2006-11-02 14:47 - 00245400 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-16 21:29 - 2015-06-07 11:24 - 00000000 ____D C:\Disc D
2015-06-16 21:28 - 2006-11-02 14:52 - 00032522 _____ C:\Windows\setupact.log
2015-06-16 21:23 - 2015-01-30 21:43 - 00000000 ____D C:\Program Files\Microsoft.NET
2015-06-16 21:23 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\ShellNew
2015-06-16 21:23 - 2006-11-02 13:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-06-13 10:25 - 2013-04-26 21:16 - 00000000 ____D C:\ProgramData\Avira
2015-06-13 10:06 - 2013-01-09 13:23 - 00000000 ____D C:\Users\CIBA PC8
2015-06-13 10:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\Msdtc
2015-06-13 10:05 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\spool
2015-06-13 10:05 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\registration
2015-06-10 21:26 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2015-02-02 23:33 - 2015-06-04 11:06 - 0000680 _____ () C:\Users\Home\AppData\Local\d3d9caps.dat
2015-02-08 17:10 - 2015-07-05 08:39 - 0015872 _____ () C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Users\CIBAPC45678523\AppData\Local\Temp\AskSLib.dll
C:\Users\CIBAPC45678523\AppData\Local\Temp\avgnt.exe
C:\Users\Home\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

--- --- ---

Addition
[CODE]
Additional
FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x86) Version: 04-07-2015
Ran by Home at 2015-07-08 23:05:24
Running from C:\Users\Home\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2772773862-112770573-1896515911-500 - Administrator - Disabled)
CIBAPC45678523 (S-1-5-21-2772773862-112770573-1896515911-1001 - Administrator - Enabled) => C:\Users\CIBAPC45678523
Gast (S-1-5-21-2772773862-112770573-1896515911-501 - Limited - Disabled)
Home (S-1-5-21-2772773862-112770573-1896515911-1002 - Limited - Enabled) => C:\Users\Home

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Avira (HKLM\...\{8467e01f-0496-42ce-b247-88ef205b4880}) (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.11.579 - Avira Operations GmbH & Co. KG)
BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden
Dell Security Device Driver Pack (HKLM\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.02.35 - Dell Inc.)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 16.1.20150424 - Landesfinanzdirektion Thüringen)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 15.2 - Intel)
Intel® Active-Management-Technologie (HKLM\...\MESOL) (Version:  - Intel Corporation)
K-Lite Mega Codec Pack 2.2.5 (HKLM\...\KLiteCodecPack_is1) (Version: 2.25 - )
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software-Treiberpaket (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 de) (HKLM\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
MSI US54EX Wireless Client Utility (HKLM\...\{FFAA01ED-BEEC-4578-87D5-90E1C7A6D230}) (Version: 1.00.00 - Pacific)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.311.0 - Tracker Software Products Ltd)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 7.4 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.5853 - Analog Devices)
SubEdit - Vista WMP Patch (HKLM\...\SubEdit - Vista WMP Patch_is1) (Version: 1 - Artur Sikora)
SubEdit-Player (HKLM\...\SubEdit-Player_is1) (Version: 4072 - Artur Sikora)
UPEK TouchChip Fingerprint Reader (Version: 1.0.0 - Dell Inc.) Hidden
Windows-Treiberpaket - Dell Inc. PBADRV System  (01/07/2008 1.0.1.5) (HKLM\...\9D57DE505B6D8C710EF3B74BE638DBB936EED8A3) (Version: 01/07/2008 1.0.1.5 - Dell Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (Whitelisted) ==============

2009-10-14 13:36 - 2009-10-14 13:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-10-14 13:34 - 2009-10-14 13:34 - 00560472 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2772773862-112770573-1896515911-1002\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SLSVC-In-TCP] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [SLSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{C4458AD6-35A2-4EE0-A030-F2702D70CAD7}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{45A02A4E-F567-4ED5-AE11-4D1DC5345568}] => (Allow) LPort=80
FirewallRules: [{B4FD2363-4DFA-475C-92C5-08B90DEB73D0}] => (Allow) LPort=80
FirewallRules: [{CC60B561-7227-4C51-B619-D20AA1555B30}] => (Allow) LPort=80
FirewallRules: [{D747F904-6AFC-467B-8BE9-90B9F590B5E0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{55F344FA-AC65-4E1C-9960-34377D7AA357}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: Videocontroller
Description: Videocontroller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/08/2015 10:46:43 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {1f53ce0f-15ac-4019-a057-c78f55cb6754}

Error: (07/07/2015 10:20:07 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\HOME\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\0724UIH8.DEFAULT\SAFEBROWSING-TO_DELETE> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/07/2015 10:19:58 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\HOME\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\0724UIH8.DEFAULT\SAFEBROWSING-BACKUP> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/05/2015 09:26:18 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (07/05/2015 09:17:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\HOME\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\0724UIH8.DEFAULT\SAFEBROWSING-TO_DELETE> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (1928) GaviDB_0: Versuch, Datei "C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db" für den Lesezugriff zu öffnen, ist mit Systemfehler 3 (0x00000003): "Das System kann den angegebenen Pfad nicht finden. " fehlgeschlagen. Fehler -1023 (0xfffffc01) beim Öffnen von Dateien.

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (1928) GaviDB_0: Versuch, Datei "C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db" für den Lesezugriff zu öffnen, ist mit Systemfehler 3 (0x00000003): "Das System kann den angegebenen Pfad nicht finden. " fehlgeschlagen. Fehler -1023 (0xfffffc01) beim Öffnen von Dateien.

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (1928) GaviDB_0: Versuch, Datei "C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db" für den Lesezugriff zu öffnen, ist mit Systemfehler 3 (0x00000003): "Das System kann den angegebenen Pfad nicht finden. " fehlgeschlagen. Fehler -1023 (0xfffffc01) beim Öffnen von Dateien.

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (1928) GaviDB_0: Versuch, Datei "C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db" für den Lesezugriff zu öffnen, ist mit Systemfehler 3 (0x00000003): "Das System kann den angegebenen Pfad nicht finden. " fehlgeschlagen. Fehler -1023 (0xfffffc01) beim Öffnen von Dateien.

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (1928) GaviDB_0: Versuch, Datei "C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db" für den Lesezugriff zu öffnen, ist mit Systemfehler 3 (0x00000003): "Das System kann den angegebenen Pfad nicht finden. " fehlgeschlagen. Fehler -1023 (0xfffffc01) beim Öffnen von Dateien.


System errors:
=============
Error: (07/06/2015 10:28:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Presentation Foundation Font Cache 4.0.0.0201Neustart des Diensts

Error: (07/06/2015 10:28:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Modules Installer11200001Neustart des Diensts

Error: (07/06/2015 10:28:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Intel(R) Management and Security Application User Notification Service1

Error: (07/06/2015 10:28:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Presentation Foundation Font Cache 4.0.0.0101Neustart des Diensts

Error: (07/06/2015 10:28:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Media Player-Netzwerkfreigabedienst1300001Neustart des Diensts

Error: (07/06/2015 10:28:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Avira Service Host1100001Neustart des Diensts

Error: (07/06/2015 10:28:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search1300001Neustart des Diensts

Error: (07/06/2015 10:28:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: MBAMScheduler1

Error: (07/06/2015 10:28:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Process Monitor1

Error: (07/06/2015 10:28:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Druckwarteschlange1600001Neustart des Diensts


Microsoft Office:
=========================
Error: (07/08/2015 10:46:43 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {1f53ce0f-15ac-4019-a057-c78f55cb6754}

Error: (07/07/2015 10:20:07 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\HOME\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\0724UIH8.DEFAULT\SAFEBROWSING-TO_DELETE

Error: (07/07/2015 10:19:58 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\HOME\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\0724UIH8.DEFAULT\SAFEBROWSING-BACKUP

Error: (07/05/2015 09:26:18 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (07/05/2015 09:17:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\HOME\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\0724UIH8.DEFAULT\SAFEBROWSING-TO_DELETE

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard1928GaviDB_0: C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)Das System kann den angegebenen Pfad nicht finden.

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard1928GaviDB_0: C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)Das System kann den angegebenen Pfad nicht finden.

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard1928GaviDB_0: C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)Das System kann den angegebenen Pfad nicht finden.

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard1928GaviDB_0: C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)Das System kann den angegebenen Pfad nicht finden.

Error: (07/05/2015 09:15:11 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard1928GaviDB_0: C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)Das System kann den angegebenen Pfad nicht finden.


CodeIntegrity Errors:
===================================
  Date: 2015-07-08 23:05:22.147
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-08 23:05:22.081
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-08 23:05:22.007
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-08 23:05:21.940
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-08 23:05:21.815
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-08 23:05:21.756
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-08 23:05:21.690
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-08 23:05:21.625
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-08 23:05:12.668
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-08 23:05:12.602
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 56%
Total physical RAM: 1978.88 MB
Available physical RAM: 863.1 MB
Total Virtual: 4210.8 MB
Available Virtual: 2775.24 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.01 GB) (Free:108.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

==================== End of log ============================

--- --- ---

schrauber · 09.07.2015, 08:42

Machen wir noch Kontrollscans

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Pablo82 · 09.07.2015, 21:44

Hallo Schrauber , Trojaner Board.

Hausaufgabe erledigt. hier die Logs.

1. ESET:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2ce434d332177e43aa4224c201cc74a3
# end=init
# utc_time=2015-07-09 07:16:07
# local_time=2015-07-09 09:16:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Poland"
# osver=6.0.6002 NT Service Pack 2
Update Init
Update Download
Update Finalize
Updated modules version: 24725
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2ce434d332177e43aa4224c201cc74a3
# end=updated
# utc_time=2015-07-09 07:24:19
# local_time=2015-07-09 09:24:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Poland"
# osver=6.0.6002 NT Service Pack 2
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=2ce434d332177e43aa4224c201cc74a3
# engine=24725
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-07-09 07:49:19
# local_time=2015-07-09 09:49:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Poland"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 95 78737934 274004061 0 0
# scanned=85954
# found=0
# cleaned=0
# scan_time=1499

2. Sec.Check

Code:

ATTFilter

 Results of screen317's Security Check version 1.004  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Antivirus   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
  Adobe Flash Player 	11.7.700.224 Flash Player out of Date!  
 Mozilla Firefox (39.0) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

3. FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2015
Ran by CIBAPC45678523 (administrator) on CIBAPC456785-PC on 09-07-2015 22:37:42
Running from C:\Users\CIBAPC45678523\Desktop
Loaded Profiles: CIBAPC45678523 (Available Profiles: CIBAPC45678523 & Home)
Platform: Microsoft® Windows Vista™ Business  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(MSI Technology GmbH ) C:\Program Files\MSI\US54EX\Installer\Win2k\MSI US54EX Wireless Client Utility.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
() C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [picon] => C:\Program Files\Common Files\Intel\Privacy Icon\PIconStartup.exe [111640 2010-05-21] ()
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [730416 2015-05-27] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1310720 2009-03-05] (Analog Devices, Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2772773862-112770573-1896515911-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2772773862-112770573-1896515911-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MSI US54EX Wireless Client Utility.lnk [2014-07-30]
ShortcutTarget: MSI US54EX Wireless Client Utility.lnk -> C:\Program Files\MSI\US54EX\Installer\Win2k\MSI US54EX Wireless Client Utility.exe (MSI Technology GmbH )

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8E2823B8-B72E-4E2E-82EC-D6DABB81E282}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{ECF39586-4AFC-48CA-825D-8C4A7A9CDC9C}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F97A5B23-8CFB-4A41-B7D2-886921D2545A}: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\CIBAPC45678523\AppData\Roaming\Mozilla\Firefox\Profiles\5lmvbxwd.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll [2013-07-07] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2571 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2006-10-07] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2006-10-07] (RealNetworks, Inc.)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [825136 2015-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [450808 2015-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [450808 2015-05-27] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1187336 2015-05-27] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2071064 2010-05-21] (Intel Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [20747 2014-07-30] (Meetinghouse Data Communications) [File not signed]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108448 2015-05-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136728 2015-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-06-01] (Avira Operations GmbH & Co. KG)
R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k6032.sys [202408 2010-04-06] (Intel Corporation)
R3 eapihdrv; C:\Users\CIBAPC45678523\AppData\Local\Temp\ehdrv.sys [135760 2015-07-09] (ESET)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-05-27] (Avira Operations GmbH & Co. KG)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-09 22:37 - 2015-07-09 22:38 - 00009377 _____ C:\Users\CIBAPC45678523\Desktop\FRST.txt
2015-07-09 22:37 - 2015-07-05 00:20 - 01636352 _____ (Farbar) C:\Users\CIBAPC45678523\Desktop\FRST.exe
2015-07-09 22:36 - 2015-07-09 22:36 - 00000802 _____ C:\Users\CIBAPC45678523\Desktop\checkup.txt
2015-07-09 22:20 - 2015-07-09 22:20 - 00852662 _____ C:\Users\CIBAPC45678523\Desktop\SecurityCheck.exe
2015-07-09 21:13 - 2015-07-09 21:13 - 02870984 _____ (ESET) C:\Users\CIBAPC45678523\Desktop\esetsmartinstaller_deu.exe
2015-07-08 22:59 - 2015-07-08 22:59 - 00000858 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-08 22:59 - 2015-07-08 22:59 - 00000846 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-08 22:59 - 2015-07-08 22:59 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-07-08 22:58 - 2015-07-08 22:59 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-07-08 22:57 - 2015-07-08 22:57 - 00242928 _____ C:\Users\Home\Downloads\Firefox Setup Stub 39.0.exe
2015-07-08 22:44 - 2015-07-08 22:44 - 00001057 _____ C:\Users\CIBAPC45678523\Desktop\Revo Uninstaller.lnk
2015-07-08 22:44 - 2015-07-08 22:44 - 00000072 _____ C:\Users\Home\Desktop\fox.txt
2015-07-08 22:44 - 2015-07-08 22:44 - 00000000 ____D C:\Program Files\VS Revo Group
2015-07-08 22:42 - 2015-07-08 22:42 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Home\Desktop\revosetup95.exe
2015-07-06 22:33 - 2015-07-05 00:20 - 01636352 _____ (Farbar) C:\Users\Home\Desktop\FRST.exe
2015-07-06 22:19 - 2015-07-06 21:58 - 02244096 _____ C:\Users\Home\Desktop\AdwCleaner_4.207.exe
2015-07-05 21:29 - 2015-07-05 21:29 - 00004672 _____ C:\Users\CIBAPC45678523\Documents\Gmer.txt
2015-07-05 21:15 - 2015-07-05 21:15 - 208344037 _____ C:\Windows\MEMORY.DMP
2015-07-05 21:15 - 2015-07-05 21:15 - 00147528 _____ C:\Windows\Minidump\Mini070515-01.dmp
2015-07-05 21:15 - 2015-07-05 21:15 - 00000000 ____D C:\Windows\Minidump
2015-07-05 20:48 - 2015-07-09 22:37 - 00000000 ____D C:\FRST
2015-07-05 20:44 - 2015-07-05 20:44 - 00000000 _____ C:\Users\CIBAPC45678523\defogger_reenable
2015-07-05 08:37 - 2015-07-06 22:21 - 00000000 ____D C:\Users\Home\Desktop\virus
2015-06-16 23:56 - 2015-06-16 23:56 - 00000726 _____ C:\Users\CIBAPC45678523\Documents\eset.txt
2015-06-16 22:26 - 2015-06-16 22:27 - 02870984 _____ (ESET) C:\Users\Home\Downloads\esetsmartinstaller_deu.exe
2015-06-16 22:11 - 2015-07-08 23:12 - 00000000 ____D C:\AdwCleaner
2015-06-16 21:36 - 2015-07-09 21:05 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-16 21:35 - 2015-07-06 23:00 - 00000899 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-16 21:35 - 2015-07-06 23:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-16 21:35 - 2015-07-06 23:00 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 
2015-06-16 21:35 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-16 21:35 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-16 21:30 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-16 21:30 - 2015-06-16 21:35 - 00000000 ____D C:\Users\CIBAPC45678523\AppData\Roaming\Malwarebytes
2015-06-16 21:30 - 2015-06-16 21:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-16 21:30 - 2015-06-16 21:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2015-06-13 10:18 - 2015-06-13 10:18 - 04683232 _____ (Avira Operations GmbH & Co. KG) C:\Users\Home\Downloads\avira_en_av_557be6d0a90d5__ws.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-09 22:23 - 2013-03-26 11:36 - 01876046 _____ C:\Windows\WindowsUpdate.log
2015-07-09 21:01 - 2013-06-02 11:12 - 00000000 ____D C:\Users\CIBAPC45678523\AppData\Roaming\Skype
2015-07-09 20:58 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-09 20:58 - 2006-11-02 15:00 - 00476452 _____ C:\Windows\PFRO.log
2015-07-09 20:58 - 2006-11-02 14:47 - 00004880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-09 20:58 - 2006-11-02 14:47 - 00004880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-08 23:16 - 2006-11-02 15:01 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-07 22:19 - 2013-04-26 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-07 22:13 - 2015-02-02 23:33 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-07 22:13 - 2013-04-26 21:16 - 00000000 ____D C:\Program Files\Avira
2015-07-05 20:44 - 2013-03-26 11:43 - 00000000 ____D C:\Users\CIBAPC45678523
2015-07-05 20:44 - 2006-11-02 12:33 - 01472522 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-05 08:39 - 2015-02-08 17:10 - 00015872 _____ C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-05 08:38 - 2015-02-02 23:33 - 00000000 ____D C:\Users\Home
2015-06-16 22:21 - 2013-03-26 11:44 - 00053144 _____ C:\Users\CIBAPC45678523\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-16 21:57 - 2015-02-02 23:33 - 00053144 _____ C:\Users\Home\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-16 21:55 - 2006-11-02 14:47 - 00245400 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-16 21:29 - 2015-06-07 11:24 - 00000000 ____D C:\Disc D
2015-06-16 21:28 - 2006-11-02 14:52 - 00032522 _____ C:\Windows\setupact.log
2015-06-16 21:23 - 2015-01-30 21:43 - 00000000 ____D C:\Program Files\Microsoft.NET
2015-06-16 21:23 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\ShellNew
2015-06-16 21:23 - 2006-11-02 13:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-06-13 10:25 - 2013-04-26 21:16 - 00000000 ____D C:\ProgramData\Avira
2015-06-13 10:06 - 2013-01-09 13:23 - 00000000 ____D C:\Users\CIBA PC8
2015-06-13 10:06 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\Msdtc
2015-06-13 10:06 - 2006-11-02 12:22 - 36175872 _____ C:\Windows\system32\config\components_previous
2015-06-13 10:06 - 2006-11-02 12:22 - 29884416 _____ C:\Windows\system32\config\software_previous
2015-06-13 10:06 - 2006-11-02 12:22 - 15466496 _____ C:\Windows\system32\config\system_previous
2015-06-13 10:06 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2015-06-13 10:06 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2015-06-13 10:06 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\default_previous
2015-06-13 10:05 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\spool
2015-06-13 10:05 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\registration
2015-06-10 21:26 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2013-04-22 20:42 - 2013-04-22 20:42 - 0000552 _____ () C:\Users\CIBAPC45678523\AppData\Local\d3d8caps.dat
2013-03-26 11:44 - 2015-06-04 12:54 - 0000680 _____ () C:\Users\CIBAPC45678523\AppData\Local\d3d9caps.dat
2013-04-26 21:20 - 2014-03-15 23:23 - 0016384 _____ () C:\Users\CIBAPC45678523\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Users\CIBAPC45678523\AppData\Local\Temp\AskSLib.dll
C:\Users\CIBAPC45678523\AppData\Local\Temp\avgnt.exe
C:\Users\Home\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-09 21:04

==================== End of log ============================

--- --- ---

4. Addition FRST
[CODE]
Additional
FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x86) Version: 04-07-2015
Ran by CIBAPC45678523 at 2015-07-09 22:38:13
Running from C:\Users\CIBAPC45678523\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2772773862-112770573-1896515911-500 - Administrator - Disabled)
CIBAPC45678523 (S-1-5-21-2772773862-112770573-1896515911-1001 - Administrator - Enabled) => C:\Users\CIBAPC45678523
Gast (S-1-5-21-2772773862-112770573-1896515911-501 - Limited - Disabled)
Home (S-1-5-21-2772773862-112770573-1896515911-1002 - Limited - Enabled) => C:\Users\Home

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Avira (HKLM\...\{8467e01f-0496-42ce-b247-88ef205b4880}) (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.11.579 - Avira Operations GmbH & Co. KG)
BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden
Dell Security Device Driver Pack (HKLM\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.02.35 - Dell Inc.)
Dell System Detect (HKU\S-1-5-21-2772773862-112770573-1896515911-1001\...\73f463568823ebbe) (Version: 5.13.0.1 - Dell)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 16.1.20150424 - Landesfinanzdirektion Thüringen)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 15.2 - Intel)
Intel® Active-Management-Technologie (HKLM\...\MESOL) (Version:  - Intel Corporation)
K-Lite Mega Codec Pack 2.2.5 (HKLM\...\KLiteCodecPack_is1) (Version: 2.25 - )
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software-Treiberpaket (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 de) (HKLM\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
MSI US54EX Wireless Client Utility (HKLM\...\{FFAA01ED-BEEC-4578-87D5-90E1C7A6D230}) (Version: 1.00.00 - Pacific)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.311.0 - Tracker Software Products Ltd)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 7.4 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.5853 - Analog Devices)
SubEdit - Vista WMP Patch (HKLM\...\SubEdit - Vista WMP Patch_is1) (Version: 1 - Artur Sikora)
SubEdit-Player (HKLM\...\SubEdit-Player_is1) (Version: 4072 - Artur Sikora)
UPEK TouchChip Fingerprint Reader (Version: 1.0.0 - Dell Inc.) Hidden
Windows-Treiberpaket - Dell Inc. PBADRV System  (01/07/2008 1.0.1.5) (HKLM\...\9D57DE505B6D8C710EF3B74BE638DBB936EED8A3) (Version: 01/07/2008 1.0.1.5 - Dell Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

07-06-2015 13:12:59 Geplanter Prüfpunkt
10-06-2015 21:09:03 Geplanter Prüfpunkt
13-06-2015 00:02:13 LavasoftWeCompanion
13-06-2015 01:08:38 LavasoftWeCompanion
13-06-2015 10:02:43 Wiederherstellungsvorgang
16-06-2015 21:20:18 Usunięto: Microsoft Office Professional Edition 2003
06-07-2015 23:45:27 Geplanter Prüfpunkt
08-07-2015 22:32:32 Geplanter Prüfpunkt
08-07-2015 22:46:44 Revo Uninstaller's restore point - Mozilla Firefox 35.0.1 (x86 de)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {DEE198FD-2862-49A5-ABEB-434C9AA41060} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (Whitelisted) ==============

2009-10-14 13:36 - 2009-10-14 13:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2013-01-09 13:33 - 2010-05-21 14:14 - 00077824 _____ () C:\Program Files\Common Files\Intel\Privacy Icon\UNS\DTMessageLib.dll
2009-10-14 13:34 - 2009-10-14 13:34 - 00560472 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2772773862-112770573-1896515911-1001\...\dell.com -> dell.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2772773862-112770573-1896515911-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\Wallpaper\img24.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SLSVC-In-TCP] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [SLSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{C4458AD6-35A2-4EE0-A030-F2702D70CAD7}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{45A02A4E-F567-4ED5-AE11-4D1DC5345568}] => (Allow) LPort=80
FirewallRules: [{B4FD2363-4DFA-475C-92C5-08B90DEB73D0}] => (Allow) LPort=80
FirewallRules: [{CC60B561-7227-4C51-B619-D20AA1555B30}] => (Allow) LPort=80
FirewallRules: [{D747F904-6AFC-467B-8BE9-90B9F590B5E0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{55F344FA-AC65-4E1C-9960-34377D7AA357}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: Videocontroller
Description: Videocontroller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/09/2015 09:19:05 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\CIBAPC45678523\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5LMVBXWD.DEFAULT\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/09/2015 09:19:05 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\CIBAPC45678523\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5LMVBXWD.DEFAULT\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/09/2015 09:03:58 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\CIBAPC45678523\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/09/2015 09:03:58 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\CIBAPC45678523\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/09/2015 09:03:54 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\CIBAPC45678523\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/09/2015 09:03:54 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\CIBAPC45678523\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/09/2015 09:03:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\CIBAPC45678523\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK\BACK_20X20-INVERTED.PNG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/09/2015 09:03:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\CIBAPC45678523\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK\BACK_20X20-INVERTED.PNG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/09/2015 09:03:46 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\CIBAPC45678523\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/09/2015 09:03:46 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\CIBAPC45678523\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)


System errors:
=============
Error: (07/06/2015 10:28:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Presentation Foundation Font Cache 4.0.0.0201Neustart des Diensts

Error: (07/06/2015 10:28:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Modules Installer11200001Neustart des Diensts

Error: (07/06/2015 10:28:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Intel(R) Management and Security Application User Notification Service1

Error: (07/06/2015 10:28:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Presentation Foundation Font Cache 4.0.0.0101Neustart des Diensts

Error: (07/06/2015 10:28:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Media Player-Netzwerkfreigabedienst1300001Neustart des Diensts

Error: (07/06/2015 10:28:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Avira Service Host1100001Neustart des Diensts

Error: (07/06/2015 10:28:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search1300001Neustart des Diensts

Error: (07/06/2015 10:28:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: MBAMScheduler1

Error: (07/06/2015 10:28:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Process Monitor1

Error: (07/06/2015 10:28:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Druckwarteschlange1600001Neustart des Diensts


Microsoft Office:
=========================
Error: (07/09/2015 09:19:05 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\CIBAPC45678523\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5LMVBXWD.DEFAULT\SAFEBROWSING

Error: (07/09/2015 09:19:05 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\CIBAPC45678523\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5LMVBXWD.DEFAULT\SAFEBROWSING

Error: (07/09/2015 09:03:58 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\CIBAPC45678523\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES

Error: (07/09/2015 09:03:58 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\CIBAPC45678523\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES

Error: (07/09/2015 09:03:54 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\CIBAPC45678523\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS

Error: (07/09/2015 09:03:54 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\CIBAPC45678523\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS

Error: (07/09/2015 09:03:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\CIBAPC45678523\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK\BACK_20X20-INVERTED.PNG

Error: (07/09/2015 09:03:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\CIBAPC45678523\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK\BACK_20X20-INVERTED.PNG

Error: (07/09/2015 09:03:46 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\CIBAPC45678523\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES

Error: (07/09/2015 09:03:46 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\CIBAPC45678523\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES


CodeIntegrity Errors:
===================================
  Date: 2015-07-09 22:38:10.179
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-09 22:38:10.121
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-09 22:38:10.062
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-09 22:38:09.997
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-09 22:38:09.838
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-09 22:38:09.781
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-09 22:38:09.721
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-09 22:38:09.665
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-09 22:37:53.379
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-09 22:37:53.322
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 57%
Total physical RAM: 1978.88 MB
Available physical RAM: 832.17 MB
Total Virtual: 4204.8 MB
Available Virtual: 2578.72 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.01 GB) (Free:108.63 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: AC8AE961)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of log ============================

--- --- ---

Grüße, Pablo

schrauber · 10.07.2015, 08:25

Noch Probleme mit dem Rechner?

Pablo82 · 10.07.2015, 11:54

Hallo, eigentlich keine Probleme mehr bzw. durch AVIRA ist das System manchmal recht lahm.
Es kann aber am Alter liegen.
Aber darum werde ich mich nach meinem Urlaub kümmern.

Ich werde dann meinen Rechner als geheilt

betrachten.
Sollte noch was vorkommen werde ich mich melden.
Noch mal vielen Dank

Grüße,
Pawel

06.07.2015, 05:14	#2
schrauber /// the machine /// TB-Ausbilder	Windows Vista, InstallCore.Gen7, LavasoftWeCompanion Hi, sind die FRST logs frisch, also nach all den Tools? Was besteht aktuell noch an Problemen? __________________ __________________

06.07.2015, 15:06	#4
schrauber /// the machine /// TB-Ausbilder	Windows Vista, InstallCore.Gen7, LavasoftWeCompanion AdwCleaner neu laden, nochmal scannen und löschen lassen, dann bitte ein frisches FRST Log mit Haken gesetzt bei Addition __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

07.07.2015, 06:27	#6
schrauber /// the machine /// TB-Ausbilder	Windows Vista, InstallCore.Gen7, LavasoftWeCompanion Ja bitte mal anhängen. __________________ --> Windows Vista, InstallCore.Gen7, LavasoftWeCompanion

07.07.2015, 12:11	#8
schrauber /// the machine /// TB-Ausbilder	Windows Vista, InstallCore.Gen7, LavasoftWeCompanion Das Kontextmenü ist nur im Browser so gefüllt? Oder überall? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

10.07.2015, 08:25	#14
schrauber /// the machine /// TB-Ausbilder	Windows Vista, InstallCore.Gen7, LavasoftWeCompanion Noch Probleme mit dem Rechner? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Windows Vista, InstallCore.Gen7, LavasoftWeCompanion

Log-Analyse und Auswertung: Windows Vista, InstallCore.Gen7, LavasoftWeCompanion