Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 8, Windows PC-Repair Virus und wohl noch andere

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 21.04.2014, 09:27   #1
bjc51
 
Windows 8, Windows PC-Repair Virus und wohl noch andere - Standard

Windows 8, Windows PC-Repair Virus und wohl noch andere



Hallo, bitte dringend um Eure Hilfe. An meinem 5 Monate altem Medion Notebook gehen schön länger ständig irgendwelche Fenster und Popups auf und besonders häufig die Seite Windows PC-Repartur, wo ich das Programm ReimageRepair.exe runterladen und installieren soll, was ich mich bisher noch nicht getraut habe.

Der Computer wird immer langsamer und das Scrollen hängt häufig oder in Zeitlupe.

Auch wird zudem sehr häufig diese leere Seite aufgerufen mit folgender Adresse:

hxxp://123srv.com/ads-clicktrack/click/newjump1.do?affiliate=63640&subid=1700_1043_de&terms=windows%20repair%20virus%20entfernen%20helpster.de%20software%20entfernen%20virus%20trojaner%20ma lware&ai=Md5Lbrr5ATI11JxhQRpE1u8Roumv1MwI4d-CYpN8NSDSC-kKLArfpjFQuA2rSgL5K_dqIzpnGLA2tOoEw2g00RCcg0ugRsELH5BGk8fmm8Bv6Ic0JL2KQDkPBmgM9STLEG8tGeL9UnJ-GJQoLd5tJIW914ybcQ3w7mvDzitG08zO_FcG_wCDZHLUSHNTu-5snz6mgYnnOcw3SBFmSR8Bg7EDRo8MB7-QJNCYBj8SUJ7tKAiHjKgp7q4EKh5g9iOYAm6gX72uu4udSYW5IhIobrQ7OTwP2IlpZ2UL6SVxVw8tmW5MMvQqbI8Zgv9RMPTbBJaTgvldsJZv_BshDsM397B73xsSm4fDp3u-v_q7BuLzKtHMzmWEqo9Xgv6HiZuzIeUlB1Hnj1I7sofcjG1oJqxUXkXhJy0tPCNpmeFAo-6S-CqcIrkfpG4DGQQ7I5LM2co8YRBWsBqWGUX704__SyixmYP_Nn5_7ma6lsj28KM&version=1.1

Auch dieses Popup kommt sehr oft: Remove Malware now...

oder es steht oben oder unten

Ads by OnlineBrowserAdvertisingAd Options

Alt 21.04.2014, 09:28   #2
M-K-D-B
/// TB-Ausbilder
 
Windows 8, Windows PC-Repair Virus und wohl noch andere - Standard

Windows 8, Windows PC-Repair Virus und wohl noch andere






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 4 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 21.04.2014, 14:55   #3
bjc51
 
Windows 8, Windows PC-Repair Virus und wohl noch andere - Standard

Windows 8, Windows PC-Repair Virus und wohl noch andere



Hallo Matthias,

das ist supernett, daß Du mir versuchst zu helfen.

Hier der Inhalt beider Dateien nach dem Scan:
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2014 02
Ran by Bodo (administrator) on AKOYAE6240T on 21-04-2014 15:45:56
Running from C:\Users\Bodo\Desktop
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Spigot, Inc.) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
() C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Wajam) C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe
(Conduit) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\PHotkey\ATouch64.exe
() C:\Program Files (x86)\Re-markit\Re-markit_wd.exe
() C:\Program Files (x86)\PHotkey\POSD.exe
() C:\Program Files (x86)\PHotkey\GPMTray.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Smartbar) C:\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Visicom Media Inc.) C:\ProgramData\Search Protection\SearchProtection.exe
(MyHeritage) C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
() C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
(AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(Spigot, Inc.) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
(Spigot Inc) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-09-29] (Realtek Semiconductor Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2777840 2013-08-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-09-23] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-18] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [Search Protection] => C:\ProgramData\Search Protection\SearchProtection.exe [944224 2013-06-26] (Visicom Media Inc.)
HKLM-x32\...\Run: [Family Tree Builder Update] => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [2532864 2013-12-09] (MyHeritage)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [775872 2014-01-27] ()
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1691136 2012-05-31] (AimerSoft)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SearchSettings] => C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [1401152 2014-03-28] (Spigot, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-4152838901-865744110-646186296-1001\...\Run: [lollipop_01031042] => "c:\users\bodo\appdata\local\lollipop\lollipop_01031042.exe" lollipop_01031042
HKU\S-1-5-21-4152838901-865744110-646186296-1001\...\Run: [NextLive] => C:\WINDOWS\SysWOW64\rundll32.exe "C:\Users\Bodo\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-4152838901-865744110-646186296-1001\...\Run: [Browser Infrastructure Helper] => C:\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.exe [20760 2013-11-21] (Smartbar)
HKU\S-1-5-21-4152838901-865744110-646186296-1001\...\Run: [Slick Savings] => C:\Users\Bodo\AppData\Roaming\Slick Savings\CouponsHelper.exe [832320 2014-02-13] (Spigot, Inc.)
HKU\S-1-5-21-4152838901-865744110-646186296-1001\...\MountPoints2: {381baa29-47b3-11e3-8279-806e6f6e6963} - "E:\autorun.exe" Autorun\autorun.hta
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1355040 2014-03-30] (Conduit)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1050400 2014-03-30] (Conduit)
Startup: C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=63b019ad-0f66-12c1-d8e4-31fbc3bbaf22&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/01/2014&type=hp1000
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=63b019ad-0f66-12c1-d8e4-31fbc3bbaf22&searchtype=hp&fr=linkury-tb&installDate=14/01/2014&type=hp1000
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1387566299&from=tugs&uid=ST500LM000-1EJ162_W37120CBXXXXW37120CB
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=63b019ad-0f66-12c1-d8e4-31fbc3bbaf22&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/01/2014&type=hp1000
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1387566299&from=tugs&uid=ST500LM000-1EJ162_W37120CBXXXXW37120CB&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1387566299&from=tugs&uid=ST500LM000-1EJ162_W37120CBXXXXW37120CB
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1387566299&from=tugs&uid=ST500LM000-1EJ162_W37120CBXXXXW37120CB
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1387566299&from=tugs&uid=ST500LM000-1EJ162_W37120CBXXXXW37120CB&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1387566299&from=tugs&uid=ST500LM000-1EJ162_W37120CBXXXXW37120CB&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1387566299&from=tugs&uid=ST500LM000-1EJ162_W37120CBXXXXW37120CB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1387566299&from=tugs&uid=ST500LM000-1EJ162_W37120CBXXXXW37120CB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1387566299&from=tugs&uid=ST500LM000-1EJ162_W37120CBXXXXW37120CB&q={searchTerms}
URLSearchHook: HKCU - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\9.0\ytdToolbarIE64.dll (Spigot, Inc.)
URLSearchHook: HKCU - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\9.0\ytdToolbarIE.dll (Spigot, Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1387566299&from=tugs&uid=ST500LM000-1EJ162_W37120CBXXXXW37120CB
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1387566299&from=tugs&uid=ST500LM000-1EJ162_W37120CBXXXXW37120CB&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1387566299&from=tugs&uid=ST500LM000-1EJ162_W37120CBXXXXW37120CB&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=63b019ad-0f66-12c1-d8e4-31fbc3bbaf22&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/01/2014&type=hp1000
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=63b019ad-0f66-12c1-d8e4-31fbc3bbaf22&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/01/2014&type=hp1000
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=63b019ad-0f66-12c1-d8e4-31fbc3bbaf22&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/01/2014&type=hp1000
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=63b019ad-0f66-12c1-d8e4-31fbc3bbaf22&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/01/2014&type=hp1000
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3322168&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP144C8618-5613-48F2-B45A-6008A3A29C88&q={searchTerms}&SSPV=
SearchScopes: HKCU - {A20986C9-388E-4B9A-A0FF-095073009E92} URL = hxxp://search.softonic.com/MOY00009/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=b02323500000000000006c71d9c34a0b&toi=16085&r=640
SearchScopes: HKCU - {DFABB43D-A5B9-44E2-B139-C536C248B3B7} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Plus-HD-1.3 - {11111111-1111-1111-1111-110311121157} - C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-bho64.dll (Plus HD)
BHO: Yahoo Community Smartbar (by Linkury)Engine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
BHO: Slick Savings - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\Bodo\AppData\Roaming\Slick Savings\Coupons64.dll (Spigot, Inc.)
BHO-x32: Plus-HD-1.3 - {11111111-1111-1111-1111-110311121157} - C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-bho.dll (Plus HD)
BHO-x32: Yahoo Community Smartbar (by Linkury)Engine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Slick Savings - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\Bodo\AppData\Roaming\Slick Savings\Coupons.dll (Spigot, Inc.)
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
BHO-x32: MyStart Toolbar - {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - C:\Program Files (x86)\mystarttb\mystartDx.dll ()
BHO-x32: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.8.29.3\bh\Softonic.dll (Softonic.com)
BHO-x32: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\9.0\ytdToolbarIE.dll (Spigot, Inc.)
BHO-x32: Value Apps plugin - {F63AAEDC-3602-49EF-AA45-262380A98980} - C:\Users\Bodo\AppData\Roaming\ValueApps\IE\MonPrx.dll No File
Toolbar: HKLM - MyStart Toolbar - {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - C:\Program Files (x86)\mystarttb\mystartDx64.dll ()
Toolbar: HKLM - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\9.0\ytdToolbarIE64.dll (Spigot, Inc.)
Toolbar: HKLM-x32 - MyStart Toolbar - {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - C:\Program Files (x86)\mystarttb\mystartDx.dll ()
Toolbar: HKLM-x32 - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.8.29.3\SoftonicTlbr.dll (Softonic.com)
Toolbar: HKLM-x32 - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\9.0\ytdToolbarIE.dll (Spigot, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default
FF user.js: detected! => C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default\user.js
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: Web Search
FF SelectedSearchEngine: Web Search
FF Homepage: hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=63b019ad-0f66-12c1-d8e4-31fbc3bbaf22&searchtype=hp&fr=linkury-tb&installDate=14/01/2014&type=hp1000
FF Keyword.URL: hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=63b019ad-0f66-12c1-d8e4-31fbc3bbaf22&searchtype=ds&fr=linkury-tb&installDate=14/01/2014&type=hp1000&p=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Plus-HD-1.3 - C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default\Extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com [2014-03-12]
FF Extension: Quick Start - C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default\Extensions\quick_start@gmail.com [2014-03-30]
FF Extension: Slick Savings - C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default\Extensions\savingsslider@mybrowserbar.com [2014-03-31]
FF Extension: Start Page - C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362} [2014-03-31]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ []
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default\extensions\quick_start@gmail.com
FF Extension: Quick Start - C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default\extensions\quick_start@gmail.com [2014-03-30]
FF HKCU\...\Firefox\Extensions: [{abdfcd24-f4a1-4248-b9c4-4ee53f915331}] - C:\Program Files (x86)\Re-markit\155.xpi
FF Extension: Re-markit - C:\Program Files (x86)\Re-markit\155.xpi [2014-02-22]

Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3322168&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP144C8618-5613-48F2-B45A-6008A3A29C88&SSPV=
CHR StartupUrls: "https://www.google.de/", "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=48&cc=&mi=b02323500000000000006c71d9c34a0b&toi=16085", "hxxp://de.search.yahoo.com/?type=937811&fr=spigot-yhp-ch"
CHR Extension: (Google Docs) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-23]
CHR Extension: (Google Drive) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-23]
CHR Extension: (YouTube) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-23]
CHR Extension: (Adblock Plus) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-17]
CHR Extension: (Google-Suche) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-23]
CHR Extension: (Re-markit) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel [2013-12-23]
CHR Extension: (Avira Browser Safety) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-03-22]
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2014-04-01]
CHR Extension: (Plus-HD-1.3) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl [2013-12-23]
CHR Extension: (Domain Error Assistant) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj [2014-04-01]
CHR Extension: (Freemake Video Converter) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2014-01-14]
CHR Extension: (Slick Savings) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2014-04-01]
CHR Extension: (Google Wallet) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-23]
CHR Extension: (Extended Protection) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo [2014-03-30]
CHR Extension: (Quick Start) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-03-30]
CHR Extension: (Amazon Shopping Assistant by Spigot) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp [2014-04-01]
CHR Extension: (Google Mail) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-23]
CHR HKLM-x32\...\Chrome\Extension: [dopemniaeocfenlpnoannaefnhfcjcgi] - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\searchswitch.crx [2014-03-30]
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-01-14]
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\Bodo\AppData\Local\Slick Savings\coupons.crx [2014-03-31]
CHR HKLM-x32\...\Chrome\Extension: [ogfjmhfnldnajmfaofeiaepghjenbgjo] - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx [2014-03-30]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-03-30]
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-01-09] (Adobe Systems)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [61440 2013-09-26] ()
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2466080 2014-03-30] (Conduit)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [103936 2014-01-13] (Freemake)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [160768 2013-06-27] ()
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2014-01-22] (IObit)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] ()
R2 WajamUpdaterV3; C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe [114176 2013-11-11] (Wajam)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [510608 2014-03-05] (Cherished Technololgy LIMITED)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 PegaRadioSwitch; C:\Windows\System32\drivers\PegaRadioSwitch.sys [23552 2013-08-22] (Windows (R) Win 7 DDK provider)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2013-10-22] ()
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [548056 2013-09-05] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation                           )
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-14] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
R3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-21 15:45 - 2014-04-21 15:46 - 00030772 _____ () C:\Users\Bodo\Desktop\FRST.txt
2014-04-21 15:45 - 2014-04-21 15:45 - 00000000 ____D () C:\FRST
2014-04-21 15:42 - 2014-04-21 15:43 - 02056704 _____ (Farbar) C:\Users\Bodo\Desktop\FRST64.exe
2014-04-21 09:48 - 2014-04-21 09:48 - 00797552 _____ (Reimage®) C:\Users\Bodo\Downloads\ReimageRepair.exe
2014-04-16 15:34 - 2014-04-16 15:34 - 00000000 ____D () C:\Program Files (x86)\YTD Toolbar
2014-04-16 15:34 - 2014-04-16 15:34 - 00000000 ____D () C:\Program Files (x86)\Application Updater
2014-04-15 01:28 - 2014-04-15 01:28 - 02279222 _____ () C:\Users\Bodo\Documents\HappyBD2.psd
2014-04-11 16:40 - 2014-04-11 16:41 - 00003584 _____ () C:\Users\Bodo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-11 11:38 - 2014-04-11 11:38 - 03766207 _____ () C:\Users\Bodo\Documents\4GMenue.psd
2014-04-11 11:37 - 2014-04-11 11:37 - 04303370 _____ () C:\Users\Bodo\Documents\3GMenue.psd
2014-04-10 02:45 - 2014-04-10 02:45 - 00000000 _____ () C:\end
2014-04-09 09:53 - 2014-03-10 12:35 - 02008408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-04-09 09:53 - 2014-03-10 12:35 - 00377176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2014-04-09 09:53 - 2014-03-06 11:19 - 01287576 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-04-09 09:53 - 2014-03-06 08:10 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-04-09 09:52 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-04-09 09:52 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-04-09 09:52 - 2014-03-06 11:02 - 01109424 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-04-09 09:52 - 2014-03-06 08:17 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-04-09 09:48 - 2014-04-09 09:48 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-04-09 09:48 - 2014-04-09 09:48 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-04-06 18:46 - 2014-04-04 17:02 - 00009866 _____ () C:\Users\Bodo\Documents\untitled_0_1.odt
2014-04-06 15:48 - 2014-04-06 15:48 - 00001906 _____ () C:\Users\Bodo\Desktop\IrfanView Thumbnails.lnk
2014-04-06 15:48 - 2014-04-06 15:48 - 00001018 _____ () C:\Users\Bodo\Desktop\IrfanView.lnk
2014-04-06 15:48 - 2014-04-06 15:48 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-04-06 15:48 - 2014-04-06 15:48 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\IrfanView
2014-04-06 15:48 - 2014-04-06 15:48 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2014-04-06 15:45 - 2014-04-06 15:46 - 02179728 _____ (Irfan Skiljan) C:\Users\Bodo\Downloads\iview437g_setup.exe
2014-04-03 19:53 - 2014-04-04 15:13 - 00026653 _____ () C:\Users\Bodo\Documents\AGGreifswald1404a.odt
2014-04-03 09:11 - 2014-04-03 10:01 - 00027376 _____ () C:\Users\Bodo\Documents\ojkhamm1404.odt
2014-04-02 12:04 - 2014-04-02 12:16 - 00000000 ____D () C:\Users\Bodo\Documents\AfD
2014-04-01 12:23 - 2014-04-01 12:26 - 00000000 ____D () C:\Users\Bodo\Documents\Fax
2014-04-01 10:19 - 2014-04-01 10:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-01 09:32 - 2014-04-01 10:35 - 00001110 _____ () C:\WINDOWS\setup.log
2014-04-01 09:32 - 1998-11-17 12:44 - 00328704 _____ (InstallShield Software Corporation ) C:\WINDOWS\IsUn0407.exe
2014-04-01 09:29 - 2014-04-01 09:29 - 17821354 _____ (AVM Berlin ) C:\Users\Bodo\Downloads\FRITZ_fax_3.07.04.exe
2014-04-01 05:31 - 2014-04-01 05:31 - 01591300 _____ () C:\Users\Bodo\Downloads\2.mpg
2014-03-31 14:21 - 2014-04-16 15:34 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\Slick Savings
2014-03-31 14:21 - 2014-03-31 14:21 - 00000000 ____D () C:\Users\Bodo\AppData\Local\Slick Savings
2014-03-31 11:43 - 2014-04-02 11:53 - 00000000 ____D () C:\Users\Bodo\Documents\Jobcenter
2014-03-30 00:41 - 2014-04-12 08:43 - 00000000 ____D () C:\ProgramData\IePluginService
2014-03-30 00:41 - 2014-03-30 00:41 - 00001003 _____ () C:\Users\Bodo\Desktop\337 GAMES.lnk
2014-03-30 00:41 - 2014-03-30 00:41 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\SupTab
2014-03-30 00:41 - 2014-03-30 00:41 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\337Games
2014-03-30 00:41 - 2014-03-30 00:41 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\337Games
2014-03-30 00:41 - 2014-03-30 00:41 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-03-27 01:23 - 2014-03-27 01:23 - 00000000 ____D () C:\Program Files (x86)\GUMA44D.tmp
2014-03-25 10:26 - 2014-03-25 10:26 - 00028226 _____ () C:\Users\Bodo\Documents\KontaktlistePinguine1403.odt
2014-03-25 10:23 - 2014-03-25 10:30 - 00000000 ____D () C:\Users\Bodo\Documents\Ireen
2014-03-24 21:11 - 2014-03-24 21:12 - 11744300 _____ () C:\Users\Bodo\Documents\Robin Thicke - Blurred Lines (Clean) ft. T.I., Pharrell.avi
2014-03-24 21:10 - 2014-03-24 21:10 - 09254550 _____ () C:\Users\Bodo\Documents\Robin Thicke - Blurred Lines (Clean) ft. T.I., Pharrell.mp4
2014-03-24 16:06 - 2014-03-24 17:31 - 00029981 _____ () C:\Users\Bodo\Documents\AGGreifswald1403b.odt

==================== One Month Modified Files and Folders =======

2014-04-21 15:46 - 2014-04-21 15:45 - 00030772 _____ () C:\Users\Bodo\Desktop\FRST.txt
2014-04-21 15:45 - 2014-04-21 15:45 - 00000000 ____D () C:\FRST
2014-04-21 15:45 - 2013-12-19 00:54 - 01246453 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-21 15:43 - 2014-04-21 15:42 - 02056704 _____ (Farbar) C:\Users\Bodo\Desktop\FRST64.exe
2014-04-21 15:38 - 2014-02-15 17:07 - 00000346 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2014-04-21 15:38 - 2014-01-25 12:37 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-21 15:28 - 2013-12-23 17:07 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-21 15:15 - 2013-12-19 01:02 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4152838901-865744110-646186296-1001
2014-04-21 15:10 - 2014-01-14 14:18 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\newnext.me
2014-04-21 15:10 - 2013-12-20 21:04 - 00000406 _____ () C:\WINDOWS\Tasks\Re-markit Update.job
2014-04-21 15:10 - 2013-12-15 13:04 - 00000000 __RDO () C:\Users\Bodo\SkyDrive
2014-04-21 15:09 - 2014-02-22 14:14 - 00000392 _____ () C:\WINDOWS\Tasks\Re-markit_wd.job
2014-04-21 15:09 - 2013-12-23 17:09 - 00002199 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-21 15:09 - 2013-12-23 17:07 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-21 15:09 - 2013-12-20 21:05 - 00002126 _____ () C:\WINDOWS\Tasks\Plus-HD-1.3-firefoxinstaller.job
2014-04-21 15:09 - 2013-12-20 21:05 - 00001998 _____ () C:\WINDOWS\Tasks\Plus-HD-1.3-chromeinstaller.job
2014-04-21 15:09 - 2013-12-20 21:05 - 00001350 _____ () C:\WINDOWS\Tasks\Plus-HD-1.3-updater.job
2014-04-21 15:09 - 2013-12-20 21:05 - 00001252 _____ () C:\WINDOWS\Tasks\Plus-HD-1.3-codedownloader.job
2014-04-21 15:09 - 2013-12-20 21:05 - 00001152 _____ () C:\WINDOWS\Tasks\Plus-HD-1.3-enabler.job
2014-04-21 15:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-04-21 14:05 - 2013-10-07 07:32 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-04-21 14:05 - 2013-10-07 07:32 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-04-21 14:05 - 2013-10-07 07:11 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-21 14:02 - 2014-01-22 01:44 - 00000000 ____D () C:\ProgramData\ProductData
2014-04-21 14:01 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-21 14:01 - 2013-08-22 16:44 - 00563328 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-04-21 14:00 - 2013-10-07 07:06 - 00300138 _____ () C:\WINDOWS\PFRO.log
2014-04-21 13:59 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-04-21 13:52 - 2014-02-21 12:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-21 13:51 - 2013-10-07 10:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-04-21 13:51 - 2013-08-22 22:59 - 00000000 ____D () C:\WINDOWS\ShellNew
2014-04-21 13:50 - 2014-01-09 19:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-04-21 13:50 - 2013-10-07 07:25 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-04-21 13:47 - 2013-08-22 15:25 - 00000076 _____ () C:\WINDOWS\win.ini
2014-04-21 13:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-04-21 09:48 - 2014-04-21 09:48 - 00797552 _____ (Reimage®) C:\Users\Bodo\Downloads\ReimageRepair.exe
2014-04-21 04:43 - 2013-12-15 13:03 - 00000000 ____D () C:\Users\Bodo\Documents\Youcam
2014-04-20 14:00 - 2013-12-19 20:34 - 00001309 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk
2014-04-20 14:00 - 2013-12-19 20:34 - 00000000 ____D () C:\ProgramData\YTD Video Downloader
2014-04-18 09:55 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-04-16 15:34 - 2014-04-16 15:34 - 00000000 ____D () C:\Program Files (x86)\YTD Toolbar
2014-04-16 15:34 - 2014-04-16 15:34 - 00000000 ____D () C:\Program Files (x86)\Application Updater
2014-04-16 15:34 - 2014-03-31 14:21 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\Slick Savings
2014-04-15 01:28 - 2014-04-15 01:28 - 02279222 _____ () C:\Users\Bodo\Documents\HappyBD2.psd
2014-04-14 04:47 - 2013-12-19 13:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-13 22:41 - 2013-10-08 13:17 - 00000000 ____D () C:\ProgramData\Realtek
2014-04-12 08:43 - 2014-03-30 00:41 - 00000000 ____D () C:\ProgramData\IePluginService
2014-04-11 21:47 - 2014-01-05 16:25 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\vlc
2014-04-11 16:41 - 2014-04-11 16:40 - 00003584 _____ () C:\Users\Bodo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-11 11:38 - 2014-04-11 11:38 - 03766207 _____ () C:\Users\Bodo\Documents\4GMenue.psd
2014-04-11 11:37 - 2014-04-11 11:37 - 04303370 _____ () C:\Users\Bodo\Documents\3GMenue.psd
2014-04-10 02:45 - 2014-04-10 02:45 - 00000000 _____ () C:\end
2014-04-09 09:48 - 2014-04-09 09:48 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-04-09 09:48 - 2014-04-09 09:48 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-04-08 21:33 - 2014-03-10 17:58 - 00000000 ____D () C:\Users\Bodo\Art
2014-04-06 15:48 - 2014-04-06 15:48 - 00001906 _____ () C:\Users\Bodo\Desktop\IrfanView Thumbnails.lnk
2014-04-06 15:48 - 2014-04-06 15:48 - 00001018 _____ () C:\Users\Bodo\Desktop\IrfanView.lnk
2014-04-06 15:48 - 2014-04-06 15:48 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-04-06 15:48 - 2014-04-06 15:48 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\IrfanView
2014-04-06 15:48 - 2014-04-06 15:48 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2014-04-06 15:46 - 2014-04-06 15:45 - 02179728 _____ (Irfan Skiljan) C:\Users\Bodo\Downloads\iview437g_setup.exe
2014-04-04 17:02 - 2014-04-06 18:46 - 00009866 _____ () C:\Users\Bodo\Documents\untitled_0_1.odt
2014-04-04 15:13 - 2014-04-03 19:53 - 00026653 _____ () C:\Users\Bodo\Documents\AGGreifswald1404a.odt
2014-04-03 10:01 - 2014-04-03 09:11 - 00027376 _____ () C:\Users\Bodo\Documents\ojkhamm1404.odt
2014-04-02 12:16 - 2014-04-02 12:04 - 00000000 ____D () C:\Users\Bodo\Documents\AfD
2014-04-02 11:53 - 2014-03-31 11:43 - 00000000 ____D () C:\Users\Bodo\Documents\Jobcenter
2014-04-01 12:26 - 2014-04-01 12:23 - 00000000 ____D () C:\Users\Bodo\Documents\Fax
2014-04-01 10:35 - 2014-04-01 09:32 - 00001110 _____ () C:\WINDOWS\setup.log
2014-04-01 10:19 - 2014-04-01 10:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-01 09:29 - 2014-04-01 09:29 - 17821354 _____ (AVM Berlin ) C:\Users\Bodo\Downloads\FRITZ_fax_3.07.04.exe
2014-04-01 05:31 - 2014-04-01 05:31 - 01591300 _____ () C:\Users\Bodo\Downloads\2.mpg
2014-03-31 23:23 - 2013-12-26 06:02 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-03-31 23:23 - 2013-12-26 06:02 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-31 14:21 - 2014-03-31 14:21 - 00000000 ____D () C:\Users\Bodo\AppData\Local\Slick Savings
2014-03-31 11:06 - 2014-01-15 13:00 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-03-31 03:16 - 2014-04-09 09:52 - 23134208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-31 01:57 - 2014-04-09 09:52 - 17073152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-30 00:41 - 2014-03-30 00:41 - 00001003 _____ () C:\Users\Bodo\Desktop\337 GAMES.lnk
2014-03-30 00:41 - 2014-03-30 00:41 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\SupTab
2014-03-30 00:41 - 2014-03-30 00:41 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\337Games
2014-03-30 00:41 - 2014-03-30 00:41 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\337Games
2014-03-30 00:41 - 2014-03-30 00:41 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-03-30 00:41 - 2013-12-20 21:05 - 00000000 ____D () C:\ProgramData\WPM
2014-03-29 08:36 - 2014-01-14 14:19 - 00000306 __RSH () C:\Users\Bodo\ntuser.pol
2014-03-29 08:36 - 2013-12-18 23:48 - 00000000 ____D () C:\Users\Bodo
2014-03-28 15:58 - 2013-08-22 16:46 - 00077026 _____ () C:\WINDOWS\setupact.log
2014-03-27 10:37 - 2013-12-19 00:55 - 00000000 ____D () C:\Users\Bodo\AppData\Local\CyberLink
2014-03-27 01:23 - 2014-03-27 01:23 - 00000000 ____D () C:\Program Files (x86)\GUMA44D.tmp
2014-03-27 01:23 - 2013-12-23 17:07 - 00004102 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-27 01:23 - 2013-12-23 17:07 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-25 10:30 - 2014-03-25 10:23 - 00000000 ____D () C:\Users\Bodo\Documents\Ireen
2014-03-25 10:26 - 2014-03-25 10:26 - 00028226 _____ () C:\Users\Bodo\Documents\KontaktlistePinguine1403.odt
2014-03-24 21:12 - 2014-03-24 21:11 - 11744300 _____ () C:\Users\Bodo\Documents\Robin Thicke - Blurred Lines (Clean) ft. T.I., Pharrell.avi
2014-03-24 21:10 - 2014-03-24 21:10 - 09254550 _____ () C:\Users\Bodo\Documents\Robin Thicke - Blurred Lines (Clean) ft. T.I., Pharrell.mp4
2014-03-24 17:31 - 2014-03-24 16:06 - 00029981 _____ () C:\Users\Bodo\Documents\AGGreifswald1403b.odt
2014-03-23 16:52 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-03-22 12:27 - 2013-12-19 00:53 - 00000000 ___RD () C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-22 12:27 - 2013-12-19 00:53 - 00000000 ___RD () C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-22 12:21 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData

Some content of TEMP:
====================
C:\Users\Bodo\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Bodo\AppData\Local\Temp\avgnt.exe
C:\Users\Bodo\AppData\Local\Temp\BackupSetup.exe
C:\Users\Bodo\AppData\Local\Temp\dlLogic.exe
C:\Users\Bodo\AppData\Local\Temp\EnableExtDll.dll
C:\Users\Bodo\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Bodo\AppData\Local\Temp\fp_pl_pfs_installer-2.exe
C:\Users\Bodo\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Bodo\AppData\Local\Temp\FreemakeVideoConverter_4.1.2.2.exe
C:\Users\Bodo\AppData\Local\Temp\Mobogenie_Setup_2-1-37_37.exe
C:\Users\Bodo\AppData\Local\Temp\nsa4AF0.exe
C:\Users\Bodo\AppData\Local\Temp\nse55A0.exe
C:\Users\Bodo\AppData\Local\Temp\nsnAD5.exe
C:\Users\Bodo\AppData\Local\Temp\nsnD859.exe
C:\Users\Bodo\AppData\Local\Temp\nsr4EF8.exe
C:\Users\Bodo\AppData\Local\Temp\nsuDC71.exe
C:\Users\Bodo\AppData\Local\Temp\nsuF3B.exe
C:\Users\Bodo\AppData\Local\Temp\nsv59A8.exe
C:\Users\Bodo\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Bodo\AppData\Local\Temp\promote-upx.exe
C:\Users\Bodo\AppData\Local\Temp\Setup.X86.de-DE_O365HomePremRetail_407491aa-e652-4ef3-a324-1e94c3b72453_TX_DB_.exe
C:\Users\Bodo\AppData\Local\Temp\Setup.X86.de-DE_O365HomePremRetail_9d4c90ba-fc43-46c7-b4ee-059048c2e70d_TX_DB_.exe
C:\Users\Bodo\AppData\Local\Temp\Softonic_chr_1-8-29-3_cn.exe
C:\Users\Bodo\AppData\Local\Temp\Softonic_chr_1-8-29-3_cn[1].exe
C:\Users\Bodo\AppData\Local\Temp\SPSetup.exe
C:\Users\Bodo\AppData\Local\Temp\vlc-2.1.4-win64.exe
C:\Users\Bodo\AppData\Local\Temp\_ReMarkit_up.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-16 02:43

==================== End Of Log ============================
         
--- --- ---

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2014 02
Ran by Bodo at 2014-04-21 15:47:38
Running from C:\Users\Bodo\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

337 GAMES (HKCU\...\337Games) (Version: 1.1.1.0 - )
AbiWord 2.9.4 (HKLM-x32\...\AbiWord2) (Version: 2.9.4 - AbiSource Developers)
Adobe Bridge 1.0 (x32 Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Stock Photos 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Ahnenblatt 2.74 (HKLM-x32\...\Ahnenblatt_is1) (Version: 2.74.0.1 - Dirk Boettcher)
Aimersoft DVD Ripper(Build 3.0.0.2) (HKLM-x32\...\Aimersoft DVD Ripper_is1) (Version: - Aimersoft Software)
Ashampoo AppLauncher (Medion) v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher (Medion)_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Home Cinema 10 (x32 Version: 10.3025 - CyberLink Corp.) Hidden
CyberLink LabelPrint 2.5 (x32 Version: 2.5.0.5415 - CyberLink Corp.) Hidden
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3807_46074 - CyberLink Corp.) Hidden
CyberLink PhotoDirector 3 (x32 Version: 3.0.1.4017 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (x32 Version: 8.0.0.3202 - CyberLink Corp.) Hidden
CyberLink PowerDirector 11 (Version: 11.0.0.3215 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.5426.02 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy 1.5 (x32 Version: 1.5.0.3725a - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.2103 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.2103 - CyberLink Corp.) Hidden
CyberLink YouCam 5 (x32 Version: 5.0.3318.0 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DMUninstaller (HKLM-x32\...\DMUninstaller) (Version: - ) <==== ATTENTION
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Easy CD-DA Extractor 2010 (HKLM-x32\...\Easy CD-DA Extractor 2010) (Version: 2010 - Poikosoft)
FormatFactory 3.1.1 (HKLM-x32\...\FormatFactory) (Version: 3.1.1 - Free Time)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Freemake Video Converter Version 4.1.2 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.2 - Ellora Assets Corporation)
Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät (HKLM\...\{C3F12DD0-54B1-4B2B-A82B-FA43502BC550}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Hilfe (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12412 - HP)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3309 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Intel(R) Trusted Execution Engine (Version: 1.1.1.1 - Intel Corporation) Hidden
Intel(R) Trusted Execution Engine Driver (Version: 1.0.0.1050 - Intel Corporation) Hidden
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.1.7.2405 - IObit)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
LibreOffice 4.1 Help Pack (German) (HKLM-x32\...\{43295475-62CA-4F25-B46C-43C59258780E}) (Version: 4.1.4.2 - The Document Foundation)
LibreOffice 4.1.4.2 (HKLM-x32\...\{94E11973-ED58-47A0-907C-ABF6D95C5DD8}) (Version: 4.1.4.2 - The Document Foundation)
Lollipop (HKCU\...\lollipop_01031042) (Version: - Lollipop Network, S.L.) <==== ATTENTION
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Expression Web 4 (x32 Version: 4.0.1460.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Mobogenie (HKLM-x32\...\Mobogenie) (Version: - Mobogenie.com) <==== ATTENTION
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 7.0.0.7129 - MyHeritage.com)
MyStart Toolbar (HKLM-x32\...\mystarttb) (Version: 5.3.1.21 - Visicom Media Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0092 - Pegatron Corporation)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Plus-HD-1.3 (HKLM-x32\...\Plus-HD-1.3) (Version: 1.31.153.4 - Plus HD) <==== ATTENTION
Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.769.769.093013 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0227 - REALTEK Semiconductor Corp.)
Re-markit (HKLM-x32\...\54ed89b2-da2e-446b-bde7-8188f45dc639) (Version: - Re-markit Software) <==== ATTENTION
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.12.11.11 - Conduit) <==== ATTENTION
Slick Savings (HKLM-x32\...\{3A787631-66A2-4634-B928-A37E73B58FB6}) (Version: 1.3 - Spigot, Inc.) <==== ATTENTION
Softonic toolbar on IE and Chrome (HKLM-x32\...\Softonic) (Version: 1.8.29.3 - Softonic) <==== ATTENTION
Studie zur Verbesserung von HP Deskjet 1050 J410 series Produkten (HKLM\...\{B099E941-4789-46A1-9B14-01CFD04E03B3}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
SupTab (HKLM-x32\...\SupTab) (Version: 1.1.1.0 - ) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated)
ValueApps (HKCU\...\ValueApps) (Version: 1.1.0.6 - Conduit) <==== ATTENTION
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Wajam (HKLM-x32\...\Wajam) (Version: 2.05 - Wajam) <==== ATTENTION
Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
XMedia Recode Version 3.1.7.8 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.7.8 - XMedia Recode)
Yahoo Community Smartbar (HKLM-x32\...\{D7403121-68C2-48BC-874D-048015E60DF0}) (Version: 10.179.66.13636 - Linkury Inc.) <==== ATTENTION
Yahoo Community Smartbar Engine (HKCU\...\{993cbed8-bf92-4638-bb47-6cb1272c92ff}) (Version: 10.179.66.13636 - Linkury Inc.) <==== ATTENTION
YTD Toolbar v9.0 (HKLM-x32\...\{9D47532D-59B3-4E15-8069-2E3FC4DA3E92}) (Version: 9.0 - Spigot, Inc.)
YTD Video Downloader 4.8 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8 - GreenTree Applications SRL)

==================== Restore Points =========================

06-04-2014 23:55:41 Geplanter Prüfpunkt
11-04-2014 09:31:10 Windows Update
15-04-2014 01:20:23 Windows Update
21-04-2014 08:46:41 Windows Update

==================== Hosts content: ==========================

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {038E750F-4B89-4ADF-B5DC-AB57853CA00A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {04A27B59-655B-4872-ACDF-6B22CA9A6D78} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2014-02-15] ()
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2EE106B8-5CCF-4253-A23C-26866F6BD9C1} - System32\Tasks\Plus-HD-1.3-updater => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-updater.exe [2013-12-20] (Plus HD) <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {4445933D-9960-456A-97EC-D67E119103A6} - System32\Tasks\Plus-HD-1.3-enabler => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-enabler.exe [2013-12-20] (Plus HD) <==== ATTENTION
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {790BB5FC-CE15-41F3-BA92-74C1C4C95EC9} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8CEBADF6-73BA-4635-95B1-5630C760570B} - System32\Tasks\Plus-HD-1.3-codedownloader => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-codedownloader.exe [2013-12-20] (Plus HD) <==== ATTENTION
Task: {8E866B41-CF47-4DD2-86BE-3BA0E6F4DC25} - System32\Tasks\Microsoft\Office\Office First Run Task => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {93DD8BD0-F48E-4FE0-98D3-482CB8AED3E4} - System32\Tasks\Plus-HD-1.3-firefoxinstaller => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-firefoxinstaller.exe [2013-12-20] (Plus HD) <==== ATTENTION
Task: {9514645B-9F2A-4777-BE65-6EE5E0E17226} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-23] (Google Inc.)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {AA98B172-10EC-4467-AF6B-52CFF605BC9A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-01-27] (Microsoft Corporation)
Task: {BEC9C1C3-AD4E-4354-8F98-A6469B37DE8E} - System32\Tasks\Plus-HD-1.3-chromeinstaller => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-chromeinstaller.exe [2013-12-20] (Plus HD) <==== ATTENTION
Task: {BF2088D2-306F-4D9C-9899-7188D50E06E1} - System32\Tasks\Re-markit Update => C:\Program Files (x86)\Re-markit\ReMarkit_up.exe [2014-02-22] () <==== ATTENTION
Task: {CD423634-93DB-4DA3-AE6E-52D4FEC97836} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-23] (Google Inc.)
Task: {CDBC83C8-5E0C-4B1F-B67A-FAC9805B3B57} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-01-22] (IObit)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DF8990FA-5798-455D-BA2D-60CB8985A4F1} - System32\Tasks\Re-markit_wd => C:\Program Files (x86)\Re-markit\Re-markit_wd.exe [2014-02-22] () <==== ATTENTION
Task: {E203C98C-6294-4879-809F-2FF5AAB87394} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-14] (Synaptics Incorporated)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {FB7480C5-8E9F-451E-A7B4-6AFBE83137CB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-03-19] (Microsoft Corporation)
Task: {FF6B227B-3D3A-4BEB-A425-B5D3F8EDB02F} - System32\Tasks\Dolby Selector => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-08-08] (Dolby Laboratories Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\WINDOWS\Tasks\Plus-HD-1.3-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-chromeinstaller.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Plus-HD-1.3-codedownloader.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-codedownloader.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Plus-HD-1.3-enabler.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-enabler.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Plus-HD-1.3-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-firefoxinstaller.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Plus-HD-1.3-updater.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Re-markit Update.job => C:\Program Files (x86)\Re-markit\ReMarkit_up.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Re-markit_wd.job => C:\Program Files (x86)\Re-markit\Re-markit_wd.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Loaded Modules (whitelisted) =============

2013-10-08 13:22 - 2013-06-27 10:56 - 00160768 _____ () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
2013-10-08 13:17 - 2013-09-26 21:08 - 00061440 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2013-12-19 17:00 - 2013-08-23 15:45 - 00386216 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-12-19 17:00 - 2013-10-31 10:08 - 00520872 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-12-19 17:00 - 2013-10-31 10:07 - 00618152 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-10-07 09:29 - 2013-03-06 15:42 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-10-08 13:22 - 2013-09-11 12:41 - 02216960 _____ () C:\Program Files (x86)\PHotkey\PHotkey.exe
2013-10-08 13:22 - 2010-12-17 15:04 - 00449032 _____ () C:\Program Files (x86)\PHotkey\ATouch64.exe
2014-02-22 14:14 - 2014-02-22 14:14 - 00093184 _____ () C:\Program Files (x86)\Re-markit\Re-markit_wd.exe
2013-10-08 13:22 - 2012-10-23 19:07 - 03471872 _____ () C:\Program Files (x86)\PHotkey\POSD.exe
2013-10-08 13:22 - 2013-07-18 16:41 - 08856576 _____ () C:\Program Files (x86)\PHotkey\GPMTray.exe
2013-08-08 17:53 - 2013-08-08 17:53 - 00050904 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll
2014-01-14 14:18 - 2014-01-27 12:20 - 00775872 _____ () C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
2013-12-19 13:32 - 2013-12-09 12:37 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-10-08 13:22 - 2009-12-18 16:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll
2013-10-08 13:22 - 2009-12-18 16:41 - 00129544 _____ () C:\Program Files (x86)\PHotkey\GFNEX.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00034072 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00062232 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\srau.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00149784 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00111896 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 02056984 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00055064 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\spbl.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00012568 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\siem.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00048408 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\sppsm.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00727320 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00081688 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00013592 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00016664 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00030488 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\srut.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00019736 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\srsbs.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00057112 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00014104 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\srpdm.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00013592 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\sgml.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00052504 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
2013-11-21 10:48 - 2013-11-21 10:48 - 00047384 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
2013-11-21 10:48 - 2013-11-21 10:48 - 00025368 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00024856 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00248088 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\srns.dll
2013-10-07 09:28 - 2013-08-05 09:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 16:48 - 2013-08-05 16:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-01-14 14:18 - 2014-01-27 12:20 - 00061440 _____ () C:\Program Files (x86)\Mobogenie\Device.dll
2014-01-14 14:18 - 2014-01-27 12:20 - 00471040 _____ () C:\Program Files (x86)\Mobogenie\DCR.dll
2014-03-18 23:04 - 2014-03-18 23:04 - 03018864 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-03-18 23:04 - 2014-03-18 23:04 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-03-18 23:04 - 2014-03-18 23:04 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-04-10 20:39 - 2014-04-02 03:57 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-10 20:39 - 2014-04-02 03:57 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-10 20:39 - 2014-04-02 03:57 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-10 20:39 - 2014-04-02 03:57 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-10 20:39 - 2014-04-02 03:58 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-10 20:39 - 2014-04-02 03:57 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
2014-01-14 16:19 - 2014-01-14 16:19 - 00057344 _____ () C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll
2014-04-10 20:39 - 2014-04-02 03:58 - 13691720 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TempE406C3E
AlternateDataStreams: C:\Users\Bodo\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/21/2014 03:49:11 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/21/2014 03:49:09 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/21/2014 03:49:07 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/21/2014 03:49:05 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/21/2014 03:49:03 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/21/2014 03:49:01 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/21/2014 03:48:59 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/21/2014 03:48:57 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/21/2014 03:48:55 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/21/2014 03:48:53 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (04/21/2014 03:10:47 PM) (Source: Service Control Manager) (User: )
Description: Dienst "LiveUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/18/2014 09:09:18 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst BTDevManager erreicht.

Error: (04/17/2014 03:47:19 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Windows-Tool zum Entfernen bösartiger Software für Windows 8, 8.1 und Windows Server 2012, 2012 R2 x64 Edition - April 2014 (KB890830)

Error: (04/16/2014 05:52:50 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WMPNetworkSvc erreicht.

Error: (04/14/2014 10:42:23 PM) (Source: Ntfs) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "Boot" wurde eine Beschädigung erkannt.

Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz. Die Dateireferenznummer ist 0x1000000038f6e. Der Name der Datei ist "<Dateiname kann nicht bestimmt werden>".

Error: (04/14/2014 05:10:01 AM) (Source: Ntfs) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "Boot" wurde eine Beschädigung erkannt.

Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz. Die Dateireferenznummer ist 0x1000000038f6e. Der Name der Datei ist "<Dateiname kann nicht bestimmt werden>".

Error: (04/14/2014 04:50:47 AM) (Source: Service Control Manager) (User: )
Description: Dienst "LiveUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/13/2014 10:39:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Windows-Tool zum Entfernen bösartiger Software für Windows 8, 8.1 und Windows Server 2012, 2012 R2 x64 Edition - April 2014 (KB890830)

Error: (04/11/2014 11:34:58 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Windows-Tool zum Entfernen bösartiger Software für Windows 8, 8.1 und Windows Server 2012, 2012 R2 x64 Edition - April 2014 (KB890830)

Error: (04/09/2014 11:06:18 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar


Microsoft Office Sessions:
=========================
Error: (04/21/2014 03:49:21 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/21/2014 03:49:19 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/21/2014 03:49:17 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/21/2014 03:49:15 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/21/2014 03:49:13 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/21/2014 03:49:11 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/21/2014 03:49:09 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/21/2014 03:49:07 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/21/2014 03:49:05 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/21/2014 03:49:03 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe


==================== Memory info ===========================

Percentage of memory in use: 65%
Total physical RAM: 3976.19 MB
Available physical RAM: 1359.68 MB
Total Pagefile: 12680.19 MB
Available Pagefile: 9511.54 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:404.05 GB) (Free:330.81 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:45.69 GB) NTFS
Drive e: (sbon88p5) (CDROM) (Total:4 GB) (Free:0 GB) CDFS
Drive f: (DRIVE-N-GO) (Fixed) (Total:931.28 GB) (Free:510.49 GB) FAT32
Drive g: (CANON_DC) (Removable) (Total:1.92 GB) (Free:1.9 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: E0375D22)
Partition 1: (Active) - (Size=932 GB) - (Type=0C)

========================================================
Disk: 2 (Size: 2 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

LG Bodo
__________________

Alt 21.04.2014, 15:49   #4
bjc51
 
Windows 8, Windows PC-Repair Virus und wohl noch andere - Standard

Windows 8, Windows PC-Repair Virus und wohl noch andere



Hier nochmals in Code-Tags


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2014 02
Ran by Bodo (administrator) on AKOYAE6240T on 21-04-2014 15:45:56
Running from C:\Users\Bodo\Desktop
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Spigot, Inc.) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
() C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Wajam) C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe
(Conduit) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\PHotkey\ATouch64.exe
() C:\Program Files (x86)\Re-markit\Re-markit_wd.exe
() C:\Program Files (x86)\PHotkey\POSD.exe
() C:\Program Files (x86)\PHotkey\GPMTray.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Smartbar) C:\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Visicom Media Inc.) C:\ProgramData\Search Protection\SearchProtection.exe
(MyHeritage) C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
() C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
(AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(Spigot, Inc.) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
(Spigot Inc) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-09-29] (Realtek Semiconductor Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2777840 2013-08-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-09-23] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-18] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [Search Protection] => C:\ProgramData\Search Protection\SearchProtection.exe [944224 2013-06-26] (Visicom Media Inc.)
HKLM-x32\...\Run: [Family Tree Builder Update] => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [2532864 2013-12-09] (MyHeritage)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [775872 2014-01-27] ()
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1691136 2012-05-31] (AimerSoft)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SearchSettings] => C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [1401152 2014-03-28] (Spigot, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-4152838901-865744110-646186296-1001\...\Run: [lollipop_01031042] => "c:\users\bodo\appdata\local\lollipop\lollipop_01031042.exe" lollipop_01031042
HKU\S-1-5-21-4152838901-865744110-646186296-1001\...\Run: [NextLive] => C:\WINDOWS\SysWOW64\rundll32.exe "C:\Users\Bodo\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-4152838901-865744110-646186296-1001\...\Run: [Browser Infrastructure Helper] => C:\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.exe [20760 2013-11-21] (Smartbar)
HKU\S-1-5-21-4152838901-865744110-646186296-1001\...\Run: [Slick Savings] => C:\Users\Bodo\AppData\Roaming\Slick Savings\CouponsHelper.exe [832320 2014-02-13] (Spigot, Inc.)
HKU\S-1-5-21-4152838901-865744110-646186296-1001\...\MountPoints2: {381baa29-47b3-11e3-8279-806e6f6e6963} - "E:\autorun.exe" Autorun\autorun.hta
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1355040 2014-03-30] (Conduit)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1050400 2014-03-30] (Conduit)
Startup: C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=63b019ad-0f66-12c1-d8e4-31fbc3bbaf22&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/01/2014&type=hp1000
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=63b019ad-0f66-12c1-d8e4-31fbc3bbaf22&searchtype=hp&fr=linkury-tb&installDate=14/01/2014&type=hp1000
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1387566299&from=tugs&uid=ST500LM000-1EJ162_W37120CBXXXXW37120CB
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=63b019ad-0f66-12c1-d8e4-31fbc3bbaf22&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/01/2014&type=hp1000
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1387566299&from=tugs&uid=ST500LM000-1EJ162_W37120CBXXXXW37120CB&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1387566299&from=tugs&uid=ST500LM000-1EJ162_W37120CBXXXXW37120CB
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1387566299&from=tugs&uid=ST500LM000-1EJ162_W37120CBXXXXW37120CB
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1387566299&from=tugs&uid=ST500LM000-1EJ162_W37120CBXXXXW37120CB&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1387566299&from=tugs&uid=ST500LM000-1EJ162_W37120CBXXXXW37120CB&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1387566299&from=tugs&uid=ST500LM000-1EJ162_W37120CBXXXXW37120CB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1387566299&from=tugs&uid=ST500LM000-1EJ162_W37120CBXXXXW37120CB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1387566299&from=tugs&uid=ST500LM000-1EJ162_W37120CBXXXXW37120CB&q={searchTerms}
URLSearchHook: HKCU - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\9.0\ytdToolbarIE64.dll (Spigot, Inc.)
URLSearchHook: HKCU - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\9.0\ytdToolbarIE.dll (Spigot, Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1387566299&from=tugs&uid=ST500LM000-1EJ162_W37120CBXXXXW37120CB
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1387566299&from=tugs&uid=ST500LM000-1EJ162_W37120CBXXXXW37120CB&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1387566299&from=tugs&uid=ST500LM000-1EJ162_W37120CBXXXXW37120CB&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=63b019ad-0f66-12c1-d8e4-31fbc3bbaf22&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/01/2014&type=hp1000
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=63b019ad-0f66-12c1-d8e4-31fbc3bbaf22&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/01/2014&type=hp1000
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=63b019ad-0f66-12c1-d8e4-31fbc3bbaf22&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/01/2014&type=hp1000
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=63b019ad-0f66-12c1-d8e4-31fbc3bbaf22&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/01/2014&type=hp1000
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3322168&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP144C8618-5613-48F2-B45A-6008A3A29C88&q={searchTerms}&SSPV=
SearchScopes: HKCU - {A20986C9-388E-4B9A-A0FF-095073009E92} URL = hxxp://search.softonic.com/MOY00009/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=b02323500000000000006c71d9c34a0b&toi=16085&r=640
SearchScopes: HKCU - {DFABB43D-A5B9-44E2-B139-C536C248B3B7} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Plus-HD-1.3 - {11111111-1111-1111-1111-110311121157} - C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-bho64.dll (Plus HD)
BHO: Yahoo Community Smartbar (by Linkury)Engine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
BHO: Slick Savings - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\Bodo\AppData\Roaming\Slick Savings\Coupons64.dll (Spigot, Inc.)
BHO-x32: Plus-HD-1.3 - {11111111-1111-1111-1111-110311121157} - C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-bho.dll (Plus HD)
BHO-x32: Yahoo Community Smartbar (by Linkury)Engine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Slick Savings - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\Bodo\AppData\Roaming\Slick Savings\Coupons.dll (Spigot, Inc.)
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
BHO-x32: MyStart Toolbar - {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - C:\Program Files (x86)\mystarttb\mystartDx.dll ()
BHO-x32: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.8.29.3\bh\Softonic.dll (Softonic.com)
BHO-x32: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\9.0\ytdToolbarIE.dll (Spigot, Inc.)
BHO-x32: Value Apps plugin - {F63AAEDC-3602-49EF-AA45-262380A98980} - C:\Users\Bodo\AppData\Roaming\ValueApps\IE\MonPrx.dll No File
Toolbar: HKLM - MyStart Toolbar - {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - C:\Program Files (x86)\mystarttb\mystartDx64.dll ()
Toolbar: HKLM - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\9.0\ytdToolbarIE64.dll (Spigot, Inc.)
Toolbar: HKLM-x32 - MyStart Toolbar - {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - C:\Program Files (x86)\mystarttb\mystartDx.dll ()
Toolbar: HKLM-x32 - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.8.29.3\SoftonicTlbr.dll (Softonic.com)
Toolbar: HKLM-x32 - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\9.0\ytdToolbarIE.dll (Spigot, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default
FF user.js: detected! => C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default\user.js
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: Web Search
FF SelectedSearchEngine: Web Search
FF Homepage: hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=63b019ad-0f66-12c1-d8e4-31fbc3bbaf22&searchtype=hp&fr=linkury-tb&installDate=14/01/2014&type=hp1000
FF Keyword.URL: hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=63b019ad-0f66-12c1-d8e4-31fbc3bbaf22&searchtype=ds&fr=linkury-tb&installDate=14/01/2014&type=hp1000&p=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Plus-HD-1.3 - C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default\Extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com [2014-03-12]
FF Extension: Quick Start - C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default\Extensions\quick_start@gmail.com [2014-03-30]
FF Extension: Slick Savings - C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default\Extensions\savingsslider@mybrowserbar.com [2014-03-31]
FF Extension: Start Page - C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362} [2014-03-31]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ []
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default\extensions\quick_start@gmail.com
FF Extension: Quick Start - C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default\extensions\quick_start@gmail.com [2014-03-30]
FF HKCU\...\Firefox\Extensions: [{abdfcd24-f4a1-4248-b9c4-4ee53f915331}] - C:\Program Files (x86)\Re-markit\155.xpi
FF Extension: Re-markit - C:\Program Files (x86)\Re-markit\155.xpi [2014-02-22]

Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3322168&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP144C8618-5613-48F2-B45A-6008A3A29C88&SSPV=
CHR StartupUrls: "https://www.google.de/", "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=48&cc=&mi=b02323500000000000006c71d9c34a0b&toi=16085", "hxxp://de.search.yahoo.com/?type=937811&fr=spigot-yhp-ch"
CHR Extension: (Google Docs) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-23]
CHR Extension: (Google Drive) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-23]
CHR Extension: (YouTube) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-23]
CHR Extension: (Adblock Plus) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-17]
CHR Extension: (Google-Suche) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-23]
CHR Extension: (Re-markit) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel [2013-12-23]
CHR Extension: (Avira Browser Safety) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-03-22]
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2014-04-01]
CHR Extension: (Plus-HD-1.3) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl [2013-12-23]
CHR Extension: (Domain Error Assistant) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj [2014-04-01]
CHR Extension: (Freemake Video Converter) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2014-01-14]
CHR Extension: (Slick Savings) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2014-04-01]
CHR Extension: (Google Wallet) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-23]
CHR Extension: (Extended Protection) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo [2014-03-30]
CHR Extension: (Quick Start) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-03-30]
CHR Extension: (Amazon Shopping Assistant by Spigot) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp [2014-04-01]
CHR Extension: (Google Mail) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-23]
CHR HKLM-x32\...\Chrome\Extension: [dopemniaeocfenlpnoannaefnhfcjcgi] - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\searchswitch.crx [2014-03-30]
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-01-14]
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\Bodo\AppData\Local\Slick Savings\coupons.crx [2014-03-31]
CHR HKLM-x32\...\Chrome\Extension: [ogfjmhfnldnajmfaofeiaepghjenbgjo] - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx [2014-03-30]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-03-30]
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-01-09] (Adobe Systems)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [61440 2013-09-26] ()
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2466080 2014-03-30] (Conduit)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [103936 2014-01-13] (Freemake)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [160768 2013-06-27] ()
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2014-01-22] (IObit)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] ()
R2 WajamUpdaterV3; C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe [114176 2013-11-11] (Wajam)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [510608 2014-03-05] (Cherished Technololgy LIMITED)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 PegaRadioSwitch; C:\Windows\System32\drivers\PegaRadioSwitch.sys [23552 2013-08-22] (Windows (R) Win 7 DDK provider)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2013-10-22] ()
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [548056 2013-09-05] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation                           )
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-14] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
R3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-21 15:45 - 2014-04-21 15:46 - 00030772 _____ () C:\Users\Bodo\Desktop\FRST.txt
2014-04-21 15:45 - 2014-04-21 15:45 - 00000000 ____D () C:\FRST
2014-04-21 15:42 - 2014-04-21 15:43 - 02056704 _____ (Farbar) C:\Users\Bodo\Desktop\FRST64.exe
2014-04-21 09:48 - 2014-04-21 09:48 - 00797552 _____ (Reimage®) C:\Users\Bodo\Downloads\ReimageRepair.exe
2014-04-16 15:34 - 2014-04-16 15:34 - 00000000 ____D () C:\Program Files (x86)\YTD Toolbar
2014-04-16 15:34 - 2014-04-16 15:34 - 00000000 ____D () C:\Program Files (x86)\Application Updater
2014-04-15 01:28 - 2014-04-15 01:28 - 02279222 _____ () C:\Users\Bodo\Documents\HappyBD2.psd
2014-04-11 16:40 - 2014-04-11 16:41 - 00003584 _____ () C:\Users\Bodo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-11 11:38 - 2014-04-11 11:38 - 03766207 _____ () C:\Users\Bodo\Documents\4GMenue.psd
2014-04-11 11:37 - 2014-04-11 11:37 - 04303370 _____ () C:\Users\Bodo\Documents\3GMenue.psd
2014-04-10 02:45 - 2014-04-10 02:45 - 00000000 _____ () C:\end
2014-04-09 09:53 - 2014-03-10 12:35 - 02008408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-04-09 09:53 - 2014-03-10 12:35 - 00377176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2014-04-09 09:53 - 2014-03-06 11:19 - 01287576 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-04-09 09:53 - 2014-03-06 08:10 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-04-09 09:52 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-04-09 09:52 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-04-09 09:52 - 2014-03-06 11:02 - 01109424 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-04-09 09:52 - 2014-03-06 08:17 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-04-09 09:48 - 2014-04-09 09:48 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-04-09 09:48 - 2014-04-09 09:48 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-04-06 18:46 - 2014-04-04 17:02 - 00009866 _____ () C:\Users\Bodo\Documents\untitled_0_1.odt
2014-04-06 15:48 - 2014-04-06 15:48 - 00001906 _____ () C:\Users\Bodo\Desktop\IrfanView Thumbnails.lnk
2014-04-06 15:48 - 2014-04-06 15:48 - 00001018 _____ () C:\Users\Bodo\Desktop\IrfanView.lnk
2014-04-06 15:48 - 2014-04-06 15:48 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-04-06 15:48 - 2014-04-06 15:48 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\IrfanView
2014-04-06 15:48 - 2014-04-06 15:48 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2014-04-06 15:45 - 2014-04-06 15:46 - 02179728 _____ (Irfan Skiljan) C:\Users\Bodo\Downloads\iview437g_setup.exe
2014-04-03 19:53 - 2014-04-04 15:13 - 00026653 _____ () C:\Users\Bodo\Documents\AGGreifswald1404a.odt
2014-04-03 09:11 - 2014-04-03 10:01 - 00027376 _____ () C:\Users\Bodo\Documents\ojkhamm1404.odt
2014-04-02 12:04 - 2014-04-02 12:16 - 00000000 ____D () C:\Users\Bodo\Documents\AfD
2014-04-01 12:23 - 2014-04-01 12:26 - 00000000 ____D () C:\Users\Bodo\Documents\Fax
2014-04-01 10:19 - 2014-04-01 10:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-01 09:32 - 2014-04-01 10:35 - 00001110 _____ () C:\WINDOWS\setup.log
2014-04-01 09:32 - 1998-11-17 12:44 - 00328704 _____ (InstallShield Software Corporation ) C:\WINDOWS\IsUn0407.exe
2014-04-01 09:29 - 2014-04-01 09:29 - 17821354 _____ (AVM Berlin ) C:\Users\Bodo\Downloads\FRITZ_fax_3.07.04.exe
2014-04-01 05:31 - 2014-04-01 05:31 - 01591300 _____ () C:\Users\Bodo\Downloads\2.mpg
2014-03-31 14:21 - 2014-04-16 15:34 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\Slick Savings
2014-03-31 14:21 - 2014-03-31 14:21 - 00000000 ____D () C:\Users\Bodo\AppData\Local\Slick Savings
2014-03-31 11:43 - 2014-04-02 11:53 - 00000000 ____D () C:\Users\Bodo\Documents\Jobcenter
2014-03-30 00:41 - 2014-04-12 08:43 - 00000000 ____D () C:\ProgramData\IePluginService
2014-03-30 00:41 - 2014-03-30 00:41 - 00001003 _____ () C:\Users\Bodo\Desktop\337 GAMES.lnk
2014-03-30 00:41 - 2014-03-30 00:41 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\SupTab
2014-03-30 00:41 - 2014-03-30 00:41 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\337Games
2014-03-30 00:41 - 2014-03-30 00:41 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\337Games
2014-03-30 00:41 - 2014-03-30 00:41 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-03-27 01:23 - 2014-03-27 01:23 - 00000000 ____D () C:\Program Files (x86)\GUMA44D.tmp
2014-03-25 10:26 - 2014-03-25 10:26 - 00028226 _____ () C:\Users\Bodo\Documents\KontaktlistePinguine1403.odt
2014-03-25 10:23 - 2014-03-25 10:30 - 00000000 ____D () C:\Users\Bodo\Documents\Ireen
2014-03-24 21:11 - 2014-03-24 21:12 - 11744300 _____ () C:\Users\Bodo\Documents\Robin Thicke - Blurred Lines (Clean) ft. T.I., Pharrell.avi
2014-03-24 21:10 - 2014-03-24 21:10 - 09254550 _____ () C:\Users\Bodo\Documents\Robin Thicke - Blurred Lines (Clean) ft. T.I., Pharrell.mp4
2014-03-24 16:06 - 2014-03-24 17:31 - 00029981 _____ () C:\Users\Bodo\Documents\AGGreifswald1403b.odt

==================== One Month Modified Files and Folders =======

2014-04-21 15:46 - 2014-04-21 15:45 - 00030772 _____ () C:\Users\Bodo\Desktop\FRST.txt
2014-04-21 15:45 - 2014-04-21 15:45 - 00000000 ____D () C:\FRST
2014-04-21 15:45 - 2013-12-19 00:54 - 01246453 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-21 15:43 - 2014-04-21 15:42 - 02056704 _____ (Farbar) C:\Users\Bodo\Desktop\FRST64.exe
2014-04-21 15:38 - 2014-02-15 17:07 - 00000346 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2014-04-21 15:38 - 2014-01-25 12:37 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-21 15:28 - 2013-12-23 17:07 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-21 15:15 - 2013-12-19 01:02 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4152838901-865744110-646186296-1001
2014-04-21 15:10 - 2014-01-14 14:18 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\newnext.me
2014-04-21 15:10 - 2013-12-20 21:04 - 00000406 _____ () C:\WINDOWS\Tasks\Re-markit Update.job
2014-04-21 15:10 - 2013-12-15 13:04 - 00000000 __RDO () C:\Users\Bodo\SkyDrive
2014-04-21 15:09 - 2014-02-22 14:14 - 00000392 _____ () C:\WINDOWS\Tasks\Re-markit_wd.job
2014-04-21 15:09 - 2013-12-23 17:09 - 00002199 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-21 15:09 - 2013-12-23 17:07 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-21 15:09 - 2013-12-20 21:05 - 00002126 _____ () C:\WINDOWS\Tasks\Plus-HD-1.3-firefoxinstaller.job
2014-04-21 15:09 - 2013-12-20 21:05 - 00001998 _____ () C:\WINDOWS\Tasks\Plus-HD-1.3-chromeinstaller.job
2014-04-21 15:09 - 2013-12-20 21:05 - 00001350 _____ () C:\WINDOWS\Tasks\Plus-HD-1.3-updater.job
2014-04-21 15:09 - 2013-12-20 21:05 - 00001252 _____ () C:\WINDOWS\Tasks\Plus-HD-1.3-codedownloader.job
2014-04-21 15:09 - 2013-12-20 21:05 - 00001152 _____ () C:\WINDOWS\Tasks\Plus-HD-1.3-enabler.job
2014-04-21 15:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-04-21 14:05 - 2013-10-07 07:32 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-04-21 14:05 - 2013-10-07 07:32 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-04-21 14:05 - 2013-10-07 07:11 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-21 14:02 - 2014-01-22 01:44 - 00000000 ____D () C:\ProgramData\ProductData
2014-04-21 14:01 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-21 14:01 - 2013-08-22 16:44 - 00563328 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-04-21 14:00 - 2013-10-07 07:06 - 00300138 _____ () C:\WINDOWS\PFRO.log
2014-04-21 13:59 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-04-21 13:52 - 2014-02-21 12:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-21 13:51 - 2013-10-07 10:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-04-21 13:51 - 2013-08-22 22:59 - 00000000 ____D () C:\WINDOWS\ShellNew
2014-04-21 13:50 - 2014-01-09 19:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-04-21 13:50 - 2013-10-07 07:25 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-04-21 13:47 - 2013-08-22 15:25 - 00000076 _____ () C:\WINDOWS\win.ini
2014-04-21 13:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-04-21 09:48 - 2014-04-21 09:48 - 00797552 _____ (Reimage®) C:\Users\Bodo\Downloads\ReimageRepair.exe
2014-04-21 04:43 - 2013-12-15 13:03 - 00000000 ____D () C:\Users\Bodo\Documents\Youcam
2014-04-20 14:00 - 2013-12-19 20:34 - 00001309 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk
2014-04-20 14:00 - 2013-12-19 20:34 - 00000000 ____D () C:\ProgramData\YTD Video Downloader
2014-04-18 09:55 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-04-16 15:34 - 2014-04-16 15:34 - 00000000 ____D () C:\Program Files (x86)\YTD Toolbar
2014-04-16 15:34 - 2014-04-16 15:34 - 00000000 ____D () C:\Program Files (x86)\Application Updater
2014-04-16 15:34 - 2014-03-31 14:21 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\Slick Savings
2014-04-15 01:28 - 2014-04-15 01:28 - 02279222 _____ () C:\Users\Bodo\Documents\HappyBD2.psd
2014-04-14 04:47 - 2013-12-19 13:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-13 22:41 - 2013-10-08 13:17 - 00000000 ____D () C:\ProgramData\Realtek
2014-04-12 08:43 - 2014-03-30 00:41 - 00000000 ____D () C:\ProgramData\IePluginService
2014-04-11 21:47 - 2014-01-05 16:25 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\vlc
2014-04-11 16:41 - 2014-04-11 16:40 - 00003584 _____ () C:\Users\Bodo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-11 11:38 - 2014-04-11 11:38 - 03766207 _____ () C:\Users\Bodo\Documents\4GMenue.psd
2014-04-11 11:37 - 2014-04-11 11:37 - 04303370 _____ () C:\Users\Bodo\Documents\3GMenue.psd
2014-04-10 02:45 - 2014-04-10 02:45 - 00000000 _____ () C:\end
2014-04-09 09:48 - 2014-04-09 09:48 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-04-09 09:48 - 2014-04-09 09:48 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-04-08 21:33 - 2014-03-10 17:58 - 00000000 ____D () C:\Users\Bodo\Art
2014-04-06 15:48 - 2014-04-06 15:48 - 00001906 _____ () C:\Users\Bodo\Desktop\IrfanView Thumbnails.lnk
2014-04-06 15:48 - 2014-04-06 15:48 - 00001018 _____ () C:\Users\Bodo\Desktop\IrfanView.lnk
2014-04-06 15:48 - 2014-04-06 15:48 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-04-06 15:48 - 2014-04-06 15:48 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\IrfanView
2014-04-06 15:48 - 2014-04-06 15:48 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2014-04-06 15:46 - 2014-04-06 15:45 - 02179728 _____ (Irfan Skiljan) C:\Users\Bodo\Downloads\iview437g_setup.exe
2014-04-04 17:02 - 2014-04-06 18:46 - 00009866 _____ () C:\Users\Bodo\Documents\untitled_0_1.odt
2014-04-04 15:13 - 2014-04-03 19:53 - 00026653 _____ () C:\Users\Bodo\Documents\AGGreifswald1404a.odt
2014-04-03 10:01 - 2014-04-03 09:11 - 00027376 _____ () C:\Users\Bodo\Documents\ojkhamm1404.odt
2014-04-02 12:16 - 2014-04-02 12:04 - 00000000 ____D () C:\Users\Bodo\Documents\AfD
2014-04-02 11:53 - 2014-03-31 11:43 - 00000000 ____D () C:\Users\Bodo\Documents\Jobcenter
2014-04-01 12:26 - 2014-04-01 12:23 - 00000000 ____D () C:\Users\Bodo\Documents\Fax
2014-04-01 10:35 - 2014-04-01 09:32 - 00001110 _____ () C:\WINDOWS\setup.log
2014-04-01 10:19 - 2014-04-01 10:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-01 09:29 - 2014-04-01 09:29 - 17821354 _____ (AVM Berlin ) C:\Users\Bodo\Downloads\FRITZ_fax_3.07.04.exe
2014-04-01 05:31 - 2014-04-01 05:31 - 01591300 _____ () C:\Users\Bodo\Downloads\2.mpg
2014-03-31 23:23 - 2013-12-26 06:02 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-03-31 23:23 - 2013-12-26 06:02 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-31 14:21 - 2014-03-31 14:21 - 00000000 ____D () C:\Users\Bodo\AppData\Local\Slick Savings
2014-03-31 11:06 - 2014-01-15 13:00 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-03-31 03:16 - 2014-04-09 09:52 - 23134208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-31 01:57 - 2014-04-09 09:52 - 17073152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-30 00:41 - 2014-03-30 00:41 - 00001003 _____ () C:\Users\Bodo\Desktop\337 GAMES.lnk
2014-03-30 00:41 - 2014-03-30 00:41 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\SupTab
2014-03-30 00:41 - 2014-03-30 00:41 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\337Games
2014-03-30 00:41 - 2014-03-30 00:41 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\337Games
2014-03-30 00:41 - 2014-03-30 00:41 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-03-30 00:41 - 2013-12-20 21:05 - 00000000 ____D () C:\ProgramData\WPM
2014-03-29 08:36 - 2014-01-14 14:19 - 00000306 __RSH () C:\Users\Bodo\ntuser.pol
2014-03-29 08:36 - 2013-12-18 23:48 - 00000000 ____D () C:\Users\Bodo
2014-03-28 15:58 - 2013-08-22 16:46 - 00077026 _____ () C:\WINDOWS\setupact.log
2014-03-27 10:37 - 2013-12-19 00:55 - 00000000 ____D () C:\Users\Bodo\AppData\Local\CyberLink
2014-03-27 01:23 - 2014-03-27 01:23 - 00000000 ____D () C:\Program Files (x86)\GUMA44D.tmp
2014-03-27 01:23 - 2013-12-23 17:07 - 00004102 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-27 01:23 - 2013-12-23 17:07 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-25 10:30 - 2014-03-25 10:23 - 00000000 ____D () C:\Users\Bodo\Documents\Ireen
2014-03-25 10:26 - 2014-03-25 10:26 - 00028226 _____ () C:\Users\Bodo\Documents\KontaktlistePinguine1403.odt
2014-03-24 21:12 - 2014-03-24 21:11 - 11744300 _____ () C:\Users\Bodo\Documents\Robin Thicke - Blurred Lines (Clean) ft. T.I., Pharrell.avi
2014-03-24 21:10 - 2014-03-24 21:10 - 09254550 _____ () C:\Users\Bodo\Documents\Robin Thicke - Blurred Lines (Clean) ft. T.I., Pharrell.mp4
2014-03-24 17:31 - 2014-03-24 16:06 - 00029981 _____ () C:\Users\Bodo\Documents\AGGreifswald1403b.odt
2014-03-23 16:52 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-03-22 12:27 - 2013-12-19 00:53 - 00000000 ___RD () C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-22 12:27 - 2013-12-19 00:53 - 00000000 ___RD () C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-22 12:21 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData

Some content of TEMP:
====================
C:\Users\Bodo\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Bodo\AppData\Local\Temp\avgnt.exe
C:\Users\Bodo\AppData\Local\Temp\BackupSetup.exe
C:\Users\Bodo\AppData\Local\Temp\dlLogic.exe
C:\Users\Bodo\AppData\Local\Temp\EnableExtDll.dll
C:\Users\Bodo\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Bodo\AppData\Local\Temp\fp_pl_pfs_installer-2.exe
C:\Users\Bodo\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Bodo\AppData\Local\Temp\FreemakeVideoConverter_4.1.2.2.exe
C:\Users\Bodo\AppData\Local\Temp\Mobogenie_Setup_2-1-37_37.exe
C:\Users\Bodo\AppData\Local\Temp\nsa4AF0.exe
C:\Users\Bodo\AppData\Local\Temp\nse55A0.exe
C:\Users\Bodo\AppData\Local\Temp\nsnAD5.exe
C:\Users\Bodo\AppData\Local\Temp\nsnD859.exe
C:\Users\Bodo\AppData\Local\Temp\nsr4EF8.exe
C:\Users\Bodo\AppData\Local\Temp\nsuDC71.exe
C:\Users\Bodo\AppData\Local\Temp\nsuF3B.exe
C:\Users\Bodo\AppData\Local\Temp\nsv59A8.exe
C:\Users\Bodo\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Bodo\AppData\Local\Temp\promote-upx.exe
C:\Users\Bodo\AppData\Local\Temp\Setup.X86.de-DE_O365HomePremRetail_407491aa-e652-4ef3-a324-1e94c3b72453_TX_DB_.exe
C:\Users\Bodo\AppData\Local\Temp\Setup.X86.de-DE_O365HomePremRetail_9d4c90ba-fc43-46c7-b4ee-059048c2e70d_TX_DB_.exe
C:\Users\Bodo\AppData\Local\Temp\Softonic_chr_1-8-29-3_cn.exe
C:\Users\Bodo\AppData\Local\Temp\Softonic_chr_1-8-29-3_cn[1].exe
C:\Users\Bodo\AppData\Local\Temp\SPSetup.exe
C:\Users\Bodo\AppData\Local\Temp\vlc-2.1.4-win64.exe
C:\Users\Bodo\AppData\Local\Temp\_ReMarkit_up.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-16 02:43

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2014 02
Ran by Bodo at 2014-04-21 15:47:38
Running from C:\Users\Bodo\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

337 GAMES (HKCU\...\337Games) (Version: 1.1.1.0 - )
AbiWord 2.9.4 (HKLM-x32\...\AbiWord2) (Version: 2.9.4 - AbiSource Developers)
Adobe Bridge 1.0 (x32 Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Stock Photos 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Ahnenblatt 2.74 (HKLM-x32\...\Ahnenblatt_is1) (Version: 2.74.0.1 - Dirk Boettcher)
Aimersoft DVD Ripper(Build 3.0.0.2) (HKLM-x32\...\Aimersoft DVD Ripper_is1) (Version:  - Aimersoft Software)
Ashampoo AppLauncher (Medion) v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher (Medion)_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Home Cinema 10 (x32 Version: 10.3025 - CyberLink Corp.) Hidden
CyberLink LabelPrint 2.5 (x32 Version: 2.5.0.5415 - CyberLink Corp.) Hidden
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3807_46074 - CyberLink Corp.) Hidden
CyberLink PhotoDirector 3 (x32 Version: 3.0.1.4017 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (x32 Version: 8.0.0.3202 - CyberLink Corp.) Hidden
CyberLink PowerDirector 11 (Version: 11.0.0.3215 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.5426.02 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy 1.5 (x32 Version: 1.5.0.3725a - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.2103 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.2103 - CyberLink Corp.) Hidden
CyberLink YouCam 5 (x32 Version: 5.0.3318.0 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DMUninstaller (HKLM-x32\...\DMUninstaller) (Version:  - ) <==== ATTENTION
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Easy CD-DA Extractor 2010 (HKLM-x32\...\Easy CD-DA Extractor 2010) (Version: 2010 - Poikosoft)
FormatFactory 3.1.1 (HKLM-x32\...\FormatFactory) (Version: 3.1.1 - Free Time)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Freemake Video Converter Version 4.1.2 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.2 - Ellora Assets Corporation)
Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät (HKLM\...\{C3F12DD0-54B1-4B2B-A82B-FA43502BC550}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Hilfe (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12412 - HP)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3309 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Intel(R) Trusted Execution Engine (Version: 1.1.1.1 - Intel Corporation) Hidden
Intel(R) Trusted Execution Engine Driver (Version: 1.0.0.1050 - Intel Corporation) Hidden
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.1.7.2405 - IObit)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
LibreOffice 4.1 Help Pack (German) (HKLM-x32\...\{43295475-62CA-4F25-B46C-43C59258780E}) (Version: 4.1.4.2 - The Document Foundation)
LibreOffice 4.1.4.2 (HKLM-x32\...\{94E11973-ED58-47A0-907C-ABF6D95C5DD8}) (Version: 4.1.4.2 - The Document Foundation)
Lollipop (HKCU\...\lollipop_01031042) (Version:  - Lollipop Network, S.L.) <==== ATTENTION
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Expression Web 4 (x32 Version: 4.0.1460.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Mobogenie (HKLM-x32\...\Mobogenie) (Version:  - Mobogenie.com) <==== ATTENTION
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 7.0.0.7129 - MyHeritage.com)
MyStart Toolbar (HKLM-x32\...\mystarttb) (Version: 5.3.1.21 - Visicom Media Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0092 - Pegatron Corporation)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Plus-HD-1.3 (HKLM-x32\...\Plus-HD-1.3) (Version: 1.31.153.4 - Plus HD) <==== ATTENTION
Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.769.769.093013 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0227 - REALTEK Semiconductor Corp.)
Re-markit (HKLM-x32\...\54ed89b2-da2e-446b-bde7-8188f45dc639) (Version:  - Re-markit Software) <==== ATTENTION
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.12.11.11 - Conduit) <==== ATTENTION
Slick Savings (HKLM-x32\...\{3A787631-66A2-4634-B928-A37E73B58FB6}) (Version: 1.3 - Spigot, Inc.) <==== ATTENTION
Softonic toolbar  on IE and Chrome (HKLM-x32\...\Softonic) (Version: 1.8.29.3 - Softonic) <==== ATTENTION
Studie zur Verbesserung von HP Deskjet 1050 J410 series Produkten (HKLM\...\{B099E941-4789-46A1-9B14-01CFD04E03B3}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
SupTab (HKLM-x32\...\SupTab) (Version: 1.1.1.0 - ) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated)
ValueApps (HKCU\...\ValueApps) (Version: 1.1.0.6 - Conduit) <==== ATTENTION
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Wajam (HKLM-x32\...\Wajam) (Version: 2.05 - Wajam) <==== ATTENTION
Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
XMedia Recode Version 3.1.7.8 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.7.8 - XMedia Recode)
Yahoo Community Smartbar (HKLM-x32\...\{D7403121-68C2-48BC-874D-048015E60DF0}) (Version: 10.179.66.13636 - Linkury Inc.) <==== ATTENTION
Yahoo Community Smartbar Engine (HKCU\...\{993cbed8-bf92-4638-bb47-6cb1272c92ff}) (Version: 10.179.66.13636 - Linkury Inc.) <==== ATTENTION
YTD Toolbar v9.0 (HKLM-x32\...\{9D47532D-59B3-4E15-8069-2E3FC4DA3E92}) (Version: 9.0 - Spigot, Inc.)
YTD Video Downloader 4.8 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8 - GreenTree Applications SRL)

==================== Restore Points  =========================

06-04-2014 23:55:41 Geplanter Prüfpunkt
11-04-2014 09:31:10 Windows Update
15-04-2014 01:20:23 Windows Update
21-04-2014 08:46:41 Windows Update

==================== Hosts content: ==========================

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {038E750F-4B89-4ADF-B5DC-AB57853CA00A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {04A27B59-655B-4872-ACDF-6B22CA9A6D78} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2014-02-15] ()
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2EE106B8-5CCF-4253-A23C-26866F6BD9C1} - System32\Tasks\Plus-HD-1.3-updater => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-updater.exe [2013-12-20] (Plus HD) <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {4445933D-9960-456A-97EC-D67E119103A6} - System32\Tasks\Plus-HD-1.3-enabler => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-enabler.exe [2013-12-20] (Plus HD) <==== ATTENTION
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {790BB5FC-CE15-41F3-BA92-74C1C4C95EC9} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8CEBADF6-73BA-4635-95B1-5630C760570B} - System32\Tasks\Plus-HD-1.3-codedownloader => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-codedownloader.exe [2013-12-20] (Plus HD) <==== ATTENTION
Task: {8E866B41-CF47-4DD2-86BE-3BA0E6F4DC25} - System32\Tasks\Microsoft\Office\Office First Run Task => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {93DD8BD0-F48E-4FE0-98D3-482CB8AED3E4} - System32\Tasks\Plus-HD-1.3-firefoxinstaller => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-firefoxinstaller.exe [2013-12-20] (Plus HD) <==== ATTENTION
Task: {9514645B-9F2A-4777-BE65-6EE5E0E17226} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-23] (Google Inc.)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {AA98B172-10EC-4467-AF6B-52CFF605BC9A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-01-27] (Microsoft Corporation)
Task: {BEC9C1C3-AD4E-4354-8F98-A6469B37DE8E} - System32\Tasks\Plus-HD-1.3-chromeinstaller => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-chromeinstaller.exe [2013-12-20] (Plus HD) <==== ATTENTION
Task: {BF2088D2-306F-4D9C-9899-7188D50E06E1} - System32\Tasks\Re-markit Update => C:\Program Files (x86)\Re-markit\ReMarkit_up.exe [2014-02-22] () <==== ATTENTION
Task: {CD423634-93DB-4DA3-AE6E-52D4FEC97836} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-23] (Google Inc.)
Task: {CDBC83C8-5E0C-4B1F-B67A-FAC9805B3B57} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-01-22] (IObit)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DF8990FA-5798-455D-BA2D-60CB8985A4F1} - System32\Tasks\Re-markit_wd => C:\Program Files (x86)\Re-markit\Re-markit_wd.exe [2014-02-22] () <==== ATTENTION
Task: {E203C98C-6294-4879-809F-2FF5AAB87394} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-14] (Synaptics Incorporated)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {FB7480C5-8E9F-451E-A7B4-6AFBE83137CB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-03-19] (Microsoft Corporation)
Task: {FF6B227B-3D3A-4BEB-A425-B5D3F8EDB02F} - System32\Tasks\Dolby Selector => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-08-08] (Dolby Laboratories Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\WINDOWS\Tasks\Plus-HD-1.3-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-chromeinstaller.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Plus-HD-1.3-codedownloader.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-codedownloader.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Plus-HD-1.3-enabler.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-enabler.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Plus-HD-1.3-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-firefoxinstaller.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Plus-HD-1.3-updater.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Re-markit Update.job => C:\Program Files (x86)\Re-markit\ReMarkit_up.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Re-markit_wd.job => C:\Program Files (x86)\Re-markit\Re-markit_wd.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Loaded Modules (whitelisted) =============

2013-10-08 13:22 - 2013-06-27 10:56 - 00160768 _____ () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
2013-10-08 13:17 - 2013-09-26 21:08 - 00061440 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2013-12-19 17:00 - 2013-08-23 15:45 - 00386216 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-12-19 17:00 - 2013-10-31 10:08 - 00520872 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-12-19 17:00 - 2013-10-31 10:07 - 00618152 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-10-07 09:29 - 2013-03-06 15:42 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-10-08 13:22 - 2013-09-11 12:41 - 02216960 _____ () C:\Program Files (x86)\PHotkey\PHotkey.exe
2013-10-08 13:22 - 2010-12-17 15:04 - 00449032 _____ () C:\Program Files (x86)\PHotkey\ATouch64.exe
2014-02-22 14:14 - 2014-02-22 14:14 - 00093184 _____ () C:\Program Files (x86)\Re-markit\Re-markit_wd.exe
2013-10-08 13:22 - 2012-10-23 19:07 - 03471872 _____ () C:\Program Files (x86)\PHotkey\POSD.exe
2013-10-08 13:22 - 2013-07-18 16:41 - 08856576 _____ () C:\Program Files (x86)\PHotkey\GPMTray.exe
2013-08-08 17:53 - 2013-08-08 17:53 - 00050904 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll
2014-01-14 14:18 - 2014-01-27 12:20 - 00775872 _____ () C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
2013-12-19 13:32 - 2013-12-09 12:37 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-10-08 13:22 - 2009-12-18 16:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll
2013-10-08 13:22 - 2009-12-18 16:41 - 00129544 _____ () C:\Program Files (x86)\PHotkey\GFNEX.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00034072 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00062232 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\srau.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00149784 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00111896 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 02056984 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00055064 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\spbl.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00012568 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\siem.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00048408 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\sppsm.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00727320 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00081688 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00013592 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00016664 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00030488 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\srut.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00019736 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\srsbs.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00057112 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00014104 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\srpdm.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00013592 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\sgml.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00052504 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
2013-11-21 10:48 - 2013-11-21 10:48 - 00047384 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
2013-11-21 10:48 - 2013-11-21 10:48 - 00025368 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00024856 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
2013-11-21 10:49 - 2013-11-21 10:49 - 00248088 _____ () C:\Users\Bodo\AppData\Local\Smartbar\Application\srns.dll
2013-10-07 09:28 - 2013-08-05 09:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 16:48 - 2013-08-05 16:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-01-14 14:18 - 2014-01-27 12:20 - 00061440 _____ () C:\Program Files (x86)\Mobogenie\Device.dll
2014-01-14 14:18 - 2014-01-27 12:20 - 00471040 _____ () C:\Program Files (x86)\Mobogenie\DCR.dll
2014-03-18 23:04 - 2014-03-18 23:04 - 03018864 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-03-18 23:04 - 2014-03-18 23:04 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-03-18 23:04 - 2014-03-18 23:04 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-04-10 20:39 - 2014-04-02 03:57 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-10 20:39 - 2014-04-02 03:57 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-10 20:39 - 2014-04-02 03:57 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-10 20:39 - 2014-04-02 03:57 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-10 20:39 - 2014-04-02 03:58 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-10 20:39 - 2014-04-02 03:57 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
2014-01-14 16:19 - 2014-01-14 16:19 - 00057344 _____ () C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll
2014-04-10 20:39 - 2014-04-02 03:58 - 13691720 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:DE406C3E
AlternateDataStreams: C:\Users\Bodo\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/21/2014 03:49:11 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/21/2014 03:49:09 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/21/2014 03:49:07 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/21/2014 03:49:05 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/21/2014 03:49:03 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/21/2014 03:49:01 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/21/2014 03:48:59 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/21/2014 03:48:57 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/21/2014 03:48:55 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/21/2014 03:48:53 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (04/21/2014 03:10:47 PM) (Source: Service Control Manager) (User: )
Description: Dienst "LiveUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/18/2014 09:09:18 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst BTDevManager erreicht.

Error: (04/17/2014 03:47:19 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Windows-Tool zum Entfernen bösartiger Software für Windows 8, 8.1 und Windows Server 2012, 2012 R2 x64 Edition - April 2014 (KB890830)

Error: (04/16/2014 05:52:50 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WMPNetworkSvc erreicht.

Error: (04/14/2014 10:42:23 PM) (Source: Ntfs) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "Boot" wurde eine Beschädigung erkannt.

Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz. Die Dateireferenznummer ist 0x1000000038f6e. Der Name der Datei ist "<Dateiname kann nicht bestimmt werden>".

Error: (04/14/2014 05:10:01 AM) (Source: Ntfs) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "Boot" wurde eine Beschädigung erkannt.

Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz. Die Dateireferenznummer ist 0x1000000038f6e. Der Name der Datei ist "<Dateiname kann nicht bestimmt werden>".

Error: (04/14/2014 04:50:47 AM) (Source: Service Control Manager) (User: )
Description: Dienst "LiveUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/13/2014 10:39:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Windows-Tool zum Entfernen bösartiger Software für Windows 8, 8.1 und Windows Server 2012, 2012 R2 x64 Edition - April 2014 (KB890830)

Error: (04/11/2014 11:34:58 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Windows-Tool zum Entfernen bösartiger Software für Windows 8, 8.1 und Windows Server 2012, 2012 R2 x64 Edition - April 2014 (KB890830)

Error: (04/09/2014 11:06:18 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar


Microsoft Office Sessions:
=========================
Error: (04/21/2014 03:49:21 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/21/2014 03:49:19 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/21/2014 03:49:17 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/21/2014 03:49:15 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/21/2014 03:49:13 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/21/2014 03:49:11 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/21/2014 03:49:09 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/21/2014 03:49:07 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/21/2014 03:49:05 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/21/2014 03:49:03 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe


==================== Memory info =========================== 

Percentage of memory in use: 65%
Total physical RAM: 3976.19 MB
Available physical RAM: 1359.68 MB
Total Pagefile: 12680.19 MB
Available Pagefile: 9511.54 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:404.05 GB) (Free:330.81 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:45.69 GB) NTFS
Drive e: (sbon88p5) (CDROM) (Total:4 GB) (Free:0 GB) CDFS
Drive f: (DRIVE-N-GO) (Fixed) (Total:931.28 GB) (Free:510.49 GB) FAT32
Drive g: (CANON_DC) (Removable) (Total:1.92 GB) (Free:1.9 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: E0375D22)
Partition 1: (Active) - (Size=932 GB) - (Type=0C)

========================================================
Disk: 2 (Size: 2 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Alt 21.04.2014, 19:01   #5
M-K-D-B
/// TB-Ausbilder
 
Windows 8, Windows PC-Repair Virus und wohl noch andere - Standard

Windows 8, Windows PC-Repair Virus und wohl noch andere



Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 3
Kontrollscan mit FRST
Führe wie zuvor beschrieben einen Scan mit FRST aus.
Setze dazu einen Haken bei Addition.txt rechts unten und klicke auf Scan.
Es werden zwei Logdateien erzeugt. Poste mir diese.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die beiden neuen Logdateien von FRST.

__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 23.04.2014, 15:53   #6
bjc51
 
Windows 8, Windows PC-Repair Virus und wohl noch andere - Standard

Windows 8, Windows PC-Repair Virus und wohl noch andere



Hier Bericht zu Schritt 1:

1. Alles anfangs so gemacht wie vorgegeben
2. Nach Suchen wurden mehrere Anwendungen o.ä. angezeigt zum Löschen und bestätigt
3. Dann etwas später kam folgende Meldung:

Autolt Error
x Line 4866 (File "C:\Users\Desktop\adwcleaner.exe"):

Error Subcript used with non Array variable

4. Desktop wird angezeigt, kein automatischer Neustart

5. Alles wederholt

6. Nach Suche nichts mehr zum Löschen angezeigt, aber trotzdem Löschen angeklickt

7. Diesmal erfolgt Neustart und auch die Textdatei wird angezeigt, siehe wie folgt

Code:
ATTFilter
# AdwCleaner v3.201 - Bericht erstellt am 23/04/2014 um 14:29:12
# Aktualisiert 22/04/2014 von Xplode
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : Bodo - AKOYAE6240T
# Gestartet von : C:\Users\Bodo\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel
Ordner Gelöscht : C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Ordner Gelöscht : C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Ordner Gelöscht : C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Ordner Gelöscht : C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Ordner Gelöscht : C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Ordner Gelöscht : C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Bodo\Desktop\ALDI Süd Blumen Service.lnk
Verknüpfung Desinfiziert : C:\Users\Bodo\Desktop\ALDI Süd Reisen.lnk
Verknüpfung Desinfiziert : C:\Users\Bodo\Desktop\ALDI Süd Startseite.lnk
Verknüpfung Desinfiziert : C:\Users\Bodo\Desktop\ALDI Talk.lnk
Verknüpfung Desinfiziert : C:\Users\Bodo\Desktop\Search.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk
Verknüpfung Desinfiziert : C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
Verknüpfung Desinfiziert : C:\Users\Bodo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Bodo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Bodo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Slick Savings]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SoftonicApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Search Protection]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0031257.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0031257.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0031257.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0031257.Sandbox.1
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [lollipop_01031042]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB24E92-62C4-4C53-95D2-65F9EED476BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F63AAEDC-3602-49EF-AA45-262380A98980}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311121157}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322122257}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355125557}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366126657}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344124457}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB24E92-62C4-4C53-95D2-65F9EED476BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F63AAEDC-3602-49EF-AA45-262380A98980}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311121157}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB24E92-62C4-4C53-95D2-65F9EED476BC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F63AAEDC-3602-49EF-AA45-262380A98980}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311121157}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCB24E92-62C4-4C53-95D2-65F9EED476BC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F63AAEDC-3602-49EF-AA45-262380A98980}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB24E92-62C4-4C53-95D2-65F9EED476BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{607B689F-7600-45E4-B8E5-887F72DAB15C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0D4A4BC-F7CD-436E-B1FA-25637BA0F5BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F63AAEDC-3602-49EF-AA45-262380A98980}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5018CFD2-804D-4C99-9F81-25EAEA2769DE}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCB24E92-62C4-4C53-95D2-65F9EED476BC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB24E92-62C4-4C53-95D2-65F9EED476BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311121157}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322122257}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355125557}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366126657}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311121157}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCB24E92-62C4-4C53-95D2-65F9EED476BC}]
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{607B689F-7600-45E4-B8E5-887F72DAB15C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0D4A4BC-F7CD-436E-B1FA-25637BA0F5BE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F63AAEDC-3602-49EF-AA45-262380A98980}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\lollipop
Schlüssel Gelöscht : HKCU\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\smartbarbackup
Schlüssel Gelöscht : HKCU\Software\smartbarlog
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Wajam
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\Application Updater
Schlüssel Gelöscht : HKLM\Software\Email Notifier
Schlüssel Gelöscht : HKLM\Software\IePlugin
Schlüssel Gelöscht : HKLM\Software\mystarttb
Schlüssel Gelöscht : HKLM\Software\nationzoomSoftware
Schlüssel Gelöscht : HKLM\Software\Search Settings
Schlüssel Gelöscht : HKLM\Software\SearchProtect
Schlüssel Gelöscht : HKLM\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\supTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\Wajam
Schlüssel Gelöscht : HKLM\Software\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMUninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mystarttb
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\supTab
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DomaIQ
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16518

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=63b019ad-0f66-12c1-d8e4-31fbc3bbaf22&searchtype=hp&fr=linkury-tb&installDate=14/01/2014&ty[...]
Zeile gelöscht : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.__GAM__gam_domains.value", "%7B%22gambling%22%3A%22casino.williamhill.com%7Cvegas.willi[...]
Zeile gelöscht : user_pref("extensions.crossrider.bic", "143b73e74f3c05f008a921469e64a51f");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=63b019ad-0f66-12c1-d8e4-31fbc3bbaf22&searchtype=ds&fr=linkury-tb&installDate=14/01/2014&type=hp1000&p="[...]

-\\ Google Chrome v34.0.1847.116

[ Datei : C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Startup_urls] : 
Gelöscht [Homepage] : hxxp://search.conduit.com/?ctid=CT3322168&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP144C8618-5613-48F2-B45A-6008A3A29C88&SSPV=
Gelöscht [Homepage] : hxxp://search.conduit.com/?ctid=CT3322168&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP144C8618-5613-48F2-B45A-6008A3A29C88&SSPV=
Gelöscht [Homepage] : hxxp://search.conduit.com/?ctid=CT3322168&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP144C8618-5613-48F2-B45A-6008A3A29C88&SSPV=
Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Gelöscht [Extension] : dcpfhaghaadpjpgocojgnlhjcieeooel
Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb
Gelöscht [Extension] : hbcennhacfaagdopikcegfcobcadeocj
Gelöscht [Extension] : icdlfehblmklkikfigmjhbmmpmkmpooj
Gelöscht [Extension] : igjjkeeamkpihpncmmbgdkhdnjpcfmfb
Gelöscht [Extension] : jbolfgndggfhhpbnkgnpjkfhinclbigj
Gelöscht [Extension] : mhkaekfpcppmmioggniknbnbdbcigpkk
Gelöscht [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma
Gelöscht [Extension] : pfndaklgolladniicklehhancnlgocpp

*************************

AdwCleaner[R0].txt - [66584 octets] - [23/04/2014 14:08:32]
AdwCleaner[R1].txt - [31911 octets] - [23/04/2014 14:24:46]
AdwCleaner[S0].txt - [6010 octets] - [23/04/2014 14:17:49]
AdwCleaner[S1].txt - [26986 octets] - [23/04/2014 14:29:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [27047 octets] ##########
         
Bei Schritt 2 hat Avira Probleme gemacht, aber ich hoffe diese übersprungen zu haben. War etwas verwirrend.

Deswegen hier schon "Schritt 3 - Protokolle" (der zweite später, falls noch benötigt):

Code:
ATTFilter
 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2014
Ran by Bodo at 2014-04-23 16:30:00
Running from C:\Users\Bodo\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

337 GAMES (HKCU\...\337Games) (Version: 1.1.1.0 - )
AbiWord 2.9.4 (HKLM-x32\...\AbiWord2) (Version: 2.9.4 - AbiSource Developers)
Adobe Bridge 1.0 (x32 Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Stock Photos 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Ahnenblatt 2.74 (HKLM-x32\...\Ahnenblatt_is1) (Version: 2.74.0.1 - Dirk Boettcher)
Aimersoft DVD Ripper(Build 3.0.0.2) (HKLM-x32\...\Aimersoft DVD Ripper_is1) (Version:  - Aimersoft Software)
Ashampoo AppLauncher (Medion) v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher (Medion)_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Home Cinema 10 (x32 Version: 10.3025 - CyberLink Corp.) Hidden
CyberLink LabelPrint 2.5 (x32 Version: 2.5.0.5415 - CyberLink Corp.) Hidden
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3807_46074 - CyberLink Corp.) Hidden
CyberLink PhotoDirector 3 (x32 Version: 3.0.1.4017 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (x32 Version: 8.0.0.3202 - CyberLink Corp.) Hidden
CyberLink PowerDirector 11 (Version: 11.0.0.3215 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.5426.02 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy 1.5 (x32 Version: 1.5.0.3725a - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.2103 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.2103 - CyberLink Corp.) Hidden
CyberLink YouCam 5 (x32 Version: 5.0.3318.0 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Easy CD-DA Extractor 2010 (HKLM-x32\...\Easy CD-DA Extractor 2010) (Version: 2010 - Poikosoft)
FormatFactory 3.1.1 (HKLM-x32\...\FormatFactory) (Version: 3.1.1 - Free Time)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Freemake Video Converter Version 4.1.2 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.2 - Ellora Assets Corporation)
Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät (HKLM\...\{C3F12DD0-54B1-4B2B-A82B-FA43502BC550}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Hilfe (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12412 - HP)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3309 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Intel(R) Trusted Execution Engine (Version: 1.1.1.1 - Intel Corporation) Hidden
Intel(R) Trusted Execution Engine Driver (Version: 1.0.0.1050 - Intel Corporation) Hidden
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.1.7.2405 - IObit)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
LibreOffice 4.1 Help Pack (German) (HKLM-x32\...\{43295475-62CA-4F25-B46C-43C59258780E}) (Version: 4.1.4.2 - The Document Foundation)
LibreOffice 4.1.4.2 (HKLM-x32\...\{94E11973-ED58-47A0-907C-ABF6D95C5DD8}) (Version: 4.1.4.2 - The Document Foundation)
Lollipop (HKCU\...\lollipop_01031042) (Version:  - Lollipop Network, S.L.) <==== ATTENTION
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Expression Web 4 (x32 Version: 4.0.1460.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 7.0.0.7129 - MyHeritage.com)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0092 - Pegatron Corporation)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Plus-HD-1.3 (HKLM-x32\...\Plus-HD-1.3) (Version: 1.31.153.4 - Plus HD) <==== ATTENTION
Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.769.769.093013 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0227 - REALTEK Semiconductor Corp.)
Re-markit (HKLM-x32\...\54ed89b2-da2e-446b-bde7-8188f45dc639) (Version:  - Re-markit Software) <==== ATTENTION
Studie zur Verbesserung von HP Deskjet 1050 J410 series Produkten (HKLM\...\{B099E941-4789-46A1-9B14-01CFD04E03B3}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated)
ValueApps (HKCU\...\ValueApps) (Version: 1.1.0.6 - Conduit) <==== ATTENTION
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
XMedia Recode Version 3.1.7.8 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.7.8 - XMedia Recode)
Yahoo Community Smartbar (HKLM-x32\...\{D7403121-68C2-48BC-874D-048015E60DF0}) (Version: 10.179.66.13636 - Linkury Inc.) <==== ATTENTION
Yahoo Community Smartbar Engine (HKCU\...\{993cbed8-bf92-4638-bb47-6cb1272c92ff}) (Version: 10.179.66.13636 - Linkury Inc.) <==== ATTENTION
YTD Toolbar v9.0 (HKLM-x32\...\{9D47532D-59B3-4E15-8069-2E3FC4DA3E92}) (Version: 9.0 - Spigot, Inc.)
YTD Video Downloader 4.8 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8 - GreenTree Applications SRL)

==================== Restore Points  =========================

06-04-2014 23:55:41 Geplanter Prüfpunkt
11-04-2014 09:31:10 Windows Update
15-04-2014 01:20:23 Windows Update
21-04-2014 08:46:41 Windows Update

==================== Hosts content: ==========================

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {038E750F-4B89-4ADF-B5DC-AB57853CA00A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {04A27B59-655B-4872-ACDF-6B22CA9A6D78} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2014-02-15] ()
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2EE106B8-5CCF-4253-A23C-26866F6BD9C1} - \Plus-HD-1.3-updater No Task File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {4445933D-9960-456A-97EC-D67E119103A6} - \Plus-HD-1.3-enabler No Task File <==== ATTENTION
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {790BB5FC-CE15-41F3-BA92-74C1C4C95EC9} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8CEBADF6-73BA-4635-95B1-5630C760570B} - \Plus-HD-1.3-codedownloader No Task File <==== ATTENTION
Task: {8E866B41-CF47-4DD2-86BE-3BA0E6F4DC25} - System32\Tasks\Microsoft\Office\Office First Run Task => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {93DD8BD0-F48E-4FE0-98D3-482CB8AED3E4} - \Plus-HD-1.3-firefoxinstaller No Task File <==== ATTENTION
Task: {9514645B-9F2A-4777-BE65-6EE5E0E17226} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-23] (Google Inc.)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {AA98B172-10EC-4467-AF6B-52CFF605BC9A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-01-27] (Microsoft Corporation)
Task: {BEC9C1C3-AD4E-4354-8F98-A6469B37DE8E} - \Plus-HD-1.3-chromeinstaller No Task File <==== ATTENTION
Task: {BF2088D2-306F-4D9C-9899-7188D50E06E1} - \Re-markit Update No Task File <==== ATTENTION
Task: {CD423634-93DB-4DA3-AE6E-52D4FEC97836} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-23] (Google Inc.)
Task: {CDBC83C8-5E0C-4B1F-B67A-FAC9805B3B57} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-01-22] (IObit)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DDA1C05E-A3CA-4145-B4BF-90D2D28D2E6B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-04-23] (Microsoft Corporation)
Task: {DF8990FA-5798-455D-BA2D-60CB8985A4F1} - \Re-markit_wd No Task File <==== ATTENTION
Task: {E203C98C-6294-4879-809F-2FF5AAB87394} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-14] (Synaptics Incorporated)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {FF6B227B-3D3A-4BEB-A425-B5D3F8EDB02F} - System32\Tasks\Dolby Selector => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-08-08] (Dolby Laboratories Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Loaded Modules (whitelisted) =============

2013-10-08 13:22 - 2013-06-27 10:56 - 00160768 _____ () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
2013-10-08 13:17 - 2013-09-26 21:08 - 00061440 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2013-12-19 17:00 - 2013-08-23 15:45 - 00386216 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-12-19 17:00 - 2013-10-31 10:08 - 00520872 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-12-19 17:00 - 2013-10-31 10:07 - 00618152 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-10-07 09:29 - 2013-03-06 15:42 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-10-08 13:22 - 2013-09-11 12:41 - 02216960 _____ () C:\Program Files (x86)\PHotkey\PHotkey.exe
2013-10-08 13:22 - 2010-12-17 15:04 - 00449032 _____ () C:\Program Files (x86)\PHotkey\ATouch64.exe
2013-10-08 13:22 - 2012-10-23 19:07 - 03471872 _____ () C:\Program Files (x86)\PHotkey\POSD.exe
2013-10-08 13:22 - 2013-07-18 16:41 - 08856576 _____ () C:\Program Files (x86)\PHotkey\GPMTray.exe
2013-08-08 17:53 - 2013-08-08 17:53 - 00050904 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll
2014-02-15 17:06 - 2014-02-15 17:06 - 00185920 _____ () C:\ProgramData\HP Photo Creations\Communicator.exe
2013-12-19 13:32 - 2013-12-09 12:37 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-10-08 13:22 - 2009-12-18 16:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll
2013-10-08 13:22 - 2009-12-18 16:41 - 00129544 _____ () C:\Program Files (x86)\PHotkey\GFNEX.dll
2013-10-07 09:28 - 2013-08-05 09:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 16:48 - 2013-08-05 16:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:DE406C3E
AlternateDataStreams: C:\Users\Bodo\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/23/2014 04:30:43 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/23/2014 04:30:41 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/23/2014 04:30:39 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/23/2014 04:30:37 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/23/2014 04:30:35 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/23/2014 04:30:33 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/23/2014 04:30:31 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/23/2014 04:30:29 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/23/2014 04:30:27 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/23/2014 04:30:25 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (04/23/2014 04:16:16 PM) (Source: Service Control Manager) (User: )
Description: Dienst "LiveUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/23/2014 04:12:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (04/23/2014 04:11:43 PM) (Source: DCOM) (User: AKOYAE6240T)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (04/23/2014 02:36:40 PM) (Source: Service Control Manager) (User: )
Description: Dienst "LiveUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/23/2014 02:32:54 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (04/23/2014 02:04:18 PM) (Source: Service Control Manager) (User: )
Description: Dienst "LiveUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/23/2014 02:00:27 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst CyberLink PowerDVD 10 MS Service erreicht.

Error: (04/23/2014 01:59:54 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (04/23/2014 03:22:01 AM) (Source: Ntfs) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "Boot" wurde eine Beschädigung erkannt.

Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz. Die Dateireferenznummer ist 0x1000000038f6e. Der Name der Datei ist "<Dateiname kann nicht bestimmt werden>".

Error: (04/23/2014 03:21:57 AM) (Source: Ntfs) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "Boot" wurde eine Beschädigung erkannt.

Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz. Die Dateireferenznummer ist 0x1000000038f6e. Der Name der Datei ist "<Dateiname kann nicht bestimmt werden>".


Microsoft Office Sessions:
=========================
Error: (04/23/2014 04:30:45 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/23/2014 04:30:43 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/23/2014 04:30:41 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/23/2014 04:30:39 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/23/2014 04:30:37 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/23/2014 04:30:35 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/23/2014 04:30:33 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/23/2014 04:30:31 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/23/2014 04:30:29 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/23/2014 04:30:27 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe


==================== Memory info =========================== 

Percentage of memory in use: 33%
Total physical RAM: 3976.19 MB
Available physical RAM: 2635.5 MB
Total Pagefile: 12680.19 MB
Available Pagefile: 11050.07 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:404.05 GB) (Free:327.35 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:45.69 GB) NTFS
Drive e: (sbon88p5) (CDROM) (Total:4 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2014
Ran by Bodo at 2014-04-23 16:30:00
Running from C:\Users\Bodo\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

337 GAMES (HKCU\...\337Games) (Version: 1.1.1.0 - )
AbiWord 2.9.4 (HKLM-x32\...\AbiWord2) (Version: 2.9.4 - AbiSource Developers)
Adobe Bridge 1.0 (x32 Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Stock Photos 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Ahnenblatt 2.74 (HKLM-x32\...\Ahnenblatt_is1) (Version: 2.74.0.1 - Dirk Boettcher)
Aimersoft DVD Ripper(Build 3.0.0.2) (HKLM-x32\...\Aimersoft DVD Ripper_is1) (Version:  - Aimersoft Software)
Ashampoo AppLauncher (Medion) v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher (Medion)_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Home Cinema 10 (x32 Version: 10.3025 - CyberLink Corp.) Hidden
CyberLink LabelPrint 2.5 (x32 Version: 2.5.0.5415 - CyberLink Corp.) Hidden
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3807_46074 - CyberLink Corp.) Hidden
CyberLink PhotoDirector 3 (x32 Version: 3.0.1.4017 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (x32 Version: 8.0.0.3202 - CyberLink Corp.) Hidden
CyberLink PowerDirector 11 (Version: 11.0.0.3215 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.5426.02 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy 1.5 (x32 Version: 1.5.0.3725a - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.2103 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.2103 - CyberLink Corp.) Hidden
CyberLink YouCam 5 (x32 Version: 5.0.3318.0 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Easy CD-DA Extractor 2010 (HKLM-x32\...\Easy CD-DA Extractor 2010) (Version: 2010 - Poikosoft)
FormatFactory 3.1.1 (HKLM-x32\...\FormatFactory) (Version: 3.1.1 - Free Time)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Freemake Video Converter Version 4.1.2 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.2 - Ellora Assets Corporation)
Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät (HKLM\...\{C3F12DD0-54B1-4B2B-A82B-FA43502BC550}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Hilfe (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12412 - HP)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3309 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Intel(R) Trusted Execution Engine (Version: 1.1.1.1 - Intel Corporation) Hidden
Intel(R) Trusted Execution Engine Driver (Version: 1.0.0.1050 - Intel Corporation) Hidden
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.1.7.2405 - IObit)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
LibreOffice 4.1 Help Pack (German) (HKLM-x32\...\{43295475-62CA-4F25-B46C-43C59258780E}) (Version: 4.1.4.2 - The Document Foundation)
LibreOffice 4.1.4.2 (HKLM-x32\...\{94E11973-ED58-47A0-907C-ABF6D95C5DD8}) (Version: 4.1.4.2 - The Document Foundation)
Lollipop (HKCU\...\lollipop_01031042) (Version:  - Lollipop Network, S.L.) <==== ATTENTION
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Expression Web 4 (x32 Version: 4.0.1460.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 7.0.0.7129 - MyHeritage.com)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0092 - Pegatron Corporation)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Plus-HD-1.3 (HKLM-x32\...\Plus-HD-1.3) (Version: 1.31.153.4 - Plus HD) <==== ATTENTION
Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.769.769.093013 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0227 - REALTEK Semiconductor Corp.)
Re-markit (HKLM-x32\...\54ed89b2-da2e-446b-bde7-8188f45dc639) (Version:  - Re-markit Software) <==== ATTENTION
Studie zur Verbesserung von HP Deskjet 1050 J410 series Produkten (HKLM\...\{B099E941-4789-46A1-9B14-01CFD04E03B3}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated)
ValueApps (HKCU\...\ValueApps) (Version: 1.1.0.6 - Conduit) <==== ATTENTION
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
XMedia Recode Version 3.1.7.8 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.7.8 - XMedia Recode)
Yahoo Community Smartbar (HKLM-x32\...\{D7403121-68C2-48BC-874D-048015E60DF0}) (Version: 10.179.66.13636 - Linkury Inc.) <==== ATTENTION
Yahoo Community Smartbar Engine (HKCU\...\{993cbed8-bf92-4638-bb47-6cb1272c92ff}) (Version: 10.179.66.13636 - Linkury Inc.) <==== ATTENTION
YTD Toolbar v9.0 (HKLM-x32\...\{9D47532D-59B3-4E15-8069-2E3FC4DA3E92}) (Version: 9.0 - Spigot, Inc.)
YTD Video Downloader 4.8 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8 - GreenTree Applications SRL)

==================== Restore Points  =========================

06-04-2014 23:55:41 Geplanter Prüfpunkt
11-04-2014 09:31:10 Windows Update
15-04-2014 01:20:23 Windows Update
21-04-2014 08:46:41 Windows Update

==================== Hosts content: ==========================

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {038E750F-4B89-4ADF-B5DC-AB57853CA00A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {04A27B59-655B-4872-ACDF-6B22CA9A6D78} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2014-02-15] ()
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2EE106B8-5CCF-4253-A23C-26866F6BD9C1} - \Plus-HD-1.3-updater No Task File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {4445933D-9960-456A-97EC-D67E119103A6} - \Plus-HD-1.3-enabler No Task File <==== ATTENTION
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {790BB5FC-CE15-41F3-BA92-74C1C4C95EC9} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8CEBADF6-73BA-4635-95B1-5630C760570B} - \Plus-HD-1.3-codedownloader No Task File <==== ATTENTION
Task: {8E866B41-CF47-4DD2-86BE-3BA0E6F4DC25} - System32\Tasks\Microsoft\Office\Office First Run Task => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {93DD8BD0-F48E-4FE0-98D3-482CB8AED3E4} - \Plus-HD-1.3-firefoxinstaller No Task File <==== ATTENTION
Task: {9514645B-9F2A-4777-BE65-6EE5E0E17226} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-23] (Google Inc.)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {AA98B172-10EC-4467-AF6B-52CFF605BC9A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-01-27] (Microsoft Corporation)
Task: {BEC9C1C3-AD4E-4354-8F98-A6469B37DE8E} - \Plus-HD-1.3-chromeinstaller No Task File <==== ATTENTION
Task: {BF2088D2-306F-4D9C-9899-7188D50E06E1} - \Re-markit Update No Task File <==== ATTENTION
Task: {CD423634-93DB-4DA3-AE6E-52D4FEC97836} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-23] (Google Inc.)
Task: {CDBC83C8-5E0C-4B1F-B67A-FAC9805B3B57} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-01-22] (IObit)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DDA1C05E-A3CA-4145-B4BF-90D2D28D2E6B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-04-23] (Microsoft Corporation)
Task: {DF8990FA-5798-455D-BA2D-60CB8985A4F1} - \Re-markit_wd No Task File <==== ATTENTION
Task: {E203C98C-6294-4879-809F-2FF5AAB87394} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-14] (Synaptics Incorporated)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {FF6B227B-3D3A-4BEB-A425-B5D3F8EDB02F} - System32\Tasks\Dolby Selector => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-08-08] (Dolby Laboratories Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Loaded Modules (whitelisted) =============

2013-10-08 13:22 - 2013-06-27 10:56 - 00160768 _____ () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
2013-10-08 13:17 - 2013-09-26 21:08 - 00061440 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2013-12-19 17:00 - 2013-08-23 15:45 - 00386216 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-12-19 17:00 - 2013-10-31 10:08 - 00520872 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-12-19 17:00 - 2013-10-31 10:07 - 00618152 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-10-07 09:29 - 2013-03-06 15:42 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-10-08 13:22 - 2013-09-11 12:41 - 02216960 _____ () C:\Program Files (x86)\PHotkey\PHotkey.exe
2013-10-08 13:22 - 2010-12-17 15:04 - 00449032 _____ () C:\Program Files (x86)\PHotkey\ATouch64.exe
2013-10-08 13:22 - 2012-10-23 19:07 - 03471872 _____ () C:\Program Files (x86)\PHotkey\POSD.exe
2013-10-08 13:22 - 2013-07-18 16:41 - 08856576 _____ () C:\Program Files (x86)\PHotkey\GPMTray.exe
2013-08-08 17:53 - 2013-08-08 17:53 - 00050904 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll
2014-02-15 17:06 - 2014-02-15 17:06 - 00185920 _____ () C:\ProgramData\HP Photo Creations\Communicator.exe
2013-12-19 13:32 - 2013-12-09 12:37 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-10-08 13:22 - 2009-12-18 16:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll
2013-10-08 13:22 - 2009-12-18 16:41 - 00129544 _____ () C:\Program Files (x86)\PHotkey\GFNEX.dll
2013-10-07 09:28 - 2013-08-05 09:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 16:48 - 2013-08-05 16:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:DE406C3E
AlternateDataStreams: C:\Users\Bodo\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/23/2014 04:30:43 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/23/2014 04:30:41 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/23/2014 04:30:39 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/23/2014 04:30:37 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/23/2014 04:30:35 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/23/2014 04:30:33 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/23/2014 04:30:31 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/23/2014 04:30:29 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/23/2014 04:30:27 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/23/2014 04:30:25 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (04/23/2014 04:16:16 PM) (Source: Service Control Manager) (User: )
Description: Dienst "LiveUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/23/2014 04:12:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (04/23/2014 04:11:43 PM) (Source: DCOM) (User: AKOYAE6240T)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (04/23/2014 02:36:40 PM) (Source: Service Control Manager) (User: )
Description: Dienst "LiveUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/23/2014 02:32:54 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (04/23/2014 02:04:18 PM) (Source: Service Control Manager) (User: )
Description: Dienst "LiveUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/23/2014 02:00:27 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst CyberLink PowerDVD 10 MS Service erreicht.

Error: (04/23/2014 01:59:54 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (04/23/2014 03:22:01 AM) (Source: Ntfs) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "Boot" wurde eine Beschädigung erkannt.

Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz. Die Dateireferenznummer ist 0x1000000038f6e. Der Name der Datei ist "<Dateiname kann nicht bestimmt werden>".

Error: (04/23/2014 03:21:57 AM) (Source: Ntfs) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "Boot" wurde eine Beschädigung erkannt.

Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz. Die Dateireferenznummer ist 0x1000000038f6e. Der Name der Datei ist "<Dateiname kann nicht bestimmt werden>".


Microsoft Office Sessions:
=========================
Error: (04/23/2014 04:30:45 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/23/2014 04:30:43 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/23/2014 04:30:41 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/23/2014 04:30:39 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/23/2014 04:30:37 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/23/2014 04:30:35 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/23/2014 04:30:33 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/23/2014 04:30:31 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/23/2014 04:30:29 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/23/2014 04:30:27 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe


==================== Memory info =========================== 

Percentage of memory in use: 33%
Total physical RAM: 3976.19 MB
Available physical RAM: 2635.5 MB
Total Pagefile: 12680.19 MB
Available Pagefile: 11050.07 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:404.05 GB) (Free:327.35 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:45.69 GB) NTFS
Drive e: (sbon88p5) (CDROM) (Total:4 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Alt 23.04.2014, 16:33   #7
M-K-D-B
/// TB-Ausbilder
 
Windows 8, Windows PC-Repair Virus und wohl noch andere - Standard

Windows 8, Windows PC-Repair Virus und wohl noch andere



Zitat:
Zitat von bjc51 Beitrag anzeigen
Bei Schritt 2 hat Avira Probleme gemacht, aber ich hoffe diese übersprungen zu haben. War etwas verwirrend.
Dann deaktiviere bitte Avira, wenn es stört.

Schritt 2 ausführen, Logdatei dazu posten und dann im Anschluss nochmal FRST wie oben beschrieben.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 24.04.2014, 08:53   #8
bjc51
 
Windows 8, Windows PC-Repair Virus und wohl noch andere - Standard

Windows 8, Windows PC-Repair Virus und wohl noch andere



Den Schritt 2 habe ich noch nicht wiederholt, weil ich noch eine Avira-Meldung beantworten soll, wo gefragt ob Re-markt_2040-2081.exe mit dem Virus ÁDWARE/Adware.Gen`entfernt werden soll. Momentan ist es blockiert. Soll ich entfernen anklicken oder die Meldung wegklicken?

Und hier noch der Inhalt der Datei mbam.txt vom ersten Suchlauf gestern:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 23.04.2014
Suchlauf-Zeit: 16:09:53
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.23.05
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Bodo

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 291559
Verstrichene Zeit: 1 Std, 1 Min, 47 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 3
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\Plus-HD-1.3, In Quarantäne, [29d710f00ef2d62a377789fb56acf40c], 
PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-1.3, Löschen bei Neustart, [d12f718f35cb7c84009f0c681be70ff1], 
PUP.Optional.PlusHD.A, HKU\S-1-5-21-4152838901-865744110-646186296-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-1.3, Löschen bei Neustart, [02fe46bacd33fd03bee1452fe919f40c], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[c53b5aa6bb4529d71b68a884a55f6898]

Ordner: 8
PUP.Optional.Conduit.A, C:\Users\Bodo\AppData\Local\Temp\ct3311333, In Quarantäne, [42beb749ba46dc24c287065bcd35c33d], 
PUP.Optional.CrossRider.A, C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl, In Quarantäne, [5da3af513bc559a72275630112f0659b], 
PUP.Optional.Conduit.A, C:\Users\Bodo\AppData\Local\Temp\mam-ct3319214, In Quarantäne, [23ddbf41fc0436ca6608afb8f012b34d], 
PUP.Optional.CrossRider.A, C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhlmghjmomaoodfgjeikphfdljhpcpkl, In Quarantäne, [e31dc33d22de17e940a8571237cb3cc4], 
PUP.Optional.CrossRider.A, C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_hhlmghjmomaoodfgjeikphfdljhpcpkl_0, In Quarantäne, [05fb20e0ec14c53b4e9b90d9768c6799], 
PUP.Optional.Spigot.A, C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}, In Quarantäne, [fd0303fd5ba5dc24d32ccba03cc67090], 
PUP.Optional.Spigot.A, C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}\chrome, In Quarantäne, [fd0303fd5ba5dc24d32ccba03cc67090], 
PUP.Optional.Spigot.A, C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}\chrome\content, In Quarantäne, [fd0303fd5ba5dc24d32ccba03cc67090], 

Dateien: 98
PUP.Optional.SearchProtect.A, C:\Users\Bodo\AppData\Local\Temp\nsa4AF0.exe, In Quarantäne, [df21e61af20ec9377d3c180c21e07987], 
PUP.Optional.SearchProtect.A, C:\Users\Bodo\AppData\Local\Temp\nse55A0.exe, In Quarantäne, [e61ae81853ad20e03a7fa381ab56c63a], 
PUP.Optional.SearchProtect.A, C:\Users\Bodo\AppData\Local\Temp\nsnAD5.exe, In Quarantäne, [c739956bc43c52ae8e2b61c37b86e11f], 
PUP.Optional.Bundlore, C:\Users\Bodo\AppData\Local\Temp\d2NUXa_p.exe.part, In Quarantäne, [8e72fe02ad534eb2806459aca95bf50b], 
PUP.Optional.AdLyrics, C:\Users\Bodo\AppData\Local\Temp\_ReMarkit_up.exe, In Quarantäne, [c63a51aff50bf808a16a134b6f922fd1], 
PUP.Optional.Spigot.A, C:\Users\Bodo\AppData\Local\Temp\AskPIP_FF_.exe, In Quarantäne, [c33d04fc4bb5f60ad0472ff108f9a45c], 
PUP.Optional.SearchProtect.A, C:\Users\Bodo\AppData\Local\Temp\nsr4EF8.exe, In Quarantäne, [ba4648b805fb8779378201233cc5768a], 
PUP.Optional.SearchProtect.A, C:\Users\Bodo\AppData\Local\Temp\nsuDC71.exe, In Quarantäne, [837d1be5ad538b75e3d6a0849e63dc24], 
PUP.Optional.SearchProtect.A, C:\Users\Bodo\AppData\Local\Temp\nsuF3B.exe, In Quarantäne, [b7492dd34eb21ce4457480a4d1309f61], 
PUP.Optional.SearchProtect.A, C:\Users\Bodo\AppData\Local\Temp\nsv59A8.exe, In Quarantäne, [eb156a9628d830d0ab0eee367b86fe02], 
PUP.Optional.Conduit.A, C:\Users\Bodo\AppData\Local\Temp\SPSetup.exe, In Quarantäne, [34cc986860a041bf7c2cc752a16017e9], 
PUP.Optional.Conduit.A, C:\Users\Bodo\AppData\Local\Temp\dlLogic.exe, In Quarantäne, [1ae6bb457090758b80eba161b24fa35d], 
PUP.Optional.OpenCandy, C:\Users\Bodo\AppData\Local\Temp\FreemakeVideoConverter_4.1.2.2.exe, In Quarantäne, [b14fe41c5ca42bd53ccbdc2d9e63e21e], 
PUP.Optional.NextLive.A, C:\Users\Bodo\AppData\Local\Temp\Mobogenie_Setup_2-1-37_37.exe, In Quarantäne, [4ab69a668c74a55ba6478bc46899ac54], 
PUP.Optional.SearchProtect.A, C:\Users\Bodo\AppData\Local\Temp\nsnD859.exe, In Quarantäne, [f907de227c840cf400b93aea35cc9f61], 
PUP.Optional.Conduit, C:\Users\Bodo\AppData\Local\Temp\mam-ct3319214\ctbe.exe, In Quarantäne, [05fb4fb16898e21e08ce49db21df8a76], 
PUP.Optional.Conduit.A, C:\Users\Bodo\AppData\Local\Temp\mam-ct3319214\mamstub.exe, In Quarantäne, [0af633cdb24eac5490db0af8f50c46ba], 
PUP.Optional.ValueApps.A, C:\Users\Bodo\AppData\Local\Temp\mam-ct3319214\mam_ie.exe, In Quarantäne, [4ab68a7644bcca36223c7b8e31d1ff01], 
PUP.Optional.Domalq, C:\Users\Bodo\AppData\Local\Temp\sevcgyqbysux\ewvijqfgclny.exe, In Quarantäne, [f7096997e719f20e64e6a18f857b8c74], 
PUP.Optional.BundleInstaller.A, C:\Users\Bodo\AppData\Local\Temp\sevcgyqbysux\parent.txt, In Quarantäne, [25dbee12a35d0ef244a097a71ae7c040], 
PUP.Optional.OptimizerPro.A, C:\Users\Bodo\AppData\Local\Temp\sevcgyqbysux\software\OptimizerPro.exe, In Quarantäne, [44bc4ab6c43cf20ea7dba775e120eb15], 
PUP.Optional.SkyTech.A, C:\Users\Bodo\AppData\Local\Temp\sevcgyqbysux\software\tugs_nationzoom.exe, In Quarantäne, [f8085ca451af47b99b068dc4a75a7789], 
PUP.Optional.Conduit.A, C:\Users\Bodo\AppData\Local\Temp\ConduitSP\sp-downloader.exe, In Quarantäne, [768a19e705fb53ad895bd7405ba609f7], 
PUP.Optional.NationZoom.A, C:\Users\Bodo\AppData\Local\Temp\fullpackage_temp1387566284\Baofeng.exe, In Quarantäne, [966a6d930bf5bc44df8739f42cd4c13f], 
PUP.Optional.WpManager, C:\Users\Bodo\AppData\Local\Temp\fullpackage_temp1387566284\tmp\NewGdp.exe, In Quarantäne, [06fa4cb4aa56c43cb45b1c4056ab619f], 
PUP.Optional.BundleInstaller.A, C:\Users\Bodo\AppData\Local\Temp\ifoxleoodbnfvoh\ondkbntwcokx.exe, In Quarantäne, [6c94b54b7888eb15908e062a9e628977], 
PUP.Optional.BundleInstaller.A, C:\Users\Bodo\AppData\Local\Temp\ifoxleoodbnfvoh\parent.txt, In Quarantäne, [57a933cd8e72cb35a738202032cf758b], 
PUP.Optional.MyStartTB.A, C:\Users\Bodo\AppData\Local\Temp\ifoxleoodbnfvoh\software\Mystart.exe, In Quarantäne, [7e82ae529b655fa1869acf6f52afcd33], 
PUP.Optional.Conduit.A, C:\Users\Bodo\AppData\Local\Temp\ifoxleoodbnfvoh\software\ValueApps.exe, In Quarantäne, [15eb1be58f71619f914046e9d62aa060], 
PUP.Optional.Wajam, C:\Users\Bodo\AppData\Local\Temp\ifoxleoodbnfvoh\software\wajam_download.exe, In Quarantäne, [f40c30d0d92747b9481a75a9fe0225db], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nskA01.exe, In Quarantäne, [d729758b33cdab55992069bb5da4d32d], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nslF5F6.exe, In Quarantäne, [cb351fe1e61a0af606b343e152afe61a], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsp3667.exe, In Quarantäne, [b8488b75bb4506fa2891cc58966bfe02], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsqE12C.exe, In Quarantäne, [936de8188a7628d8b900ae76ad5405fb], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nss9CC0.exe, In Quarantäne, [a15fc7393dc33ec21b9e31f37a87629e], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsu7391.exe, In Quarantäne, [d828669a27d960a014a5dd47ad54ca36], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsw4257.exe, In Quarantäne, [0af69a6645bb50b0c3f6fc28a75aef11], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsc3141.exe, In Quarantäne, [56aa31cfbe4226da13a624007091ef11], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsd349C.exe, In Quarantäne, [738d28d8a957a957eacfdb49d1309070], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsd3E7.exe, In Quarantäne, [bb45be42f808ae52714840e4dc25ef11], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsdC7C7.exe, In Quarantäne, [f30d887848b8728eebcea97b699852ae], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsg517.exe, In Quarantäne, [956b956b50b0b947c3f68f959e63847c], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsg74E5.exe, In Quarantäne, [08f8eb15907009f7cdec22023ac7d42c], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsgDDFB.exe, In Quarantäne, [ce32659ba0601de32e8b57cd6c9516ea], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsh2F43.exe, In Quarantäne, [0af6d828cd338e72f7c2c95bf50ca35d], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsh478.exe, In Quarantäne, [5fa127d9b64a05fb7c3d37ede71af20e], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsh9D6B.exe, In Quarantäne, [06fa4fb18c74ff01eacfe53ff40d9b65], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nshE533.exe, In Quarantäne, [748cb050748cff016a4f071dec158d73], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nshEF0D.exe, In Quarantäne, [b24ec13fe21e13ed4a6fda4a7e831be5], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nshEF0E.exe, In Quarantäne, [e51b38c8ce32b947baff081c9e6360a0], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsiEAAD.exe, In Quarantäne, [5da37b8557a9ae52dbde62c245bce11f], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsj897B.exe, In Quarantäne, [03fd768a41bfe7198e2b31f3e021c63a], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsk3AF.exe, In Quarantäne, [43bdff01946ce51b5069ff2549b8619f], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsy898A.exe, In Quarantäne, [d62a946c46ba4db38633e242b54cad53], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsyC7F6.exe, In Quarantäne, [946c709004fce11ffcbd1014de231ae6], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsyD5EA.exe, In Quarantäne, [1ce430d0f808a25e59608a9af011f50b], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsz7369.exe, In Quarantäne, [1ee23ec233cdf40c338636eeea179b65], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsw93F9.exe, In Quarantäne, [d12f36ca9b65a060aa0fd84c89788c74], 
PUP.Optional.BundleInstaller.A, C:\Users\Bodo\Downloads\Nicht bestätigt 773899.crdownload, In Quarantäne, [f50bae52956bb0506c9a7db8758b9a66], 
PUP.Optional.InstallBrain, C:\Users\Bodo\Downloads\DownloadManagerSetup.exe, In Quarantäne, [e11fa15f936db947ff5d9da8a55cbc44], 
PUP.Optional.BundleInstaller.A, C:\Users\Bodo\Downloads\dvdfab-windows-downloader.exe, In Quarantäne, [28d8946cea1641bff7e13236d72a926e], 
PUP.Optional.Conduit.A, C:\Users\Bodo\Downloads\Total_Commander_TSA3MNG.exe, In Quarantäne, [6f919b659a6698687e57093c09f859a7], 
PUP.Optional.Spigot.A, C:\Users\Bodo\Downloads\YTD471Setup.exe, In Quarantäne, [2bd5817feb15ac54770386a0aa56c23e], 
PUP.Optional.Spigot.A, C:\Users\Bodo\Downloads\YTDSetup.exe, In Quarantäne, [b54bf50bf40cef11adcd091dee1247b9], 
PUP.Optional.OpenCandy, C:\Users\Bodo\Downloads\FreemakeVideoConverterSetup.exe, In Quarantäne, [d42cae529967cb35c6412bdeba4745bb], 
PUP.Optional.Bandoo, C:\Users\Bodo\Downloads\iLividSetup-r542-n-bc (1).exe, In Quarantäne, [ed13649c0ff1926ea567867f26db7987], 
PUP.Optional.Bandoo, C:\Users\Bodo\Downloads\iLividSetup-r542-n-bc.exe, In Quarantäne, [6b9510f0ab55966a13f9c045ea17b64a], 
PUP.Optional.BundleInstaller.A, C:\Users\Bodo\Downloads\Java (1).exe, In Quarantäne, [60a005fb6c94c63a01de3c0447ba6898], 
PUP.Optional.BundleInstaller.A, C:\Users\Bodo\Downloads\Java.exe, In Quarantäne, [8779d729629e11efd50f003efa07d12f], 
PUP.Optional.BundleInstaller.A, C:\Users\Bodo\Downloads\Setup (1).exe, In Quarantäne, [748c0af6dd230cf46e986fc6926e48b8], 
PUP.Optional.DomaIQ, C:\Users\Bodo\Downloads\Setup.exe, In Quarantäne, [c13fa8588977738d8f4f0a2d01ff6997], 
PUP.Optional.Softonic.A, C:\Users\Bodo\Downloads\SoftonicDownloader_fuer_easy-cd-da-extractor.exe, In Quarantäne, [8c748a76d22e11ef99d24dce53ae32ce], 
PUP.Optional.Softonic.A, C:\Users\Bodo\Downloads\SoftonicDownloader_fuer_format-factory.exe, In Quarantäne, [9f6140c02fd153ad70fb0813dd245ba5], 
PUP.Optional.Softonic.A, C:\Users\Bodo\Downloads\SoftonicDownloader_fuer_zattoo.exe, In Quarantäne, [9070b94714ec669a76f564b7e91851af], 
PUP.Optional.SmartBar.A, C:\Windows\Installer\138bbd0d.msi, In Quarantäne, [fb057d831be5f50b6b699196e9170000], 
PUP.Optional.CrossRider.A, C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hhlmghjmomaoodfgjeikphfdljhpcpkl_0.localstorage, In Quarantäne, [bb459a66699722dee267165b0002bb45], 
PUP.Optional.CrossRider.A, C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hhlmghjmomaoodfgjeikphfdljhpcpkl_0.localstorage-journal, In Quarantäne, [e31d18e8d62a3ac684c58fe29e643dc3], 
PUP.Optional.Conduit.A, C:\Users\Bodo\AppData\Local\Temp\ct3311333\chromeid.txt, In Quarantäne, [42beb749ba46dc24c287065bcd35c33d], 
PUP.Optional.Conduit.A, C:\Users\Bodo\AppData\Local\Temp\ct3311333\setup.ini.txt, In Quarantäne, [42beb749ba46dc24c287065bcd35c33d], 
PUP.Optional.CrossRider.A, C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhlmghjmomaoodfgjeikphfdljhpcpkl\000916.ldb, In Quarantäne, [e31dc33d22de17e940a8571237cb3cc4], 
PUP.Optional.CrossRider.A, C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhlmghjmomaoodfgjeikphfdljhpcpkl\000918.ldb, In Quarantäne, [e31dc33d22de17e940a8571237cb3cc4], 
PUP.Optional.CrossRider.A, C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhlmghjmomaoodfgjeikphfdljhpcpkl\000919.log, In Quarantäne, [e31dc33d22de17e940a8571237cb3cc4], 
PUP.Optional.CrossRider.A, C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhlmghjmomaoodfgjeikphfdljhpcpkl\CURRENT, In Quarantäne, [e31dc33d22de17e940a8571237cb3cc4], 
PUP.Optional.CrossRider.A, C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhlmghjmomaoodfgjeikphfdljhpcpkl\LOCK, In Quarantäne, [e31dc33d22de17e940a8571237cb3cc4], 
PUP.Optional.CrossRider.A, C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhlmghjmomaoodfgjeikphfdljhpcpkl\LOG, In Quarantäne, [e31dc33d22de17e940a8571237cb3cc4], 
PUP.Optional.CrossRider.A, C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhlmghjmomaoodfgjeikphfdljhpcpkl\LOG.old, In Quarantäne, [e31dc33d22de17e940a8571237cb3cc4], 
PUP.Optional.CrossRider.A, C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhlmghjmomaoodfgjeikphfdljhpcpkl\MANIFEST-000917, In Quarantäne, [e31dc33d22de17e940a8571237cb3cc4], 
PUP.Optional.CrossRider.A, C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_hhlmghjmomaoodfgjeikphfdljhpcpkl_0\1, In Quarantäne, [05fb20e0ec14c53b4e9b90d9768c6799], 
PUP.Optional.Spigot.A, C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}\chrome.manifest, In Quarantäne, [fd0303fd5ba5dc24d32ccba03cc67090], 
PUP.Optional.Spigot.A, C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}\icon.png, In Quarantäne, [fd0303fd5ba5dc24d32ccba03cc67090], 
PUP.Optional.Spigot.A, C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}\install.rdf, In Quarantäne, [fd0303fd5ba5dc24d32ccba03cc67090], 
PUP.Optional.Spigot.A, C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}\chrome\content\config.json, In Quarantäne, [fd0303fd5ba5dc24d32ccba03cc67090], 
PUP.Optional.Spigot.A, C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}\chrome\content\main.js, In Quarantäne, [fd0303fd5ba5dc24d32ccba03cc67090], 
PUP.Optional.Spigot.A, C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}\chrome\content\main.xul, In Quarantäne, [fd0303fd5ba5dc24d32ccba03cc67090], 
PUP.Optional.Spigot.A, C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}\chrome\content\newtab.xul, In Quarantäne, [fd0303fd5ba5dc24d32ccba03cc67090], 
PUP.Optional.Spigot.A, C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}\chrome\content\spigot.js, In Quarantäne, [fd0303fd5ba5dc24d32ccba03cc67090], 
PUP.Optional.Spigot.A, C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}\chrome\content\startpage.js, In Quarantäne, [fd0303fd5ba5dc24d32ccba03cc67090], 
PUP.Optional.Conduit.A, C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (   "homepage": "hxxp://search.conduit.com/?ctid=CT3322168&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP144C8618-5613-48F2-B45A-6008A3A29C88&SSPV=",), Ersetzt,[47b9758b37c9e818e944bb9d1ee69769]

Physische Sektoren: 0
(No malicious items detected)


(end)
         

Alt 24.04.2014, 09:18   #9
M-K-D-B
/// TB-Ausbilder
 
Windows 8, Windows PC-Repair Virus und wohl noch andere - Standard

Windows 8, Windows PC-Repair Virus und wohl noch andere



Zitat:
Zitat von bjc51 Beitrag anzeigen
Den Schritt 2 habe ich noch nicht wiederholt, weil ich noch eine Avira-Meldung beantworten soll, wo gefragt ob Re-markt_2040-2081.exe mit dem Virus ÁDWARE/Adware.Gen`entfernt werden soll. Momentan ist es blockiert. Soll ich entfernen anklicken oder die Meldung wegklicken?
Entfernen!


FRST bitte dann nochmal ausführen!
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 24.04.2014, 19:26   #10
bjc51
 
Windows 8, Windows PC-Repair Virus und wohl noch andere - Standard

Windows 8, Windows PC-Repair Virus und wohl noch andere



Hier die Logdatei. Es scheint jetzt alles okay zu sein. Das wäre SUPER und herzlichen Dank.

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-04-2014
Ran by Bodo at 2014-04-24 20:13:39
Running from C:\Users\Bodo\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

337 GAMES (HKCU\...\337Games) (Version: 1.1.1.0 - )
AbiWord 2.9.4 (HKLM-x32\...\AbiWord2) (Version: 2.9.4 - AbiSource Developers)
Adobe Bridge 1.0 (x32 Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Stock Photos 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Ahnenblatt 2.74 (HKLM-x32\...\Ahnenblatt_is1) (Version: 2.74.0.1 - Dirk Boettcher)
Aimersoft DVD Ripper(Build 3.0.0.2) (HKLM-x32\...\Aimersoft DVD Ripper_is1) (Version:  - Aimersoft Software)
Ashampoo AppLauncher (Medion) v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher (Medion)_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Home Cinema 10 (x32 Version: 10.3025 - CyberLink Corp.) Hidden
CyberLink LabelPrint 2.5 (x32 Version: 2.5.0.5415 - CyberLink Corp.) Hidden
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3807_46074 - CyberLink Corp.) Hidden
CyberLink PhotoDirector 3 (x32 Version: 3.0.1.4017 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (x32 Version: 8.0.0.3202 - CyberLink Corp.) Hidden
CyberLink PowerDirector 11 (Version: 11.0.0.3215 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.5426.02 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy 1.5 (x32 Version: 1.5.0.3725a - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.2103 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.2103 - CyberLink Corp.) Hidden
CyberLink YouCam 5 (x32 Version: 5.0.3318.0 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Easy CD-DA Extractor 2010 (HKLM-x32\...\Easy CD-DA Extractor 2010) (Version: 2010 - Poikosoft)
FormatFactory 3.1.1 (HKLM-x32\...\FormatFactory) (Version: 3.1.1 - Free Time)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Freemake Video Converter Version 4.1.2 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.2 - Ellora Assets Corporation)
Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät (HKLM\...\{C3F12DD0-54B1-4B2B-A82B-FA43502BC550}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Hilfe (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12412 - HP)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3309 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Intel(R) Trusted Execution Engine (Version: 1.1.1.1 - Intel Corporation) Hidden
Intel(R) Trusted Execution Engine Driver (Version: 1.0.0.1050 - Intel Corporation) Hidden
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.1.7.2405 - IObit)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
LibreOffice 4.1 Help Pack (German) (HKLM-x32\...\{43295475-62CA-4F25-B46C-43C59258780E}) (Version: 4.1.4.2 - The Document Foundation)
LibreOffice 4.1.4.2 (HKLM-x32\...\{94E11973-ED58-47A0-907C-ABF6D95C5DD8}) (Version: 4.1.4.2 - The Document Foundation)
Lollipop (HKCU\...\lollipop_01031042) (Version:  - Lollipop Network, S.L.) <==== ATTENTION
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Expression Web 4 (x32 Version: 4.0.1460.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 7.0.0.7129 - MyHeritage.com)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0092 - Pegatron Corporation)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Plus-HD-1.3 (HKLM-x32\...\Plus-HD-1.3) (Version: 1.31.153.4 - Plus HD) <==== ATTENTION
Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.769.769.093013 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0227 - REALTEK Semiconductor Corp.)
Re-markit (HKLM-x32\...\54ed89b2-da2e-446b-bde7-8188f45dc639) (Version:  - Re-markit Software) <==== ATTENTION
Studie zur Verbesserung von HP Deskjet 1050 J410 series Produkten (HKLM\...\{B099E941-4789-46A1-9B14-01CFD04E03B3}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated)
ValueApps (HKCU\...\ValueApps) (Version: 1.1.0.6 - Conduit) <==== ATTENTION
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
XMedia Recode Version 3.1.7.8 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.7.8 - XMedia Recode)
Yahoo Community Smartbar (HKLM-x32\...\{D7403121-68C2-48BC-874D-048015E60DF0}) (Version: 10.179.66.13636 - Linkury Inc.) <==== ATTENTION
Yahoo Community Smartbar Engine (HKCU\...\{993cbed8-bf92-4638-bb47-6cb1272c92ff}) (Version: 10.179.66.13636 - Linkury Inc.) <==== ATTENTION
YTD Toolbar v9.0 (HKLM-x32\...\{9D47532D-59B3-4E15-8069-2E3FC4DA3E92}) (Version: 9.0 - Spigot, Inc.)
YTD Video Downloader 4.8 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8 - GreenTree Applications SRL)

==================== Restore Points  =========================

06-04-2014 23:55:41 Geplanter Prüfpunkt
11-04-2014 09:31:10 Windows Update
15-04-2014 01:20:23 Windows Update
21-04-2014 08:46:41 Windows Update
24-04-2014 18:04:45 Windows Update

==================== Hosts content: ==========================

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {038E750F-4B89-4ADF-B5DC-AB57853CA00A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {04A27B59-655B-4872-ACDF-6B22CA9A6D78} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2014-02-15] ()
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2EE106B8-5CCF-4253-A23C-26866F6BD9C1} - \Plus-HD-1.3-updater No Task File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {4445933D-9960-456A-97EC-D67E119103A6} - \Plus-HD-1.3-enabler No Task File <==== ATTENTION
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {790BB5FC-CE15-41F3-BA92-74C1C4C95EC9} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8CEBADF6-73BA-4635-95B1-5630C760570B} - \Plus-HD-1.3-codedownloader No Task File <==== ATTENTION
Task: {8E866B41-CF47-4DD2-86BE-3BA0E6F4DC25} - System32\Tasks\Microsoft\Office\Office First Run Task => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {93DD8BD0-F48E-4FE0-98D3-482CB8AED3E4} - \Plus-HD-1.3-firefoxinstaller No Task File <==== ATTENTION
Task: {9514645B-9F2A-4777-BE65-6EE5E0E17226} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-23] (Google Inc.)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {AA98B172-10EC-4467-AF6B-52CFF605BC9A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-01-27] (Microsoft Corporation)
Task: {BEC9C1C3-AD4E-4354-8F98-A6469B37DE8E} - \Plus-HD-1.3-chromeinstaller No Task File <==== ATTENTION
Task: {BF2088D2-306F-4D9C-9899-7188D50E06E1} - \Re-markit Update No Task File <==== ATTENTION
Task: {C2858384-D1E3-4DF0-9DCE-EBF322C1E748} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-04-23] (Microsoft Corporation)
Task: {CD423634-93DB-4DA3-AE6E-52D4FEC97836} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-23] (Google Inc.)
Task: {CDBC83C8-5E0C-4B1F-B67A-FAC9805B3B57} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-01-22] (IObit)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DF8990FA-5798-455D-BA2D-60CB8985A4F1} - \Re-markit_wd No Task File <==== ATTENTION
Task: {E203C98C-6294-4879-809F-2FF5AAB87394} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-14] (Synaptics Incorporated)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {FF6B227B-3D3A-4BEB-A425-B5D3F8EDB02F} - System32\Tasks\Dolby Selector => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-08-08] (Dolby Laboratories Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Loaded Modules (whitelisted) =============

2013-10-08 13:22 - 2013-06-27 10:56 - 00160768 _____ () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
2013-10-08 13:17 - 2013-09-26 21:08 - 00061440 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2013-12-19 17:00 - 2013-08-23 15:45 - 00386216 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-12-19 17:00 - 2013-10-31 10:08 - 00520872 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-12-19 17:00 - 2013-10-31 10:07 - 00618152 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-10-07 09:29 - 2013-03-06 15:42 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-10-08 13:22 - 2013-09-11 12:41 - 02216960 _____ () C:\Program Files (x86)\PHotkey\PHotkey.exe
2013-10-08 13:22 - 2010-12-17 15:04 - 00449032 _____ () C:\Program Files (x86)\PHotkey\ATouch64.exe
2013-10-08 13:22 - 2012-10-23 19:07 - 03471872 _____ () C:\Program Files (x86)\PHotkey\POSD.exe
2013-08-08 17:53 - 2013-08-08 17:53 - 00050904 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll
2013-10-08 13:22 - 2013-07-18 16:41 - 08856576 _____ () C:\Program Files (x86)\PHotkey\GPMTray.exe
2013-12-19 13:32 - 2013-12-09 12:37 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-10-08 13:22 - 2009-12-18 16:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll
2013-10-08 13:22 - 2009-12-18 16:41 - 00129544 _____ () C:\Program Files (x86)\PHotkey\GFNEX.dll
2013-10-07 09:28 - 2013-08-05 09:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 16:48 - 2013-08-05 16:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:DE406C3E
AlternateDataStreams: C:\Users\Bodo\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Bodo\SkyDrive.old:ms-properties

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/24/2014 08:14:19 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/24/2014 08:14:17 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/24/2014 08:14:15 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/24/2014 08:14:13 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/24/2014 08:14:11 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/24/2014 08:14:09 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/24/2014 08:14:07 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/24/2014 08:14:05 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/24/2014 08:14:03 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/24/2014 08:14:01 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (04/24/2014 08:10:21 PM) (Source: Service Control Manager) (User: )
Description: Dienst "LiveUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/24/2014 08:05:38 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Windows 8.1 Update für x64-basierte Systeme (KB2919355)

Error: (04/24/2014 04:14:10 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Freemake Improver" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/24/2014 04:03:14 AM) (Source: Ntfs) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "Boot" wurde eine Beschädigung erkannt.

Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz. Die Dateireferenznummer ist 0x1000000038f6e. Der Name der Datei ist "<Dateiname kann nicht bestimmt werden>".

Error: (04/24/2014 04:03:11 AM) (Source: Ntfs) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "Boot" wurde eine Beschädigung erkannt.

Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz. Die Dateireferenznummer ist 0x1000000038f6e. Der Name der Datei ist "<Dateiname kann nicht bestimmt werden>".

Error: (04/23/2014 04:16:16 PM) (Source: Service Control Manager) (User: )
Description: Dienst "LiveUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/23/2014 04:12:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (04/23/2014 04:11:43 PM) (Source: DCOM) (User: AKOYAE6240T)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (04/23/2014 02:36:40 PM) (Source: Service Control Manager) (User: )
Description: Dienst "LiveUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/23/2014 02:32:54 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.


Microsoft Office Sessions:
=========================
Error: (04/24/2014 08:14:24 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/24/2014 08:14:21 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/24/2014 08:14:19 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/24/2014 08:14:17 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/24/2014 08:14:15 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/24/2014 08:14:13 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/24/2014 08:14:11 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/24/2014 08:14:09 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/24/2014 08:14:07 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe

Error: (04/24/2014 08:14:05 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe


==================== Memory info =========================== 

Percentage of memory in use: 33%
Total physical RAM: 3976.19 MB
Available physical RAM: 2627.61 MB
Total Pagefile: 12680.19 MB
Available Pagefile: 11215.68 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:404.05 GB) (Free:326.26 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:45.69 GB) NTFS
Drive e: (sbon88p5) (CDROM) (Total:4 GB) (Free:0 GB) CDFS
Drive f: (DRIVE-N-GO) (Fixed) (Total:931.28 GB) (Free:510.49 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: E0375D22)
Partition 1: (Active) - (Size=932 GB) - (Type=0C)

==================== End Of Log ============================
         

Alt 24.04.2014, 19:52   #11
M-K-D-B
/// TB-Ausbilder
 
Windows 8, Windows PC-Repair Virus und wohl noch andere - Standard

Windows 8, Windows PC-Repair Virus und wohl noch andere



Servus,


du hast nur die Addition.txt gepostet.


Bitte poste noch die FRST.txt, dann kann es weitergehen.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 24.04.2014, 20:11   #12
bjc51
 
Windows 8, Windows PC-Repair Virus und wohl noch andere - Standard

Windows 8, Windows PC-Repair Virus und wohl noch andere



Sorry, hier noch die FRST.txt


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2014
Ran by Bodo (administrator) on AKOYAE6240T on 24-04-2014 20:12:05
Running from C:\Users\Bodo\Desktop
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\ATouch64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\PHotkey\POSD.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
() C:\Program Files (x86)\PHotkey\GPMTray.exe
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(MyHeritage) C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
(AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\WMIADAP.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-09-29] (Realtek Semiconductor Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2777840 2013-08-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-09-23] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-18] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [Family Tree Builder Update] => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [2532864 2013-12-09] (MyHeritage)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1691136 2012-05-31] (AimerSoft)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-4152838901-865744110-646186296-1001\...\MountPoints2: {381baa29-47b3-11e3-8279-806e6f6e6963} - "E:\autorun.exe" Autorun\autorun.hta
Startup: C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {A20986C9-388E-4B9A-A0FF-095073009E92} URL = hxxp://search.softonic.com/MOY00009/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=b02323500000000000006c71d9c34a0b&toi=16085&r=640
SearchScopes: HKCU - {DFABB43D-A5B9-44E2-B139-C536C248B3B7} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default
FF NewTab: chrome://quick_start/content/index.html
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default\Extensions\staged [2014-04-21]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ []
FF HKCU\...\Firefox\Extensions: [{abdfcd24-f4a1-4248-b9c4-4ee53f915331}] - C:\Program Files (x86)\Re-markit\155.xpi

Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3322168&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP144C8618-5613-48F2-B45A-6008A3A29C88&SSPV=
CHR StartupUrls: "https://www.google.de/", "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=48&cc=&mi=b02323500000000000006c71d9c34a0b&toi=16085", "hxxp://de.search.yahoo.com/?type=937811&fr=spigot-yhp-ch"
CHR Extension: (Google Docs) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-23]
CHR Extension: (Google Drive) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-23]
CHR Extension: (YouTube) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-23]
CHR Extension: (Adblock Plus) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-17]
CHR Extension: (Google-Suche) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-23]
CHR Extension: (Avira Browser Safety) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-03-22]
CHR Extension: (Google Wallet) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-23]
CHR Extension: (Extended Protection) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo [2014-03-30]
CHR Extension: (Google Mail) - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-23]
CHR HKLM-x32\...\Chrome\Extension: [dopemniaeocfenlpnoannaefnhfcjcgi] - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\searchswitch.crx [2014-03-30]
CHR HKLM-x32\...\Chrome\Extension: [ogfjmhfnldnajmfaofeiaepghjenbgjo] - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx [2014-03-30]

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-01-09] (Adobe Systems)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [61440 2013-09-26] ()
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [103936 2014-01-13] (Freemake)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [160768 2013-06-27] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2014-01-22] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 PegaRadioSwitch; C:\Windows\System32\drivers\PegaRadioSwitch.sys [23552 2013-08-22] (Windows (R) Win 7 DDK provider)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2013-10-22] ()
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [548056 2013-09-05] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation                           )
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-14] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
R3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-24 20:09 - 2014-04-24 20:09 - 00000000 __RDO () C:\Users\Bodo\SkyDrive
2014-04-24 10:19 - 2014-04-24 14:47 - 00000000 ____D () C:\Users\Bodo\Documents\GfK
2014-04-23 16:28 - 2014-04-24 20:11 - 00000000 ____D () C:\Users\Bodo\Desktop\FRST-OlderVersion
2014-04-23 16:21 - 2014-04-23 16:21 - 00017590 _____ () C:\Users\Bodo\Desktop\mbam.txt
2014-04-23 15:41 - 2014-04-23 15:41 - 00368145 _____ () C:\Users\Bodo\avirameldung1.odt
2014-04-23 15:35 - 2014-04-23 13:50 - 00023266 _____ () C:\Users\Bodo\Documents\untitled_0_2.odt
2014-04-23 14:57 - 2014-04-24 20:09 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-23 14:55 - 2014-04-23 14:55 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-23 14:55 - 2014-04-23 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-23 14:55 - 2014-04-23 14:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-23 14:55 - 2014-04-23 14:55 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-23 14:55 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-23 14:55 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-04-23 14:55 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-04-23 14:08 - 2014-04-23 14:30 - 00000000 ____D () C:\AdwCleaner
2014-04-23 13:53 - 2014-04-23 13:53 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Bodo\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-23 13:42 - 2014-04-23 13:53 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Bodo\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-23 13:38 - 2014-04-23 13:37 - 01345299 _____ () C:\Users\Bodo\Desktop\adwcleaner.exe
2014-04-23 13:37 - 2014-04-23 13:37 - 01345299 _____ () C:\Users\Bodo\Downloads\adwcleaner.exe
2014-04-22 13:46 - 2014-04-22 13:46 - 08615086 _____ () C:\Users\Bodo\Documents\The Rainbows - My Baby Baby Balla Balla (1966)_HQ.mp4
2014-04-21 15:47 - 2014-04-23 16:30 - 00030032 _____ () C:\Users\Bodo\Desktop\Addition.txt
2014-04-21 15:45 - 2014-04-24 20:12 - 00016494 _____ () C:\Users\Bodo\Desktop\FRST.txt
2014-04-21 15:45 - 2014-04-24 20:12 - 00000000 ____D () C:\FRST
2014-04-21 15:42 - 2014-04-24 20:11 - 02061824 _____ (Farbar) C:\Users\Bodo\Desktop\FRST64.exe
2014-04-21 09:48 - 2014-04-21 09:48 - 00797552 _____ (Reimage®) C:\Users\Bodo\Downloads\ReimageRepair.exe
2014-04-20 14:00 - 2014-04-20 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2014-04-15 01:28 - 2014-04-15 01:28 - 02279222 _____ () C:\Users\Bodo\Documents\HappyBD2.psd
2014-04-11 16:40 - 2014-04-11 16:41 - 00003584 _____ () C:\Users\Bodo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-11 11:38 - 2014-04-11 11:38 - 03766207 _____ () C:\Users\Bodo\Documents\4GMenue.psd
2014-04-11 11:37 - 2014-04-11 11:37 - 04303370 _____ () C:\Users\Bodo\Documents\3GMenue.psd
2014-04-09 09:53 - 2014-03-10 12:35 - 02008408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-04-09 09:53 - 2014-03-10 12:35 - 00377176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2014-04-09 09:53 - 2014-03-06 11:19 - 01287576 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-04-09 09:53 - 2014-03-06 08:10 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-04-09 09:52 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-04-09 09:52 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-04-09 09:52 - 2014-03-06 11:02 - 01109424 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-04-09 09:52 - 2014-03-06 08:17 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-04-09 09:48 - 2014-04-09 09:48 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-04-09 09:48 - 2014-04-09 09:48 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-04-06 18:46 - 2014-04-04 17:02 - 00009866 _____ () C:\Users\Bodo\Documents\untitled_0_1.odt
2014-04-06 15:48 - 2014-04-06 15:48 - 00001906 _____ () C:\Users\Bodo\Desktop\IrfanView Thumbnails.lnk
2014-04-06 15:48 - 2014-04-06 15:48 - 00001018 _____ () C:\Users\Bodo\Desktop\IrfanView.lnk
2014-04-06 15:48 - 2014-04-06 15:48 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-04-06 15:48 - 2014-04-06 15:48 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\IrfanView
2014-04-06 15:48 - 2014-04-06 15:48 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2014-04-06 15:45 - 2014-04-06 15:46 - 02179728 _____ (Irfan Skiljan) C:\Users\Bodo\Downloads\iview437g_setup.exe
2014-04-03 19:53 - 2014-04-04 15:13 - 00026653 _____ () C:\Users\Bodo\Documents\AGGreifswald1404a.odt
2014-04-03 09:11 - 2014-04-03 10:01 - 00027376 _____ () C:\Users\Bodo\Documents\ojkhamm1404.odt
2014-04-02 12:04 - 2014-04-02 12:16 - 00000000 ____D () C:\Users\Bodo\Documents\AfD
2014-04-01 12:23 - 2014-04-01 12:26 - 00000000 ____D () C:\Users\Bodo\Documents\Fax
2014-04-01 10:19 - 2014-04-01 10:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-01 09:32 - 2014-04-01 10:35 - 00001110 _____ () C:\WINDOWS\setup.log
2014-04-01 09:32 - 1998-11-17 12:44 - 00328704 _____ (InstallShield Software Corporation ) C:\WINDOWS\IsUn0407.exe
2014-04-01 09:29 - 2014-04-01 09:29 - 17821354 _____ (AVM Berlin ) C:\Users\Bodo\Downloads\FRITZ_fax_3.07.04.exe
2014-04-01 05:31 - 2014-04-01 05:31 - 01591300 _____ () C:\Users\Bodo\Downloads\2.mpg
2014-03-31 11:43 - 2014-04-02 11:53 - 00000000 ____D () C:\Users\Bodo\Documents\Jobcenter
2014-03-30 00:41 - 2014-03-30 00:41 - 00001003 _____ () C:\Users\Bodo\Desktop\337 GAMES.lnk
2014-03-30 00:41 - 2014-03-30 00:41 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\337Games
2014-03-30 00:41 - 2014-03-30 00:41 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\337Games
2014-03-27 01:23 - 2014-03-27 01:23 - 00000000 ____D () C:\Program Files (x86)\GUMA44D.tmp
2014-03-25 10:26 - 2014-03-25 10:26 - 00028226 _____ () C:\Users\Bodo\Documents\KontaktlistePinguine1403.odt
2014-03-25 10:23 - 2014-03-25 10:30 - 00000000 ____D () C:\Users\Bodo\Documents\Ireen

==================== One Month Modified Files and Folders =======

2014-04-24 20:12 - 2014-04-21 15:45 - 00016494 _____ () C:\Users\Bodo\Desktop\FRST.txt
2014-04-24 20:12 - 2014-04-21 15:45 - 00000000 ____D () C:\FRST
2014-04-24 20:11 - 2014-04-23 16:28 - 00000000 ____D () C:\Users\Bodo\Desktop\FRST-OlderVersion
2014-04-24 20:11 - 2014-04-21 15:42 - 02061824 _____ (Farbar) C:\Users\Bodo\Desktop\FRST64.exe
2014-04-24 20:10 - 2013-12-23 17:09 - 00002199 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-24 20:09 - 2014-04-24 20:09 - 00000000 __RDO () C:\Users\Bodo\SkyDrive
2014-04-24 20:09 - 2014-04-23 14:57 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-24 20:09 - 2013-12-23 17:07 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-24 20:09 - 2013-12-18 23:48 - 00000000 ____D () C:\Users\Bodo
2014-04-24 20:09 - 2013-12-15 13:04 - 00000000 __RDO () C:\Users\Bodo\SkyDrive.old
2014-04-24 20:07 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-24 20:05 - 2013-12-19 00:54 - 01802722 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-24 20:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-04-24 19:38 - 2014-02-15 17:07 - 00000346 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2014-04-24 19:38 - 2014-01-25 12:37 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-24 19:28 - 2013-12-23 17:07 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-24 14:47 - 2014-04-24 10:19 - 00000000 ____D () C:\Users\Bodo\Documents\GfK
2014-04-24 10:03 - 2013-12-19 01:02 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4152838901-865744110-646186296-1001
2014-04-24 09:44 - 2013-10-07 07:32 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-04-24 09:44 - 2013-10-07 07:32 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-04-24 09:44 - 2013-10-07 07:11 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-23 16:30 - 2014-04-21 15:47 - 00030032 _____ () C:\Users\Bodo\Desktop\Addition.txt
2014-04-23 16:21 - 2014-04-23 16:21 - 00017590 _____ () C:\Users\Bodo\Desktop\mbam.txt
2014-04-23 16:13 - 2013-10-07 07:06 - 00328896 _____ () C:\WINDOWS\PFRO.log
2014-04-23 15:50 - 2013-12-24 00:55 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-23 15:47 - 2013-10-07 08:12 - 90655440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-23 15:41 - 2014-04-23 15:41 - 00368145 _____ () C:\Users\Bodo\avirameldung1.odt
2014-04-23 15:40 - 2014-03-10 17:58 - 00000000 ____D () C:\Users\Bodo\Art
2014-04-23 14:55 - 2014-04-23 14:55 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-23 14:55 - 2014-04-23 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-23 14:55 - 2014-04-23 14:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-23 14:55 - 2014-04-23 14:55 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-23 14:38 - 2014-01-14 16:20 - 00001378 _____ () C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-04-23 14:38 - 2014-01-14 16:20 - 00001331 _____ () C:\Users\Bodo\Desktop\Search.lnk
2014-04-23 14:30 - 2014-04-23 14:08 - 00000000 ____D () C:\AdwCleaner
2014-04-23 14:29 - 2013-12-19 00:53 - 00001009 _____ () C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-23 14:29 - 2013-12-15 13:01 - 00001224 _____ () C:\Users\Bodo\Desktop\ALDI Süd Blumen Service.lnk
2014-04-23 14:29 - 2013-12-15 13:01 - 00001200 _____ () C:\Users\Bodo\Desktop\ALDI Süd Reisen.lnk
2014-04-23 14:29 - 2013-12-15 13:01 - 00001156 _____ () C:\Users\Bodo\Desktop\ALDI Talk.lnk
2014-04-23 14:29 - 2013-12-15 13:01 - 00001136 _____ () C:\Users\Bodo\Desktop\ALDI Süd Startseite.lnk
2014-04-23 14:29 - 2013-10-22 12:55 - 00001120 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk
2014-04-23 14:29 - 2013-10-22 12:55 - 00001114 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk
2014-04-23 14:00 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-04-23 13:53 - 2014-04-23 13:53 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Bodo\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-23 13:53 - 2014-04-23 13:42 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Bodo\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-23 13:50 - 2014-04-23 15:35 - 00023266 _____ () C:\Users\Bodo\Documents\untitled_0_2.odt
2014-04-23 13:37 - 2014-04-23 13:38 - 01345299 _____ () C:\Users\Bodo\Desktop\adwcleaner.exe
2014-04-23 13:37 - 2014-04-23 13:37 - 01345299 _____ () C:\Users\Bodo\Downloads\adwcleaner.exe
2014-04-22 13:46 - 2014-04-22 13:46 - 08615086 _____ () C:\Users\Bodo\Documents\The Rainbows - My Baby Baby Balla Balla (1966)_HQ.mp4
2014-04-22 13:38 - 2013-12-19 20:34 - 00000000 ____D () C:\ProgramData\YTD Video Downloader
2014-04-21 14:02 - 2014-01-22 01:44 - 00000000 ____D () C:\ProgramData\ProductData
2014-04-21 14:01 - 2013-08-22 16:44 - 00563328 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-04-21 13:52 - 2014-02-21 12:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-21 13:51 - 2013-10-07 10:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-04-21 13:51 - 2013-08-22 22:59 - 00000000 ____D () C:\WINDOWS\ShellNew
2014-04-21 13:50 - 2014-01-09 19:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-04-21 13:50 - 2013-10-07 07:25 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-04-21 13:47 - 2013-08-22 15:25 - 00000076 _____ () C:\WINDOWS\win.ini
2014-04-21 13:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-04-21 09:48 - 2014-04-21 09:48 - 00797552 _____ (Reimage®) C:\Users\Bodo\Downloads\ReimageRepair.exe
2014-04-21 04:43 - 2013-12-15 13:03 - 00000000 ____D () C:\Users\Bodo\Documents\Youcam
2014-04-20 14:00 - 2014-04-20 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2014-04-20 14:00 - 2013-12-19 20:34 - 00001309 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk
2014-04-18 09:55 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-04-15 01:28 - 2014-04-15 01:28 - 02279222 _____ () C:\Users\Bodo\Documents\HappyBD2.psd
2014-04-14 04:47 - 2013-12-19 13:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-13 22:41 - 2013-10-08 13:17 - 00000000 ____D () C:\ProgramData\Realtek
2014-04-11 21:47 - 2014-01-05 16:25 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\vlc
2014-04-11 16:41 - 2014-04-11 16:40 - 00003584 _____ () C:\Users\Bodo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-11 11:38 - 2014-04-11 11:38 - 03766207 _____ () C:\Users\Bodo\Documents\4GMenue.psd
2014-04-11 11:37 - 2014-04-11 11:37 - 04303370 _____ () C:\Users\Bodo\Documents\3GMenue.psd
2014-04-09 09:48 - 2014-04-09 09:48 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-04-09 09:48 - 2014-04-09 09:48 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-04-06 15:48 - 2014-04-06 15:48 - 00001906 _____ () C:\Users\Bodo\Desktop\IrfanView Thumbnails.lnk
2014-04-06 15:48 - 2014-04-06 15:48 - 00001018 _____ () C:\Users\Bodo\Desktop\IrfanView.lnk
2014-04-06 15:48 - 2014-04-06 15:48 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-04-06 15:48 - 2014-04-06 15:48 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\IrfanView
2014-04-06 15:48 - 2014-04-06 15:48 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2014-04-06 15:46 - 2014-04-06 15:45 - 02179728 _____ (Irfan Skiljan) C:\Users\Bodo\Downloads\iview437g_setup.exe
2014-04-04 17:02 - 2014-04-06 18:46 - 00009866 _____ () C:\Users\Bodo\Documents\untitled_0_1.odt
2014-04-04 15:13 - 2014-04-03 19:53 - 00026653 _____ () C:\Users\Bodo\Documents\AGGreifswald1404a.odt
2014-04-03 10:01 - 2014-04-03 09:11 - 00027376 _____ () C:\Users\Bodo\Documents\ojkhamm1404.odt
2014-04-03 09:51 - 2014-04-23 14:55 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-23 14:55 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-23 14:55 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-04-02 12:16 - 2014-04-02 12:04 - 00000000 ____D () C:\Users\Bodo\Documents\AfD
2014-04-02 11:53 - 2014-03-31 11:43 - 00000000 ____D () C:\Users\Bodo\Documents\Jobcenter
2014-04-01 12:26 - 2014-04-01 12:23 - 00000000 ____D () C:\Users\Bodo\Documents\Fax
2014-04-01 10:35 - 2014-04-01 09:32 - 00001110 _____ () C:\WINDOWS\setup.log
2014-04-01 10:19 - 2014-04-01 10:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-01 09:29 - 2014-04-01 09:29 - 17821354 _____ (AVM Berlin ) C:\Users\Bodo\Downloads\FRITZ_fax_3.07.04.exe
2014-04-01 05:31 - 2014-04-01 05:31 - 01591300 _____ () C:\Users\Bodo\Downloads\2.mpg
2014-03-31 23:23 - 2013-12-26 06:02 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-03-31 23:23 - 2013-12-26 06:02 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-31 03:16 - 2014-04-09 09:52 - 23134208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-31 01:57 - 2014-04-09 09:52 - 17073152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-30 00:41 - 2014-03-30 00:41 - 00001003 _____ () C:\Users\Bodo\Desktop\337 GAMES.lnk
2014-03-30 00:41 - 2014-03-30 00:41 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\337Games
2014-03-30 00:41 - 2014-03-30 00:41 - 00000000 ____D () C:\Users\Bodo\AppData\Roaming\337Games
2014-03-29 08:36 - 2014-01-14 14:19 - 00000306 __RSH () C:\Users\Bodo\ntuser.pol
2014-03-28 15:58 - 2013-08-22 16:46 - 00077026 _____ () C:\WINDOWS\setupact.log
2014-03-27 10:37 - 2013-12-19 00:55 - 00000000 ____D () C:\Users\Bodo\AppData\Local\CyberLink
2014-03-27 01:23 - 2014-03-27 01:23 - 00000000 ____D () C:\Program Files (x86)\GUMA44D.tmp
2014-03-27 01:23 - 2013-12-23 17:07 - 00004102 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-27 01:23 - 2013-12-23 17:07 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-25 10:30 - 2014-03-25 10:23 - 00000000 ____D () C:\Users\Bodo\Documents\Ireen
2014-03-25 10:26 - 2014-03-25 10:26 - 00028226 _____ () C:\Users\Bodo\Documents\KontaktlistePinguine1403.odt

Some content of TEMP:
====================
C:\Users\Bodo\AppData\Local\Temp\avgnt.exe
C:\Users\Bodo\AppData\Local\Temp\BackupSetup.exe
C:\Users\Bodo\AppData\Local\Temp\EnableExtDll.dll
C:\Users\Bodo\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Bodo\AppData\Local\Temp\fp_pl_pfs_installer-2.exe
C:\Users\Bodo\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Bodo\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Bodo\AppData\Local\Temp\promote-upx.exe
C:\Users\Bodo\AppData\Local\Temp\Quarantine.exe
C:\Users\Bodo\AppData\Local\Temp\Setup.X86.de-DE_O365HomePremRetail_407491aa-e652-4ef3-a324-1e94c3b72453_TX_DB_.exe
C:\Users\Bodo\AppData\Local\Temp\Setup.X86.de-DE_O365HomePremRetail_9d4c90ba-fc43-46c7-b4ee-059048c2e70d_TX_DB_.exe
C:\Users\Bodo\AppData\Local\Temp\Softonic_chr_1-8-29-3_cn.exe
C:\Users\Bodo\AppData\Local\Temp\Softonic_chr_1-8-29-3_cn[1].exe
C:\Users\Bodo\AppData\Local\Temp\vlc-2.1.4-win64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-16 02:43

==================== End Of Log ============================
         
--- --- ---

Alt 24.04.2014, 20:14   #13
M-K-D-B
/// TB-Ausbilder
 
Windows 8, Windows PC-Repair Virus und wohl noch andere - Standard

Windows 8, Windows PC-Repair Virus und wohl noch andere



Servus,



und weiter gehts:




Schritt 1

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 2
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen können.
  • Starte die zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und sollte nicht 1:1 auf andere Computer übernommen werden.
  • Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
    Code:
    ATTFilter
    FFdefaults;
    CHRdefaults;
    iedefaults;
    emptyclsid;
    autoclean;
             
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich eine Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von JRT,
  • die Logdatei von Zoek.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 25.04.2014, 05:38   #14
bjc51
 
Windows 8, Windows PC-Repair Virus und wohl noch andere - Standard

Windows 8, Windows PC-Repair Virus und wohl noch andere



Hier schon mal die erzeugte JRT von gestern Abend (Schritt 2 später)

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Bodo on 24.04.2014 at 21:22:03,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4152838901-865744110-646186296-1001\Software\wajam
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A20986C9-388E-4B9A-A0FF-095073009E92}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"



~~~ FireFox

Emptied folder: C:\Users\Bodo\AppData\Roaming\mozilla\firefox\profiles\6l09uqgq.default\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.04.2014 at 21:36:40,42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Am Ende die zoeg-log.

Zuvor noch folgende Info:

Während zoeg lief - AVIRA war deaktiviert - kamen Meldungen von ANTI-MALWARE, daß potenzielle Bedrohungen gefunden wurden, die in Quarantäne sollten. Habe versucht Dir das über den Browser GoogleChrome zu posten, aber nach kurzer Zeit wurde der Browser geschlossen. Dies passeirte 2 Mal und dann war zoeg aber auch schon fertig und ein Neustart erfolgte. Jetzt läßt sich GoogleChrome nicht mehr starten, deswegen bin ich jetzt über Firefox drin.

Erneut kommt jetzt eine Meldung von AntiMalware, daß ich die Suchlauf- und Schutzprotokolle überprüfen soll.

Vermutlich habe ich neben Avira noch ein anderes Virenschutzprogramm unwissentlich aktiv, möglicherweise auch noch das von Windows 8

Code:
ATTFilter
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Bodo on 25.04.2014 at  5:37:55,60.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Bodo\Downloads\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

25.04.2014 05:39:53 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4152838901-865744110-646186296-1001\Software\Microsoft\Internet Explorer\SearchScopes\{DFABB43D-A5B9-44E2-B139-C536C248B3B7} deleted successfully
HKEY_USERS\S-1-5-21-4152838901-865744110-646186296-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{DFABB43D-A5B9-44E2-B139-C536C248B3B7} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-4152838901-865744110-646186296-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} deleted successfully
HKEY_USERS\S-1-5-21-4152838901-865744110-646186296-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Approved Extensions\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} deleted successfully
HKEY_USERS\S-1-5-21-4152838901-865744110-646186296-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{F63AAEDC-3602-49EF-AA45-262380A98980} deleted successfully
HKEY_USERS\S-1-5-21-4152838901-865744110-646186296-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Approved Extensions\{F63AAEDC-3602-49EF-AA45-262380A98980} deleted successfully
HKEY_USERS\S-1-5-21-4152838901-865744110-646186296-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{11111111-1111-1111-1111-110311121157} deleted successfully
HKEY_USERS\S-1-5-21-4152838901-865744110-646186296-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Approved Extensions\{11111111-1111-1111-1111-110311121157} deleted successfully
HKEY_USERS\S-1-5-21-4152838901-865744110-646186296-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully
HKEY_USERS\S-1-5-21-4152838901-865744110-646186296-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Approved Extensions\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully
HKEY_USERS\S-1-5-21-4152838901-865744110-646186296-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{E87806B5-E908-45FD-AF5E-957D83E58E68} deleted successfully
HKEY_USERS\S-1-5-21-4152838901-865744110-646186296-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Approved Extensions\{E87806B5-E908-45FD-AF5E-957D83E58E68} deleted successfully
HKEY_USERS\S-1-5-21-4152838901-865744110-646186296-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} deleted successfully
HKEY_USERS\S-1-5-21-4152838901-865744110-646186296-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Approved Extensions\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} deleted successfully
HKEY_USERS\S-1-5-21-4152838901-865744110-646186296-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully
HKEY_USERS\S-1-5-21-4152838901-865744110-646186296-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Approved Extensions\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully
HKEY_USERS\S-1-5-21-4152838901-865744110-646186296-1001\Software\Mozilla\Firefox\Extensions\{abdfcd24-f4a1-4248-b9c4-4ee53f915331} deleted successfully
HKEY_USERS\S-1-5-21-4152838901-865744110-646186296-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Mozilla\Firefox\Extensions\{abdfcd24-f4a1-4248-b9c4-4ee53f915331} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default\prefs.js:
user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");

Added to C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default\prefs.js:

Deleted from C:\Users\Bodo\AppData\Roaming\Thunderbird\Profiles\vhpsdl6n.default\prefs.js:

Added to C:\Users\Bodo\AppData\Roaming\Thunderbird\Profiles\vhpsdl6n.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default

user.js not found
---- FireFox user.js and prefs.js backups ---- 

prefs__0602_.backup

ProfilePath: C:\Users\Bodo\AppData\Roaming\Thunderbird\Profiles\vhpsdl6n.default

user.js not found
---- FireFox user.js and prefs.js backups ---- 

prefs__0602_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\GUMA44D.tmp deleted
C:\Users\Bodo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mobogenie.lnk deleted
C:\Users\Bodo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk deleted
C:\Users\Bodo\AppData\Roaming\337Games deleted
C:\PROGRA~3\ProductData deleted
C:\Users\Bodo\AppData\Local\cache deleted
C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx deleted
C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\searchswitch.crx deleted
C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\Users\Bodo\Desktop\Search.lnk deleted
C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default\extensions\savingsslider@mybrowserbar.com.xpi deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"fmconverter@gmail.com"="C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox" [14.01.2014 16:18]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default
- Quick Start - %ProfilePath%\extensions\quick_start@gmail.com
- Start Page - %ProfilePath%\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default
95812430959AE88CDD0301AB3A71913B	- C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll -	Shockwave Flash


==== Deleted Firefox Extensions ======================

C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\6l09uqgq.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dopemniaeocfenlpnoannaefnhfcjcgi - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\searchswitch.crx[]
ogfjmhfnldnajmfaofeiaepghjenbgjo - C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx[]

Extended Protection - Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo

==== Chrome Fix ======================

C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.softonic.com_0.localstorage deleted successfully
C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.softonic.com_0.localstorage-journal deleted successfully
C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_popcompanion.en.softonic.com_0.localstorage deleted successfully
C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_popcompanion.en.softonic.com_0.localstorage-journal deleted successfully
C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.softonic.com_0.localstorage deleted successfully
C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.softonic.com_0.localstorage-journal deleted successfully
C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_zattoo.softonic.de_0.localstorage deleted successfully
C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_zattoo.softonic.de_0.localstorage-journal deleted successfully
C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo deleted successfully
C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogfjmhfnldnajmfaofeiaepghjenbgjo_0.localstorage deleted successfully
C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogfjmhfnldnajmfaofeiaepghjenbgjo_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Search Bar"="hxxp://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="hxxp://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://www.google.com"
"SearchAssistant"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://www.google.com"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dopemniaeocfenlpnoannaefnhfcjcgi deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\ValueApps deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-1.3 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\54ed89b2-da2e-446b-bde7-8188f45dc639 deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Bodo\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Bodo\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Bodo\AppData\Local\Mozilla\Firefox\Profiles\6l09uqgq.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Bodo\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=37 folders=10 1314839 bytes)

==== Empty Temp Folders ======================

C:\Users\Administrator\AppData\Local\Temp emptied successfully
C:\Users\Bodo\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Bodo\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 25.04.2014 at  6:17:27,48 ======================
         

Alt 25.04.2014, 11:34   #15
M-K-D-B
/// TB-Ausbilder
 
Windows 8, Windows PC-Repair Virus und wohl noch andere - Standard

Windows 8, Windows PC-Repair Virus und wohl noch andere



Servus,


ok, eins nach dem anderen... jetzt kommt der Zwischenbericht:



Kontrollscan mit FRST
Führe wie zuvor beschrieben einen Scan mit FRST aus.
Setze dazu einen Haken bei Addition.txt rechts unten und klicke auf Scan.
Es werden zwei Logdateien erzeugt. Poste mir diese.




Gibt es noch Probleme mit "PC-Repair" oder anderer unerwünschter Software?
Wie läuft der Rechner momentan?
Wie sieht es mit den Browsern IE, FF und CHR aus?
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Antwort

Themen zu Windows 8, Windows PC-Repair Virus und wohl noch andere
0malware, pc-repair-virus, pup.optional.adlyrics, pup.optional.bandoo, pup.optional.bundleinstaller.a, pup.optional.bundlore, pup.optional.conduit, pup.optional.conduit.a, pup.optional.crossrider.a, pup.optional.domaiq, pup.optional.domalq, pup.optional.installbrain, pup.optional.mystarttb.a, pup.optional.nationzoom.a, pup.optional.nextlive.a, pup.optional.opencandy, pup.optional.optimizerpro.a, pup.optional.plushd.a, pup.optional.qone8, pup.optional.searchprotect.a, pup.optional.skytech.a, pup.optional.spigot.a, pup.optional.valueapps.a, pup.optional.wajam, pup.optional.wpmanager, trojaner "system repair



Ähnliche Themen: Windows 8, Windows PC-Repair Virus und wohl noch andere


  1. Repair-windows-now.com entfernen
    Anleitungen, FAQs & Links - 30.10.2015 (2)
  2. Windows Repair v.3.6.0 Ordner
    Alles rund um Windows - 13.10.2015 (1)
  3. Windows 7 Startup Repair Endlosschleife
    Alles rund um Windows - 13.12.2014 (5)
  4. V9 redirect Virus und noch andere
    Log-Analyse und Auswertung - 16.07.2013 (2)
  5. Windows 7 Startup Repair Virus
    Plagegeister aller Art und deren Bekämpfung - 02.04.2013 (2)
  6. System repair Virus Windows 7 Starter
    Plagegeister aller Art und deren Bekämpfung - 28.02.2013 (23)
  7. Windows System Repair Virus
    Log-Analyse und Auswertung - 26.02.2013 (17)
  8. Anleitung: Windows Repair (AIO)
    Anleitungen, FAQs & Links - 28.10.2012 (1)
  9. Hallo. Ich habe wohl einen Virus/ Trojaner auf meinem Windows Laptop. Es erscheint direkt nach dem
    Log-Analyse und Auswertung - 05.06.2012 (1)
  10. Windows XP Repair Malware
    Plagegeister aller Art und deren Bekämpfung - 10.07.2011 (13)
  11. Windows XP Repair
    Plagegeister aller Art und deren Bekämpfung - 23.06.2011 (2)
  12. "Windows XP Repair" Virus und Datensicherung
    Plagegeister aller Art und deren Bekämpfung - 20.06.2011 (12)
  13. Windows XP Repair entfernen
    Anleitungen, FAQs & Links - 17.06.2011 (2)
  14. Windows 7 Repair entfernen
    Anleitungen, FAQs & Links - 17.06.2011 (2)
  15. Windows Repair entfernen
    Anleitungen, FAQs & Links - 01.04.2011 (2)

Zum Thema Windows 8, Windows PC-Repair Virus und wohl noch andere - Hallo, bitte dringend um Eure Hilfe. An meinem 5 Monate altem Medion Notebook gehen schön länger ständig irgendwelche Fenster und Popups auf und besonders häufig die Seite Windows PC-Repartur, wo - Windows 8, Windows PC-Repair Virus und wohl noch andere...
Archiv
Du betrachtest: Windows 8, Windows PC-Repair Virus und wohl noch andere auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.